#devops #network

Introduction

Networking is fundamental to everything. Once upon a time when I started my career in IT you would put all the software on a single server, and people would access it via dumb terminals with 24 or 25 rows of 80 characters that were physically connected to that server.

Today software is often deployed as separate components to many servers. Even if the software is a monolith that can run on a single server, you often need to deploy it to a number of different servers - physical or virtual - in order to meet the demands of hundreds or thousands of users who are all connecting to it over the network.

There are still physical wires involved.^[1] They connect devices on the local network to allow them to communicate with each other, and there will often be a device that handles connecting the local devices to a wider collection of devices whether that is a corporate network or the internet.

This page does not attempt to cover every fine detail involved in dealing with networks and networking. It will only cover the basics, and will gleefully skip over more complex topics such as IPv6 in the name of simplicity and providing a basic level of understanding.

Along the way I will introduce new terms and phrases with little fanfare, but they should make sense in the context that they are in. The text below will link out to other places where you can learn more about these terms and phrases if you are interested.

IPv4 vs IPv6

You may already be familiar with network addresses. Maybe you've had to connect to your ISP's router using an address like 192.168.1.1. This is an IPv4 address. It is currently the most ubiquitous and well known form of IP address, but it suffers a basic fundamental problem.

Each of the four numbers is known as an octet, and each octet has an upper value of 254.

And when you start to use those numbers on a global basis to connect billions of different devices to each other, you will run out. We have known that this problem was coming since the 1980s, and IPv6 was proposed as a solution in 1996.

An IPv6 address looks like 2001:db8::8a2e:370:7334. Note the double colon. There are eight sets of numbers in an IPv6 address, and the :: means "there are one or more sets of '00000000' values in here". In this example there would be three to take the total quantity of numbers up to 8.

There are several advantages to IPv6, the main one being that while there are approximately 4.3 billion addresses available to IPv4, IPv6 has around 3.4×10^38. I've written it like that as it is a very big number. It is probably more than we are currently likely to ever need. But if this page still exists in thirty years and I haven't updated it since 2022, and we since have discovered that we need to move to an even larger set of numbers, please feel free to mock my optimism.

So if we have solved the problem with the device limit, why haven't we moved to IPv6 already?

The problem has been that IPv4 and IPv6 are not directly interoperable, and it took a while to figure out how to get IPv4 networks talking to IPv6 networks in a standard way that worked with different vendors, protocols, and devices, in ways that did not impact performance. And in some ways hardware also needed to catch up to be able to perform that translation at the necessary speeds when dealing with billions of network packets per second.

But in the background we are already starting to. Global network providers have deployed the correct hardware and software to deal with it, and major global players such as Cisco, Microsoft, Google, Apple, and others have started the work on supporting IPv6 in their devices and software. We are also seeing support in consumer level devices. For example, my ISP router has had IPv6 support on my side of the network for some time, and on their side of the network for even longer.

But this is where we are going to stop talking about IPv6. You need to be aware of it, that it is out there, and that it is different to IPv4. But IPv4 is still by far the most commonly used networking standard^[2], and this is what we are going to focus on.

The OSI Model

The OSI Model was created in the 1970s to provide a standardised way of discussing networking. Click through to that Wikipedia link for the gory details. I'm going to focus on the basic things that you need to be aware of.

The model is comprised of 7 layers. The ones that we are usually interested in are layers 1, 2, 3, 4, and 7.
![[OSIModel.PNG]]

(Image originally sourced from Open Clipart.)

Layer 1 - Physical

The Physical layer is the actual wires that connect things together. In the Wi-Fi, 4G/5G, and Bluetooth world that we live in, this also includes the virtual wireless wires that those methods use.

Layer 2 - Data Link

"Data Link" refers to the physical connections on either end of the Physical connections. It is this layer that is concerned with truly unique identifiers like MAC addresses on network cards. Way down in the weeds data is actually sent between MAC addresses. Later on we're going to talk about how IP addresses are the things that bind devices together and pretend that MAC addresses don't exist, but you should be aware that they do, and that they operate down in the Data Link layer.

A MAC address is the physical address of a network device and is made up of 6 hexadecimal numbers. On the iPad that I am currently writing this on the WiFi device has a MAC address of 88:66:5A:11:22:33.^[3]

The first three numbers are unique to Apple. You can confirm this by looking them up via a service such as maclookup.app. The last three numbers I made up for the purposes of this example, but on my iPad the actual numbers are unique to this device across the entirety of all the devices that Apple has ever sold. No other Apple device will have the same address and this is why, ultimately, the data link layer uses MAC addresses to send data between devices.

Now that you know that Layer 2 is there you can mostly forget about it. But if you're interacting with Network People and they start talking about Layer 2, this is where their head is at.

Layer 3 - Network

This is the IP part of TCP/IP. We'll get into this below.

Layer 4 - Transport

This is the part of the model that is concerned with the reliable transmission of packets on a network. You are less likely to interact with this on a day to day basis, but this is the layer that deals with things like requesting that lost data packets are re-sent, and with VPN protocols.

This is the TCP part of TCP/IP, and, again, we'll go into some more detail on that below.

Layer 7 - Application

As the name implies, Layer 7 is where your software lives. It includes network protocols such as DNS, BGP, DHCP, HTTPS, SSH, TLS and all the rest that are used by your software to discover things about and to communicate across the network. Sometimes dealing with the actual protocol is handed off to something else. For example, a web server that deals with HTTP, HTTPS, and TLS so that your software written in PHP, Python, or whatever, does not have to.

TCP/IP

TCP/IP is two things. The first is TCP - the Transmission Control Protocol. The other is IP - the Internet Protocol. They complement each other, and together they handle the nitty-gritty low level details of getting network packets from one place to another.

Don't worry - we re very close to being able to get back to talking about IP addresses.

TCP - the Transmission Control Protocol

IP - the Internet Protocol

IPv4 Address Classes

Classless inter-domain routing, aka CIDR, IP ranges

Common network devices

Routers

Switches

Network routing

Why do we need to route?

BGP

Network address translation

Port address translation

Network firewalls, and other security controls

Network firewalls

Web Application Firewalls

Hardware-level security features