Fundamentals of Networking

Bikash NishankBikash Nishank
26 min read

Table of contents

1. Introduction to Networking

1.1. What is Networking?

Definition and Purpose

Networking involves connecting multiple devices (computers, printers, servers, etc.) to enable communication and resource sharing. The purpose is to facilitate data exchange, access shared resources, and support collaborative work environments.

Practice Example:

  • Scenario: In an office setting, you set up a network to connect all employees' computers to a shared printer and file server.

  • Steps:

    1. Connect each computer to a network switch using Ethernet cables.

    2. Connect the network switch to the router.

    3. Connect the printer and file server to the same network switch.

    4. Ensure that all devices are assigned IP addresses and can communicate with each other.

Importance in Modern Computing

Networking is crucial for:

  • Internet Access: Allows devices to connect to the internet and access online resources.

  • Data Sharing: Enables file sharing between devices.

  • Application Access: Provides access to networked applications and services.

  • Collaboration: Facilitates communication and collaboration tools like email and video conferencing.

Practice Example:

  • Scenario: Set up a small local network for a team project where team members need to share files and collaborate on a common document.

  • Steps:

    1. Create a shared folder on one computer.

    2. Share this folder over the network.

    3. Ensure that other team members can access and modify the shared folder.

1.2. Types of Networks

Local Area Network (LAN)

  • Definition: A network covering a small geographic area, such as a home, office, or building.

  • Use Case: Connecting devices within a single office to share files and printers.

Practice Example:

  • Scenario: Setting up a LAN for a small office.

  • Steps:

    1. Install a network switch or router.

    2. Connect all computers and printers to the switch/router.

    3. Configure network settings on each device to ensure they are on the same network.

Wide Area Network (WAN)

  • Definition: A network that spans a large geographic area, connecting multiple LANs.

  • Use Case: Connecting branch offices of a company across different cities or countries.

Practice Example:

  • Scenario: Connecting two branch offices of a company via a WAN.

  • Steps:

    1. Establish an internet connection at each branch office.

    2. Use a VPN (Virtual Private Network) to securely connect the two offices over the internet.

    3. Ensure that resources can be accessed across both locations.

Metropolitan Area Network (MAN)

  • Definition: A network that covers a city or large campus.

  • Use Case: Connecting various buildings of a university within a city.

Practice Example:

  • Scenario: Setting up a MAN for a university campus.

  • Steps:

    1. Install networking equipment in multiple buildings.

    2. Connect these buildings using high-speed fiber optic cables.

    3. Configure routers to manage network traffic between buildings.

Personal Area Network (PAN)

  • Definition: A network used for connecting personal devices within a short range, such as a few meters.

  • Use Case: Connecting a smartphone to a laptop via Bluetooth.

Practice Example:

  • Scenario: Creating a PAN to connect your smartphone and laptop via Bluetooth.

  • Steps:

    1. Enable Bluetooth on both devices.

    2. Pair the devices by searching for each other and confirming the connection.

    3. Share files between the devices using Bluetooth.

2. IP Addressing

2.1. Overview of IP Addressing

Definition and Purpose of IP Addresses

An IP address is a unique identifier assigned to each device on a network, allowing devices to locate and communicate with each other.

Practice Example:

  • Scenario: Assigning IP addresses to devices on a small network.

  • Steps:

    1. Choose a range of IP addresses for your network (e.g., 192.168.1.0/24).

    2. Assign unique IP addresses to each device within this range.

    3. Ensure that no two devices have the same IP address.

IPv4 vs. IPv6

  • IPv4: Uses 32-bit addresses, written in dotted decimal format (e.g., 192.168.1.1). Limited to about 4.3 billion addresses.

  • IPv6: Uses 128-bit addresses, written in hexadecimal format (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334). Provides a vastly larger address space.

Practice Example:

  • Scenario: Transitioning from IPv4 to IPv6.

  • Steps:

    1. Configure IPv6 on your router.

    2. Update network devices to support IPv6.

    3. Test connectivity using IPv6 addresses.

2.2. IPv4 Addressing

2.2.1. Structure of IPv4 Addresses

  • Address Format: An IPv4 address consists of four octets separated by periods (e.g., 192.168.1.1).

  • Private vs. Public IP Addresses:

    • Private IP Addresses: Used within a local network (e.g., 192.168.x.x, 10.x.x.x).

    • Public IP Addresses: Assigned by ISPs for internet-facing devices.

Practice Example:

  • Scenario: Identifying private and public IP addresses in your network.

  • Steps:

    1. Check the IP address of your router (public).

    2. Check IP addresses of devices connected to your router (private).

2.2.2. Subnetting

  • Subnet Masks and CIDR Notation:

    • Subnet Mask: Defines the network and host portions of an IP address (e.g., 255.255.255.0).

    • CIDR Notation: Specifies IP address ranges (e.g., 192.168.1.0/24).

Practice Example:

  • Scenario: Subnetting a network.

  • Steps:

    1. Determine the number of required subnets and hosts.

    2. Calculate the subnet mask and CIDR notation.

    3. Divide the IP address range into subnets.

  • Calculating Subnets and Hosts:

    • Example: For a /24 network (255.255.255.0), there are 256 addresses (254 usable for hosts).

Practice Example:

  • Scenario: Calculating the number of hosts in a /26 subnet.

  • Steps:

    1. Determine the subnet mask (255.255.255.192).

    2. Calculate the number of hosts (2^(32-26) - 2 = 62 usable hosts).

2.2.3. IP Address Classes

  • Class A: 1.0.0.0 to 126.0.0.0 (supports 16 million hosts).

  • Class B: 128.0.0.0 to 191.255.0.0 (supports 65,000 hosts).

  • Class C: 192.0.0.0 to 223.255.255.0 (supports 254 hosts).

  • Class D: Used for multicast (224.0.0.0 to 239.255.255.255).

  • Class E: Reserved for future use (240.0.0.0 to 255.255.255.255).

Practice Example:

  • Scenario: Identifying the class of given IP addresses.

  • Steps:

    1. Check the first octet of the IP address.

    2. Determine the class based on the range.

2.3. IPv6 Addressing

2.3.1. Structure of IPv6 Addresses

  • Address Format: An IPv6 address consists of eight groups of four hexadecimal digits (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334).

  • IPv6 Address Types:

    • Unicast: Identifies a single device.

    • Multicast: Identifies multiple devices.

    • Anycast: Identifies the nearest device from a group.

Practice Example:

  • Scenario: Configuring an IPv6 address.

  • Steps:

    1. Assign an IPv6 address to a device (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334).

    2. Test connectivity using ping6 command.

2.3.2. IPv6 Address Configuration

  • Stateless Address Auto-configuration (SLAAC): Devices configure their own IPv6 address based on network prefix information.

  • DHCPv6: A protocol for dynamically assigning IPv6 addresses.

Practice Example:

  • Scenario: Configuring SLAAC and DHCPv6 on a network.

  • Steps:

    1. Enable SLAAC on the router.

    2. Set up a DHCPv6 server to assign additional configuration parameters.

2.4. IP Address Configuration

2.4.1. Static IP Addresses

  • Configuration and Use Cases:

    • Static IP Addresses: Manually assigned and do not change. Used for devices requiring consistent IP (e.g., servers, printers).

Practice Example:

  • Scenario: Configuring a static IP address on a computer.

  • Steps:

    1. Open network settings on the computer.

    2. Enter the desired IP address, subnet mask, and gateway.

    3. Save and verify the configuration.

2.4.2. Dynamic IP Addresses

  • Overview of DHCP (Dynamic Host Configuration Protocol):

    • DHCP: Automatically assigns IP addresses from a pool to devices on a network.

Practice Example:

  • Scenario: Setting up a DHCP server.

  • Steps:

    1. Install and configure the DHCP server software.

    2. Define a range of IP addresses for assignment.

    3. Verify that devices receive IP addresses from the DHCP server.

  • DHCP Lease and Renewal:

    • Lease: The duration for which an IP address is assigned.

    • Renewal: The process of extending the lease period.

Practice Example:

  • Scenario: Renewing a DHCP lease on a device.

  • Steps:

    1. Use the ipconfig /renew command on Windows or dhclient -r followed by dhclient on Linux.

    2. Verify the new lease duration.

3. Domain Name System (DNS)

3.1. Introduction to DNS

  • What is DNS? DNS stands for Domain Name System. It works like the phonebook of the internet. Just like you look up someone's name to find their phone number, DNS allows you to type in a website name (like "www.example.com") and get the server's IP address (like "192.168.1.1"). Without DNS, you’d need to remember long strings of numbers to visit any website.

  • Why is DNS important? DNS is essential because humans are good at remembering names (like "www.google.com") but not so great at remembering long strings of numbers (IP addresses). DNS makes using the internet user-friendly by translating names into addresses.

  • How DNS Resolves a Domain Name to an IP Address:

    1. You enter a web address (like www.example.com) into your browser.

    2. Your computer contacts a DNS resolver, which looks for the matching IP address.

    3. If the resolver doesn’t have it stored, it asks other DNS servers.

    4. The authoritative DNS server for the website responds with the correct IP address.

    5. Your computer connects to the server using the IP address, and the website loads.

3.2. DNS Components

3.2.1. DNS Records

DNS records store different types of information about a domain. Let’s go over the most common types:

  • A Record: Maps a domain name to an IPv4 address. IPv4 is the older internet protocol. For example:

    • example.com A 192.168.1.1 means "example.com" is at IP address 192.168.1.1.

  • AAAA Record: Maps a domain to an IPv6 address. IPv6 is the newer protocol that allows more addresses than IPv4. For example:

    • example.com AAAA 2001:0db8:85a3::8a2e:0370:7334 is an IPv6 address for the domain.

  • CNAME Record: A CNAME, or Canonical Name, lets you map one domain to another. For example:

    • www.example.com CNAME example.com means "www.example.com" is an alias for "example.com."

  • MX Record: Used to direct emails to the correct server. It defines which mail servers are responsible for receiving emails. For example:

    • example.com MX 10 mail.example.com says that email for "example.com" should go to "mail.example.com."

  • TXT Record: Stores textual data. Often used for verification purposes (like verifying ownership of a domain) or for email security settings. For example:

    • example.com TXT "v=spf1 include:_spf.google.com ~all" might be used to set email verification rules.
3.2.2. DNS Zones

  • Primary Zone: This is the main zone file where the domain's DNS records are stored and managed. It’s where you make changes to DNS settings.

  • Secondary Zone: This is a read-only copy of the primary zone used as a backup. If the primary DNS server goes down, the secondary zone can still answer queries.

3.3. DNS Configuration and Management

  • Setting Up DNS for a Domain:

    1. Register a domain name (through services like GoDaddy, Namecheap).

    2. Choose DNS servers to manage your domain. Many registrars offer DNS management, or you can use services like AWS Route 53.

    3. Create and manage DNS records (A, CNAME, MX, etc.) depending on what services you want to use (website, email, etc.).

  • Managing DNS Records: You can update DNS records through your domain registrar’s dashboard or use advanced tools like AWS Route 53 or Cloudflare for greater control.

  • Troubleshooting DNS: Common DNS problems include misconfigured records, domain name not resolving, or slow propagation. You can use tools like:

    • nslookup (on Windows) or dig (on Linux) to troubleshoot and see DNS records.

    • Check for DNS cache issues. Sometimes, DNS changes take time to update across the internet.

4. HTTP/HTTPS

4.1. Introduction to HTTP/HTTPS

  • What is HTTP? HTTP stands for Hypertext Transfer Protocol. It’s the foundation of the internet, allowing communication between web browsers and web servers. When you visit a website, your browser sends a request to the server using HTTP, and the server responds with the requested web page.

  • What is HTTPS? HTTPS is the secure version of HTTP. It stands for Hypertext Transfer Protocol Secure. HTTPS uses encryption (SSL/TLS) to protect the data exchanged between your browser and the web server, ensuring no one can eavesdrop on your data (like passwords or credit card information).

  • Key Difference:

    • HTTP: Data is sent in plain text, and anyone intercepting it can read it.

    • HTTPS: Data is encrypted, so even if someone intercepts it, they can’t read it.

4.2. HTTP Protocol

4.2.1. HTTP Methods

HTTP methods tell the server what action to perform with a resource.

  • GET: Retrieves data from the server.
    Example: When you visit a webpage, your browser sends a GET request for the page.

  • POST: Sends data to the server to create a new resource.
    Example: When you submit a form (like a login form), your browser sends a POST request.

  • PUT: Updates an existing resource on the server.
    Example: Used when you edit a profile on a website.

  • DELETE: Removes a resource from the server.
    Example: Used when you delete a file or account.

4.2.2. HTTP Status Codes

HTTP status codes are messages from the server about how your request was handled.

  • 1xx Informational: The request was received, and the process is continuing.
    Example: 100 Continue

  • 2xx Success: The request was successful.
    Example: 200 OK

  • 3xx Redirection: You need to take further action to complete the request.
    Example: 301 Moved Permanently (The requested page has been permanently moved to a new URL).

  • 4xx Client Error: The request had an error on the client’s side.
    Example: 404 Not Found (The requested page does not exist).

  • 5xx Server Error: The server failed to fulfill the request.
    Example: 500 Internal Server Error (Something went wrong on the server).

4.2.3. HTTP Headers

HTTP headers provide additional information about the request or the response.

  • Content-Type: Specifies the type of content being sent (like HTML, JSON).
    Example: Content-Type: application/json tells the server to expect JSON data.

  • User-Agent: Identifies the client (browser or software) making the request.
    Example: User-Agent: Mozilla/5.0 tells the server that the request is coming from a Firefox browser.

  • Accept: Tells the server what content types the client can handle.
    Example: Accept: text/html means the client wants HTML data in response.

4.3. HTTPS and SSL/TLS

4.3.1. Overview of HTTPS
  • How HTTPS Secures HTTP Traffic: HTTPS uses SSL/TLS encryption to secure the communication between the client and server. This encryption ensures that data, like passwords or personal information, is protected from hackers while in transit.
4.3.2. SSL/TLS Certificates

  • SSL (Secure Sockets Layer) and TLS (Transport Layer Security) certificates are essential for establishing secure connections over the internet. They ensure that data transferred between clients (like web browsers) and servers (like web hosting services) is encrypted and safe from interception by third parties.

    Let's explore SSL/TLS certificates in more detail, breaking down key concepts like public/private keys, certificate authorities (CAs), and the steps involved in certificate installation and management.

    What is an SSL/TLS Certificate?

    An SSL/TLS certificate is a digital certificate that authenticates a website's identity and encrypts the data sent between the server and the client. It assures users that the website they’re connecting to is legitimate and helps protect sensitive information, such as login credentials, credit card numbers, or personal data.

    SSL/TLS certificates are issued by Certificate Authorities (CAs), trusted third-party organisations that validate the identity of a website owner before issuing a certificate.

    Purpose of SSL/TLS Certificates:

    1. Encryption: SSL/TLS encrypts data sent over the internet, making it unreadable to unauthorised parties.

    2. Authentication: SSL/TLS certificates verify the identity of a website, providing users with confidence that they’re connecting to the correct server.

    3. Data Integrity: SSL/TLS ensures that data cannot be altered or corrupted during transmission.

Public and Private Keys

SSL/TLS relies on public key cryptography to encrypt and decrypt data.

  • Public Key: This key is part of the SSL/TLS certificate and is shared openly. It is used to encrypt data. Any client (such as a browser) connecting to the server can use the public key to encrypt the data it sends.

  • Private Key: The private key is stored securely on the server. It is used to decrypt the data encrypted by the public key. Only the server with the matching private key can decrypt the data, ensuring that it remains confidential.

This public-private key pair forms the foundation of SSL/TLS security.

Here’s a simplified example of how it works:

  1. A client (browser) requests to connect to a secure website using HTTPS.

  2. The server responds with its SSL/TLS certificate, which contains its public key.

  3. The client verifies the certificate (checking if it’s valid and issued by a trusted CA).

  4. The client uses the public key to encrypt some data, like a session key.

  5. The server uses its private key to decrypt the session key.

  6. After this, all data exchanged between the client and server is encrypted using symmetric encryption (which is faster), but the initial setup relies on the public/private key pair.

Certificate Authorities (CAs)

A Certificate Authority (CA) is a trusted organisation that issues SSL/TLS certificates. CAs play a crucial role in verifying the identity of the entity (organisation or individual) requesting a certificate.

  • How CAs Work:

    1. When you request an SSL/TLS certificate, the CA will verify that you own the domain and that your organisation is legitimate.

    2. Once verified, the CA issues a certificate signed with their private key. This signature ensures that the certificate is trusted.

    3. When a browser connects to your website, it checks that the SSL/TLS certificate is signed by a trusted CA. If it is, the browser trusts the connection.

Some well-known Certificate Authorities include:

  • Let’s Encrypt (free, automated certificates)

  • DigiCert

  • GlobalSign

  • Comodo

Types of SSL/TLS Certificates

SSL/TLS certificates come in different types depending on the level of validation and the number of domains they cover.

  1. Domain Validated (DV) Certificates: These offer basic encryption and are issued quickly after the CA verifies that you own the domain. They are suitable for personal websites or blogs.

  2. Organisation Validated (OV) Certificates: In addition to domain ownership, the CA verifies the organisation behind the website. These certificates are ideal for businesses, offering a higher level of trust.

  3. Extended Validation (EV) Certificates: The highest level of SSL/TLS certificate, with a thorough vetting process. When installed, the browser’s address bar will often display a green lock and show the company name, providing the highest level of trust to users. These are commonly used by banks and e-commerce sites.

  4. Wildcard SSL Certificates: These certificates secure a domain and all of its subdomains. For example, a wildcard certificate for *.example.com would secure example.com, shop.example.com, blog.example.com, etc.

  5. Multi-Domain (SAN) Certificates: These certificates allow you to secure multiple domain names with a single certificate. For example, you could secure example.com, example.org, and example.net with one certificate.

Certificate Installation and Management

How to Obtain and Install an SSL/TLS Certificate:

  1. Generate a CSR (Certificate Signing Request):

    • First, you generate a CSR on your server. The CSR contains your public key and some information about your website.

    • To generate a CSR on an Apache web server, for example:

        openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr

      This command will generate two files: the private key and the CSR.

  2. Submit the CSR to a CA:

    • After generating the CSR, you submit it to a CA (e.g., Let’s Encrypt, DigiCert) to request the SSL/TLS certificate.

    • The CA will verify your domain and possibly your organisation (depending on the type of certificate requested).

  3. Install the Certificate:

    • Once the CA issues your SSL/TLS certificate, you’ll receive the certificate file. You need to install it on your web server.

    • For example, to install a certificate on an Apache server, you typically configure the ssl.conf file like this:

        SSLCertificateFile /path/to/certificate.crt
  SSLCertificateKeyFile /path/to/private.key
  SSLCertificateChainFile /path/to/ca_bundle.crt

  4. Configure the Server for HTTPS:

    • You’ll need to enable HTTPS on your server. This often involves updating configuration files (like Apache’s httpd.conf or Nginx’s nginx.conf) to listen on port 443 (the default port for HTTPS).

    • For example, in Nginx:

        server {
      listen 443 ssl;
      server_name example.com;
      ssl_certificate /path/to/certificate.crt;
      ssl_certificate_key /path/to/private.key;
  }

  5. Test the Installation:

    • After installing the certificate, test your site to ensure HTTPS is working properly. You can use tools like SSL Labs’ SSL Test to check if your site is configured securely.
Managing SSL/TLS Certificates:

  1. Renewal: SSL/TLS certificates are valid for a limited time (usually between 90 days and 2 years). Make sure to renew your certificate before it expires, or your users will see security warnings when visiting your site.

  2. Monitoring Expiration: It’s good practice to monitor when your certificates expire. Many services and tools can help you track expiration dates, like Let’s Encrypt’s auto-renewal process or third-party certificate management software.

  3. Revocation: If your certificate’s private key is compromised (for example, if someone hacks your server and steals it), you should revoke the certificate immediately. The CA will issue a new certificate and add the old one to a revocation list so that browsers know not to trust it.

SSL/TLS Best Practices:

  1. Use Strong Encryption Algorithms: Ensure your server supports modern and strong encryption algorithms, like AES-256, and avoids outdated ones, such as RC4.

  2. Enable HTTP Strict Transport Security (HSTS): This header forces browsers to connect using HTTPS, even if the user tries to access the site via HTTP. For example, in Nginx:

     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

  3. Redirect HTTP to HTTPS: Make sure to redirect all HTTP traffic to HTTPS to ensure all connections are secure. In Apache:

     RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  4. Use Certificate Pinning: This adds an extra layer of security by hardcoding the trusted certificate's public key into the browser. If the browser sees a different certificate, it blocks the connection.

5. Basic Networking Concepts

Basic networking concepts provide the foundation for how devices communicate within a network. Let’s dive into three key areas: Subnets and VLANs, Firewalls, and Load Balancing. These are essential for managing data traffic, securing network resources, and ensuring efficient use of network infrastructure.

5.1. Subnets and VLANs

5.1.1. Subnetting

Subnetting is the process of dividing a large network (or IP range) into smaller, manageable segments called subnets. This is done to enhance network performance, improve security, and efficiently use IP address space.

Purpose of Subnetting:

  • Efficient IP Address Usage: Imagine a big company with thousands of devices. Without subnetting, every device would be part of a single network, and managing IP addresses could become a nightmare. Subnetting breaks this large network into smaller subnets. Each subnet can have its own unique range of IP addresses, which reduces wasted addresses.

  • Reduce Network Traffic: When you divide a network into smaller subnets, the amount of broadcast traffic decreases. Devices in one subnet won’t have to process broadcasts from other subnets, reducing unnecessary traffic.

  • Increased Security: Subnets help isolate sensitive sections of a network. For example, the subnet for financial servers can be separated from the subnet for employee workstations, making it harder for an attacker to move laterally within a network.

Subnet Design and Calculation:

  • IP Addressing: Every device in a network has an IP address that consists of a network portion and a host portion. For example, the IP address 192.168.1.5 in the subnet 192.168.1.0/24 means that the first 24 bits (192.168.1) identify the network, while the remaining bits (5) identify the specific device or host.

  • Subnet Mask: This is used to distinguish which part of an IP address is the network portion and which is the host portion. A /24 subnet (equivalent to 255.255.255.0) means that the first 24 bits are for the network, and the remaining bits are for individual devices.

  • Example of Subnet Calculation: If we take the IP address range 192.168.1.0/24, which has 256 IP addresses, and divide it into two subnets using a subnet mask of /25 (255.255.255.128):

    • First subnet: 192.168.1.0/25 (usable IP range: 192.168.1.1 to 192.168.1.126)

    • Second subnet: 192.168.1.128/25 (usable IP range: 192.168.1.129 to 192.168.1.254)

By doing this, each subnet now has 126 usable IP addresses, which can be assigned to hosts like computers or servers.

5.1.2. VLANs (Virtual LANs)

Virtual LANs (VLANs) are logical groupings of devices within a network. Unlike subnets, which are based on physical IP addressing, VLANs are created using switches to logically separate devices that might be physically connected to the same network hardware.

Definition and Benefits:

  • What is a VLAN? A VLAN allows you to group devices into isolated networks regardless of their physical location. This helps manage network resources better and improves security.

  • Benefits of VLANs:

    1. Traffic Isolation: By creating separate VLANs, traffic for different departments (e.g., HR, Sales, Engineering) can be kept isolated, even though they are physically connected to the same network.

    2. Security: Devices on different VLANs can’t communicate directly unless routing between VLANs is configured, which enhances security.

    3. Better Performance: By isolating broadcast domains (the area where broadcast messages are sent), VLANs reduce unnecessary traffic.

VLAN Tagging and Configuration:

  • VLAN Tagging is the process of marking network packets with a VLAN identifier so switches know how to route traffic. The 802.1Q standard is most commonly used for VLAN tagging. It adds a small header to Ethernet frames with the VLAN ID.

  • Configuration:

    • Access Ports: These are ports on a switch that are assigned to a single VLAN. Devices connected to an access port only belong to one VLAN.

    • Trunk Ports: These ports allow traffic from multiple VLANs to traverse a single physical link between switches. The trunk port uses tagging to identify which VLAN the traffic belongs to.

5.2. Firewalls

A firewall is a security system that controls incoming and outgoing network traffic based on predetermined rules. It’s the gatekeeper between an internal, trusted network (like your office network) and untrusted external networks (like the internet).

5.2.1. Overview of Firewalls

Purpose of Firewalls:

  • Protecting Networks: Firewalls act as the first line of defense, preventing unauthorised access to sensitive data and resources by filtering traffic.

  • Control Data Flow: Firewalls regulate which types of traffic are allowed into or out of a network. For example, you can configure a firewall to block all traffic except essential services like email or web browsing.

Types of Firewalls:

  1. Network Firewalls: These are hardware-based and protect entire networks. They sit at the boundary between a local network and the outside world (such as the internet). Commonly used in enterprises.

  2. Host-based Firewalls: These are software-based and protect individual devices like servers or personal computers. They control incoming and outgoing traffic for that specific device.

5.2.2. Firewall Rules and Policies

Allow vs. Deny Rules:

  • Allow Rules: These allow certain traffic to pass through the firewall. For example, you can set rules to allow HTTP (port 80) and HTTPS (port 443) traffic for web servers.

  • Deny Rules: These block specific types of traffic. For example, you may block incoming traffic from unknown IP addresses or block all traffic to certain ports like Telnet (port 23) for security reasons.

Stateful vs. Stateless Filtering:

  1. Stateful Firewalls: These firewalls track the state of active connections. For example, if a user requests a webpage, the firewall remembers the session and allows return traffic from the web server.

  2. Stateless Firewalls: These firewalls treat each packet individually, without considering whether it’s part of an existing session. Stateless firewalls are less intelligent and secure than stateful ones.

5.3. Load Balancing

A load balancer is a network device or software solution that distributes incoming network traffic across multiple servers. This ensures that no single server gets overloaded, which improves reliability and performance.

5.3.1. Introduction to Load Balancers

Definition:

A load balancer is responsible for dividing the incoming traffic (requests from users) between several backend servers so that each server handles an equal amount of work.

Purpose:

  • Prevent Server Overload: By distributing traffic, load balancers ensure that no single server is overwhelmed by requests, which helps in preventing downtime or slowdowns.

  • Improve Availability: If one server goes down, the load balancer can redirect traffic to other healthy servers, making sure the application stays available.

  • Optimise Resource Use: Load balancers help make the best use of available server resources, making sure no server is idle while others are overloaded.

5.3.2. Types of Load Balancing

  1. Round Robin: This is the simplest load balancing algorithm. Traffic is distributed sequentially across all servers, one by one. This is useful when all servers have equal capabilities.

  2. Least Connections: This method sends traffic to the server with the fewest active connections. It helps avoid overloading servers that are already busy.

  3. IP Hashing: This method routes traffic based on the client’s IP address. This ensures that traffic from the same client always goes to the same server, which is useful for applications that require session persistence.

5.3.3. Load Balancer Configuration

Health Checks and Monitoring:
  • Load balancers periodically perform health checks on backend servers by sending small requests or pinging them to ensure they’re working properly. If a server fails the health check, it’s temporarily removed from the pool of available servers until it’s healthy again.
Session Persistence (Sticky Sessions):
  • Session persistence ensures that a user’s requests are always sent to the same server. This is important for applications that store session data locally on the server (e.g., shopping carts in e-commerce sites). Load balancers achieve this by using techniques like IP hashing or by placing cookies in the user’s browser.

6.2. Setting Up and Managing DNS

DNS (Domain Name System) translates domain names (like example.com) into IP addresses. Here’s how you can set up and manage DNS for a domain.

Basic DNS Setup Example

To set up DNS for a domain (like example.com), you need to manage DNS records that map domain names to IP addresses.

Example of Managing DNS Records (DNS Provider's Dashboard):

  1. Login to DNS provider (e.g., GoDaddy, Cloudflare).

  2. Navigate to DNS Management:

    • Add an A Record: Points example.com to an IP address.
    Type: A
    Name: @
    Value: 192.168.1.50
    TTL: 3600
  • Add a CNAME Record: Alias for another domain name (e.g., www.example.com).
    Type: CNAME
    Name: www
    Value: example.com
    TTL: 3600
  1. Apply changes and wait for propagation, which may take a few minutes to 48 hours.
DNS Record Types Recap:

  • A Record: Maps domain to an IPv4 address.

  • AAAA Record: Maps domain to an IPv6 address.

  • CNAME Record: Points a domain to another domain (alias).

  • MX Record: Used for routing emails.

  • TXT Record: Can hold arbitrary text (used for verification and security).

6.3. Understanding and Implementing HTTP/HTTPS

Configuring web servers to serve content over HTTP or HTTPS is an essential skill in web development and IT operations.

Configuring HTTP and HTTPS on a Web Server

Example with Apache (Linux):

  1. Install Apache:

     sudo apt update
 sudo apt install apache2

  2. Enable HTTP Traffic (default on port 80):

    • Apache serves web pages via HTTP automatically after installation. To ensure this works, check the Apache configuration files and firewall settings.

  3. Enable HTTPS Traffic (default on port 443):

    • Install an SSL/TLS certificate for HTTPS.

    • Let’s Encrypt provides free SSL certificates:

        sudo apt install certbot python3-certbot-apache
  sudo certbot --apache -d example.com -d www.example.com

  4. Configure Virtual Hosts for HTTPS: Edit /etc/apache2/sites-available/example.com.conf:

     <VirtualHost *:80>
     ServerName example.com
     Redirect permanent / https://example.com/
 </VirtualHost>

 <VirtualHost *:443>
     ServerName example.com
     DocumentRoot /var/www/html
     SSLEngine on
     SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
     SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
 </VirtualHost>

  5. Restart Apache to apply changes:

     sudo systemctl restart apache2
Explanation:

  • Port 80 is used for HTTP, while port 443 is used for HTTPS.

  • Let’s Encrypt is used to generate a free SSL certificate, securing HTTP traffic with HTTPS.

6.4. Firewall and Load Balancer Configuration

Configuring firewalls and load balancers ensures network security and optimizes the distribution of incoming traffic to servers.

Basic Examples of Firewall Rules

Example of Firewall Rules using iptables (Linux):

  1. Allow incoming SSH traffic (port 22):

     sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

  2. Block all incoming HTTP traffic (port 80):

     sudo iptables -A INPUT -p tcp --dport 80 -j DROP

  3. Allow all traffic from a specific IP address:

     sudo iptables -A INPUT -s 192.168.1.100 -j ACCEPT

  4. Save and Apply Rules:

     sudo iptables-save > /etc/iptables/rules.v4
Explanation:

  • The firewall blocks or allows traffic based on ports (e.g., 22 for SSH) and source IPs.

  • The -A INPUT appends rules for incoming traffic, while -p tcp specifies the protocol.

Simple Load Balancer Setup

Load balancers distribute network traffic across multiple servers. One popular open-source software for this is HAProxy.

Example of Setting Up HAProxy Load Balancer:

  1. Install HAProxy:

     sudo apt update
 sudo apt install haproxy

  2. Configure HAProxy by editing the /etc/haproxy/haproxy.cfg file:

     frontend http-in
     bind *:80
     default_backend servers

 backend servers
     balance roundrobin
     server web1 192.168.1.101:80 check
     server web2 192.168.1.102:80 check

  3. Restart HAProxy:

     sudo systemctl restart haproxy
Explanation:

  • Frontend: Defines the entry point for incoming traffic on port 80.

  • Backend: Lists the servers where traffic will be distributed (in this case, web1 and web2).

  • Round Robin: Balances traffic equally between servers.

7. Conclusion

Summary of Key Networking Concepts

  • IP Addressing: The foundation of network communication, where devices are identified either statically or dynamically.

  • DNS: Translates domain names into IP addresses, enabling humans to use simple domain names instead of numeric IPs.

  • HTTP/HTTPS: HTTP is the basic protocol for web traffic, while HTTPS secures that traffic with SSL/TLS encryption.

  • Firewalls: Security devices that control network traffic based on predefined rules.

  • Load Balancers: Distribute traffic across multiple servers to ensure optimal performance and reliability.

Importance of Networking Knowledge in IT and Cloud Environments

Understanding networking is crucial in modern IT environments:

  • Security: Proper configuration of firewalls, DNS, and HTTPS ensures secure communication.

  • Performance: Load balancing and efficient IP management prevent bottlenecks and improve the scalability of applications.

  • Cloud: In cloud environments, managing networking (e.g., configuring VPCs, DNS routing, load balancers) is essential for efficient cloud deployments.

As businesses move toward cloud infrastructure, mastering these basic and practical networking concepts is vital for anyone in IT or DevOps roles.

0
Subscribe to my newsletter

Read articles from Bikash Nishank directly inside your inbox. Subscribe to the newsletter, and don't miss out.

NetworkTechnologynetworkingCloud Networking#computernetwork network management

Written by

Bikash Nishank
Bikash Nishank