[kcdc 2022] network fundamentals for developers

Speaker: Sean Whitesell @codewithseanw

For more, see the table of contents

Home networking

  • Lots of devices at home
  • Some devices require connectivity to phone home or won’t operate
  • Home devices connect to router
  • LAN – router <–> home devices
  • WAN – router <–> internet
  • Local devices not having IP exposed to world
  • Packets – pieces of data – think of as train cars. Don’t put everyone in same car

DNS (Domain Name Service)

  • Converts friendly name to address. Like calling a contact – you don’t know the phone number
  • On Windows:
    • ipconfig /displaydns
    • ipconfig /flushdns
  • A record – name to IP
  • CNAME – alias – subdomain www.google.com points to google.com. Can route to elsewhere
  • MX – mail exchange
  • nslookup set type=NS (or MX or CNAME or AAAA for IPv6)
  • nslookup url.com – can return multiple addresses so resiliency if goes down

Routing

  • If mail a letter, look at zip code then street than address.
  • Like a perimeter. Routing brings inside house
  • IP v4 – 32 bits
  • Subnet mask 255.255.255.0
  • Class A – 0.0.0.0 – 127.255.255.255 – 128 networks, 16 million addresses
  • Class B – 128.0.0.0 – 191.255.255.255 – 65K addresses
  • Class C – 192.0.0.0 – 255.255.255.255 – 254 addresses
  • RFC 1918 – non routable addresses
  • CIDR (classless inter-domain routing) notation lets you waste less addresses – ex: 10/8

Network sizing

  • If don’t pick enough have to move all devices
  • 10.0.0.0/24 – CIDR says use first 24 bits – 256 addresses
  • 10.0.0.0/23 – now use first 23 bits – 512 addressesCloud doesn’t let you do /30 because only 4 addresses and AWS/Azure use 5 addresses per subnet
  • Subnets – like multiple rooms in a house. To partition things off

Network Address Translation

  • 192.168.* means internal/non-routable address
  • http://whatismyipaddress.com – shows public address
  • Router keeps track of ports and which device to go to
  • 65536 available ports. 0-1023 are reserved. Similarly browser tabs have ports to keep track of conversation

Common ports

  • FTP – 20 and 21
  • SSH – 22
  • SMTP – 25
  • DNS – 53
  • Web and SSL/TLS, HTTP/HTTPs – 80 and 443
  • SQL server – 1443

OSI (open system interconnect) model

  • 7 – application – Azure App gateway, AWS ALB, Mginx
  • 6 – presentation – SSL
  • 5 – session
  • 4 – transport – TCP (ack everything; very chatty) vs UDP (send and forget without confirmation), Azure LB, AWS NLB
  • 3- network – IP
  • 2 – data
  • 1 – physical

North-South East-West Security Model

  • DMZ
  • App Server Layer
  • Database Layer

Route table

  • Control and enforce traffic
  • Determine which traffic goes to firewall.
  • Different rules for different subnets
  • Private subnet has no internet access
  • AWS has internet gateway – needed to get to internet

Cloud

  • Load balancer – can be layer 4 or 7
  • Network security groups – VM/EC2 level, stateful
  • AWS NACL (network access control list_ stateless. One rule does not allow both directions

My take

This was a good overview. Some I knew. Some I used to know. Some was new. The end felt rushed. Regardless, I’m glad I attended.