Networking Funda for devops

🌐 IP Address

An IP address (Internet Protocol address) is a unique numerical identifier assigned to each device on a network that uses the Internet Protocol.
It has used for identifying the host or network interface

📦 Types of IP Addresses

🔢 By IP Protocol Version

• IPv4 (📄 32-bit): 192.168.1.1

  • ~4.3 billion addresses, exhaustion-prone, still widely used.

• IPv6 (🧮 128-bit): 2001:db8:abcd::1

  • ~3.4×10³⁸ addresses, designed to replace IPv4.

🔐 By Accessibility

• Public IP 🌍: Routable on the Internet, assigned by ISPs or cloud providers (e.g., AWS Elastic IP)

• Private IP 🏠: Used inside internal networks (LANs)

  • Reserved ranges:

    • 10.0.0.0/8

    • 172.16.0.0/12

    • 192.168.0.0/16

⚙️ By Assignment

• Static IP 📌: Manually configured, persistent (e.g., production servers, DNS records)

• Dynamic IP 🔁: Assigned by DHCP, changes over time (clients, cloud VMs)

🧮 IPv4 Address Format

• Written in dotted decimal notation: A.B.C.D

• Each segment (A, B, C, D) is 8 bits (1 byte) → Total: 4 bytes = 32 bits

• Example: 192.168.10.25

  • Binary: 11000000.10101000.00001010.00011001

---

🔐 Subnets

Subnetting is the process of dividing a larger IP network into multiple smaller subnetworks (subnets). Each subnet is treated as an isolated logical segment within the larger infrastructure.

Besides efficient IP allocation , a critical benefit of subnetting is enhanced security.

🛡️ Why Subnetting Improves Security

By splitting a network into subnets:

• Devices in one subnet cannot directly access devices in another subnet unless explicitly allowed through firewalls, routing rules, or gateways.

• It limits the blast radius of attacks — a compromise in one subnet doesn’t expose the entire network.

• It allows DevOps and NetSec teams to apply granular access control policies between environments or layers.

🛠️ Practical DevOps Example: Secure Subnet Design in AWS

Let’s say you're building a cloud architecture with the following components:

• 🟩 Web servers (public-facing)

• 🟨 App servers (internal processing logic)

• 🟥 Database servers (critical, highly secured)

Instead of deploying all resources in one subnet, you create separate subnets:

Security enforcement using subnet isolation:

• 🔐 Web servers in the public subnet only have access to the app subnet on port 8080 (custom app port).

• 🔒 App servers can access the DB subnet on port 5432 (PostgreSQL), but web servers cannot.

• 🚫 The DB subnet has no internet access and is restricted to app servers only.

This subnetting model:

• Prevents direct attacks on the database from the internet

• Ensures each layer of the stack is logically separated

• Enables network ACLs and security groups to enforce least privilege

---

📐 CIDR (Classless Inter-Domain Routing)

CIDR (Classless Inter-Domain Routing) is a method of allocating IP addresses and routing IP packets more efficiently than the old class-based system (Class A, B, C). Introduced in 1993 via RFC 1519, CIDR allows flexible subnetting and address aggregation.

🧮 Syntax:

<IP address>/<prefix length>

Example: 192.168.1.0/24

• IP address: network identifier

• Prefix length: number of bits that represent the network portion of the address

🛠️ Practical Use Cases in DevOps

📦 1. Cloud Network Design (e.g., AWS, Azure, GCP)

• You create a VPC with CIDR 10.0.0.0/16 (Allows 65,536 IPs)

• You divide it into subnets:

  • 10.0.0.0/24 — public subnet (web)

  • 10.0.1.0/24 — private subnet (app)

  • 10.0.2.0/24 — isolated subnet (db)

⚙️ 2. Firewall and Routing Rules

• You restrict inbound traffic to a specific subnet: 192.168.1.0/24

• You allow SSH access only from your office IP: 203.0.113.55/32

CIDR lets you define precise IP ranges in:

• 🔐 Security groups

• 🌐 NACLs

• 🔄 Route tables

• 🚪 Load balancer listener rules

🐳 3. Docker Custom Bridge Networks

• Docker default bridge is /16, but you can create:

    docker network create \
      --subnet=172.18.0.0/16 \
      custom-net
  

• You can then manually assign static container IPs in that range.

🧪 4. Subnet Scanning and Troubleshooting

• Tools like nmap, masscan, tcpdump often take CIDR:

    map -sP 10.0.1.0/24
    tcpdump net 192.168.0.0/16
  

🧰 5. Kubernetes Cluster Networking

• Pod networks often use CIDR blocks:

  • e.g., 10.244.0.0/16 for Flannel

  • CNI plugins require non-overlapping CIDRs for pods and services

🧪 CIDR Conversion Example (IP + Required no of Hosts → CIDR)

🎯 Problem Statement

You are deploying a microservice cluster and need:

• Minimum 50 usable IP addresses

• Your base network IP is: 192.168.100.0

You need to determine: What CIDR block to use?

✅ Step-by-Step Solution

🧮 Step 1: Calculate Total Required IPs

You need 50 usable IPs
But 2 IPs are reserved in every subnet:

• Network Address

• Broadcast Address

📌 Formula: Required = Hosts + 2 = 50 + 2 = 52

🧠 Step 2: Find the Smallest Power of 2 ≥ 52 => 2^6 = 64 ✅

So you need 64 total IPs in this subnet.

📐 Step 3: Calculate CIDR Prefix

IPv4 has 32 bits total.

If 2⁶ = 64 addresses, then 6 bits are for hosts →
🧠 Network bits = 32 - 6 = 26

✅ Final CIDR Block: 192.168.100.0/26

---

🔌 Ports

A port is a 16-bit number used to identify specific processes/services on a device in a network.

While an IP address identifies a host, a port number identifies an application or service running on that host.

• Total possible ports: 0 – 65535

• Ports operate over TCP and UDP transport protocols

📊 Port Ranges

🛠️ Relevance

• 🔒 Configure firewalls, Security Groups, or NACLs to allow/deny traffic on specific ports

• 🐳 Expose and map container ports using Docker:

    docker run -p 8080:80 nginx
  

• ⚙️ Load balancers and proxies listen on front-end ports and forward to back-end ports

---

🌐 What is the OSI Model?

The OSI (Open Systems Interconnection) Model breaks down network communication into 7 abstract layers, each with specific responsibilities, enabling interoperability, modularity, and troubleshooting.

🧭 The 7 Layers of OSI — Top to Bottom

---

📦 Layer-by-Layer Breakdown with DevOps Relevance

---

🔹 Layer 1 — Physical Layer

• Deals with hardware-level transmission: voltages, cables, radio signals

• Converts binary data (0s and 1s) into electrical, optical, or radio signals

🔸 Layer 2 — Data Link Layer

• Provides node-to-node delivery within the same local network

• Uses MAC addresses for device identification

• Handles framing, error detection (CRC), and flow control

🔹 Layer 3 — Network Layer

• Provides end-to-end routing across networks

• Uses IP addressing, determines best path to destination

• Handles fragmentation and reassembly

🔸 Layer 4 — Transport Layer

• Manages reliable or unreliable delivery of data

• Handles segmentation, retransmission, flow control, and port addressing

• Two main protocols:

  • TCP (reliable, connection-oriented)

  • UDP (fast, connectionless)

🔹 Layer 5 — Session Layer

• Controls establishing, managing, and terminating sessions

• Supports authentication, reconnection, and checkpointing

🔸 Layer 6 — Presentation Layer

• Responsible for data format translation, encryption, compression

• Converts data into formats usable by the application layer

🔹 Layer 7 — Application Layer

• Closest to the end user

• Interfaces directly with software to send and receive data

• Includes high-level protocols and services

🧠 OSI vs TCP/IP (Quick Note)

While OSI has 7 layers, the TCP/IP model (used practically) has 4:

• Application (OSI 5-7)

• Transport (OSI 4)

• Internet (OSI 3)

• Link (OSI 1-2)

✅ Summary Table