[AWS] Basic Networking

It is important to understand basic network concepts to understand how cloud services work.

Network Performance

• Bandwidth is the rate of data transfer for a fixed period of time measured in bps (bit per second such as 1Gbps).
• Latency is the amount of time it takes to send data from one point to another measured in time duration (microseconds or milliseconds).

---

Network Models

OSI and TCP/IP models are conceptual models. So they do not match with real-world applications or protocols. Some protocols or applications span multiple layers.

OSI (Open Systems Interconnection) Model: 7 Layers

Physical -> Data Link -> Network -> Transport -> Session -> Presentation -> Application

• Layer 1 (Physical) agrees on how to transmit and receive data in a physical medium; the medium, the voltage, and RF details.
• Layer 2 (Data Link) adds MAC addresses, which can be used for named communication on the local network.
• Layer 3 (Network) allows the packets to pass through different networks – Routing.
• Layer 4 (Transport) adds TCP (reliability) or UDP (Speed)
  • TCP ensured data is transmitted in the correct order and adds error checking.
  • Ports allow different communication to the same host.
• Layer 5 (Session) adds the concept of sessions between client and server.
• Layer 6 (Presentation) adds the data conversion, encapsulation, and compression – TLS.
• Layer 7 (Application) is where protocols (HTTP, SSH, FTP) are added.

---

TCP vs. UDP vs. ICMP

TCP

• Transmission Control Protocol
• Layer 4
• Connection-based, stateful, ensure the successful delivery of data
• Reliable
• Web, Email, File Transfer

UDP

• User Datagram Protocol
• Layer 4
• Connectionless, stateless, no retransmission delays
• Faster, Simpler
• Media Streaming, DNS

ICMP

• Internet Control Message Protocol
• Layer 3
• Used by network devices to exchange info
  • reporting errors and performing network diagnostics
• traceroute, ping

---

IP Addresses – IPv4

A user uses user-friendly domain names to access the network resources. But the machines only understand IP address, which is a set of numbers.

• IPv4 has four segments (1 byte or 8 bit each: 0~255)
  • 4 bytes (32bit): 0.0.0.0 to 255.255.255.255
  • 0.0.0.0 or 0.0.0.0/0: represents all IP address
  • 255.255.255.255: broadcast to all IP addresses (it is generally filtered)
  • 127.0.0.1: localhost or loopback

• Classes – network part + node part
  • Class A (/8): 1.0.0.0 to 126.255.255.255: 126 networks and 16,777,214 nodes in each
  • Class B (/16): 128.0.0.0 to 191.255.255.255: 16,382 networks and 65,534 nodes in each
  • Class C (/24): 192.0.0.0 to 223.255.255.255: 2,097,150 networks and 254 nodes in each
  • There are 2 reserved networks in each class.
• Private Network Ranges
  • Class A: 10.0.0.0 to 10.255.255.255 (1 network)
  • Class B: 172.16.0.0 to 172.31.255.255 (16 networks)
  • Class C: 192.168.0.0 to 192.168.255.255 (256 networks)

CIDR (Classless Inter-Domain Routing) is used for more effective allocation and sub-networking.

• It is a simpler representation of IP address ranges than traditional classes and subnet masks.
• CIDR is represented as <network>/<prefix>. (e.g. 10.0.0.0/24)
• The prefix is the number of bits that the network uses.
• For example, “10.0.2.0/24” means the first 24 bits are the network part, and the next 8 bits can be used as hosts. In this example, 2^8 – 2 = 254 host addresses are available. (2 addresses are reserved for network and broadcast. Cloud providers usually reserve some more IP addresses.)
  • Class A: -.-.-.-/8
  • Class B: -.-.-.-/16
  • Class C: -.-.-.-/24

IP Addresses – IPv6 in AWS

• IPv6 is not enabled on EC2 instances by default.
• IPv6 is not supported by all AWS services.
• IPv6 is attached to the operating system. IPv4 is not.
• There is no IPv6 private address. All IPv6 addresses are public.

---

Switches and Routers

• Switches: OSI Layer 2 devices – direct communication between machines in a single network (single IP range)
• Routers: OSI Layer 3 devices – allows inter-network communications

IP Routing

• Local: Using MAC address (Layer 2)
  • Does not span across networks – No router.
  • Uses Address Resolution Protocol (ARP).
  • L3 packet is created and wrapped in L2 Frames. -> L2 frame is sent to the destination MAC.

• Known Remote: Uses a router (L3 packet)
  • L3 Packets are not changed.
  • When the destination is not local, the L2 frame (L3 packet in it) is sent to the default gateway (router) -> If the router knows the destination, strips the L2 frame and wrap the L3 packet with a new L2 frame and send it to the destination.

• Unknown Remote: Routing works the same whether the destination is known or unknown
  • Usually, unchanged packets (L3) being passed through multiple routers (internet); between routers, a new L2 connection is used.
  • The internet uses the Border Gateway Protocol (BGP) to advertise networks among routers.

NAT (Network Address Translation)

• IPv4 has a limited number of available IP addresses. The private IP addresses are used for internal networks to bypass the issue. But private IP addresses are not routable on the internet.
• When a machine inside an internal network needs to communicate with the public network, a NAT device translates the private IP address to the public IP address and vice versa.

---

Proxy Server

• A proxy server is a gateway between a private network and a public one.
• A user in a private network accesses the public network through a proxy server, which can support firewalls, filtering, and caching.