Speaker: Sean Whitesell @codewithseanw
For more, see the table of contents
Home networking
- Lots of devices at home
- Some devices require connectivity to phone home or won’t operate
- Home devices connect to router
- LAN – router <–> home devices
- WAN – router <–> internet
- Local devices not having IP exposed to world
- Packets – pieces of data – think of as train cars. Don’t put everyone in same car
DNS (Domain Name Service)
- Converts friendly name to address. Like calling a contact – you don’t know the phone number
- On Windows:
- ipconfig /displaydns
- ipconfig /flushdns
- A record – name to IP
- CNAME – alias – subdomain www.google.com points to google.com. Can route to elsewhere
- MX – mail exchange
- nslookup set type=NS (or MX or CNAME or AAAA for IPv6)
- nslookup url.com – can return multiple addresses so resiliency if goes down
Routing
- If mail a letter, look at zip code then street than address.
- Like a perimeter. Routing brings inside house
- IP v4 – 32 bits
- Subnet mask 255.255.255.0
- Class A – 0.0.0.0 – 127.255.255.255 – 128 networks, 16 million addresses
- Class B – 128.0.0.0 – 191.255.255.255 – 65K addresses
- Class C – 192.0.0.0 – 255.255.255.255 – 254 addresses
- RFC 1918 – non routable addresses
- CIDR (classless inter-domain routing) notation lets you waste less addresses – ex: 10/8
Network sizing
- If don’t pick enough have to move all devices
- 10.0.0.0/24 – CIDR says use first 24 bits – 256 addresses
- 10.0.0.0/23 – now use first 23 bits – 512 addressesCloud doesn’t let you do /30 because only 4 addresses and AWS/Azure use 5 addresses per subnet
- Subnets – like multiple rooms in a house. To partition things off
Network Address Translation
- 192.168.* means internal/non-routable address
- http://whatismyipaddress.com – shows public address
- Router keeps track of ports and which device to go to
- 65536 available ports. 0-1023 are reserved. Similarly browser tabs have ports to keep track of conversation
Common ports
- FTP – 20 and 21
- SSH – 22
- SMTP – 25
- DNS – 53
- Web and SSL/TLS, HTTP/HTTPs – 80 and 443
- SQL server – 1443
OSI (open system interconnect) model
- 7 – application – Azure App gateway, AWS ALB, Mginx
- 6 – presentation – SSL
- 5 – session
- 4 – transport – TCP (ack everything; very chatty) vs UDP (send and forget without confirmation), Azure LB, AWS NLB
- 3- network – IP
- 2 – data
- 1 – physical
North-South East-West Security Model
- DMZ
- App Server Layer
- Database Layer
Route table
- Control and enforce traffic
- Determine which traffic goes to firewall.
- Different rules for different subnets
- Private subnet has no internet access
- AWS has internet gateway – needed to get to internet
Cloud
- Load balancer – can be layer 4 or 7
- Network security groups – VM/EC2 level, stateful
- AWS NACL (network access control list_ stateless. One rule does not allow both directions
My take
This was a good overview. Some I knew. Some I used to know. Some was new. The end felt rushed. Regardless, I’m glad I attended.