Networking

The OSI networking model is a standard used by networking manufacturers globally. It was created and published in 1984 and splits all network communications up in to 7 layers. Each later uses the layers below and adds additional capabilities. Data between two devices moves down the stack at the A-side (and wrapped at each layers)... is transmitted...before moving up the stack at the B-side (and the wrapping stripped at each stage. This process is called encapsulation.

Web Browsing Example:

Layer 7- HTTP Application (Browser e.g. Chrome, Edge). L7 is where protocols such as HTTP , SSH, FTP are added. e.g. HTTP (L7) running over TLS (L6) is HTTPS.

Layer 6 - Presentation (Transport Layer Security) takes care of security. Adds data conversion, encryption, compression and standards which L7 can use.

Layer 5 - Session adds the concept of sessions, so that request and reply communication streams are viewed as a single 'session' of communication between client and server.

Layer 4 - Reliability - UDP - for Fast DNS retrieval. TCP uses segments to ensure data is received in the correct order (three way hand-shake), adds error checking (CRC check) and 'ports' allowing different streams of communications to the same host (e.g. tcp/22 (linux machine) and tcp/80/443)

Layer 3 - End to End Communication using Packets (IP-Internet Protocol, Network Address Translation (NAT)). L3 allows for unique device to device communication over interconnected networks.

Layer 2 - Local Communication (same network) using Frames. (Unique MAC Addresses - Address Resolution Protocol (ARP)). L2 also adds controls over the media, avoiding cross-talk and allows for backoff and retransmission.

Layer 1 - Physical Layer (Actual bits are transmitted and received using wireless (RF), copper (Electrical) or fiber (Optical) shared mediums.

IP Addresses

IPv4 addresses are how two devices can communicate at layer 4 and above of the OSI 7-layer model. IP Addresses (IPs) are actually 32-bit binary values. But are represented in dotted-decimal notation to make them easier for humans to read and understand.

Within the IPv4 address space (0.0.0.0 to 255.255.255.255) there are certain addresses which are reserved or special in some way.

  • 0.0.0.0 & 0.0.0.0/0 - Represents all IP addresses

  • 255.255.255.255 - IP Address used to broadcast to all IP addresses everywhere (this is generally filtered and not passed between networks)

  • 127.0.0.1 - Localhost or Loopback address. What ever the IP address of the device we are using, it can be referenced by itself as 127.0.0.1. So a webserver on our laptop will always be ip:80 or 127.0.0.1:80

  • 169.254.0.1 to 169.254.255.254 - A range of IP addresses which a device can auto configure with if its using DHCP and fails to automatically get an IP from a DHCP server.

Historically, IP addresses were split into classes: (including)

  • Class A (/8) 1.0.0.0 to 126.255.255.255 - 126 Networks, 16,777,214 (2^24) Nodes in each (+2 IPs reserved, one for Each network's own address, one for broadcast address)

  • Class B (/16) 128.0.0.0 to 191.255.255.255 - 16,382 (64x256) Networks, 65,534 (2^16) Nodes in each (+2 IPs reserved, one for Each network's own address, one for broadcast address)

  • Class C (/24) - 192.0.0.0 to 223.25.255.255 - 2,097,150 (32x256x256) networks, 254 (2^8) nodes in each (+2 IPs reserved, one for Each network's own address, one for broadcast address)

Class A networks were initially allocated to large organizations, Class B to medium and Class C to small businesses. As the supply of IPv4 addresses became low - the class system of IPs were related with CIDR (Classless Inter-Domain Routing)

IP classes have a number of ranges within then used for private networking only:

  • 10.0.0.0 to 10.255.255.255 private networking within the class A range (16,777,214 hosts in each network).

  • 172.16.0.0 to 172.31.255.255 private networking within the class B range (16 class B networks, 65,534 hosts in each network)

  • 192.168.0.0 to 192.168.255.255 private networking within the class C range (256 Class C networks, 254 hosts in each network))

These ranges are often used on private business networks, cloud networks and home networks.

CIDR is used for IPv4 IP networking rather than the class system - it allows more effective allocation and sub networking.

Either we are allocated a network range to use, or we decide on it. It will be represented as network/prefix (e.g. 10.0.0.0/16). The network address is our starting point. The prefix is the number of bits the network uses, the remaining bits, the node part is our to use. The node (or host) part is ours from all 0's to all 1's.

Subnetting

Subnetting is a process of breaking a network down into smaller sub-networks. We might be allocated a public range for our business, or decide on a private range for a VPC. Subnetting allows us to break it into smaller allocations for use in smaller networks e.g. VPC subnets.

If we pick 10.0.0.0/16 for our VPC, its a single network from 10.0.0.0 to 10.0.255.255 and offers 65,536 addresses. That VPC could have a single subnet within it also 10.0.0.0/16.

Other examples could be 10.0.0.0/17 and 10.0.128.0/17.

10.0.0.0/18, 10.0.64.0/18, 10.0.128.0/18, 10.0.192.0/18.

With a certain size of VPC, increasing the prefix creates 2 smaller sized networks. Increasing again, creates 4 even smaller networks. Increasing again creates 8 even smaller and so on.

IP Routing

Local device-to-device communication takes place using L1 (physical) and L2 (Datalink) using Mac Addresses and physical 0's and 1's. This does not scale across LANs and so a method of network to network transit is needed. IP routing provides this. The method used depends on if the two devices in a LOCAL network OR in a known remote network OR in an unknown network.

Local Network

IP-to-IP communications which occurs locally does not use a router. ARP is used to find the mac address for the destination host's IP address. The IP packet is created at L3, passed to L2 which is encapsulated inside an ethernet (L2) frame. The frame is sent to the destination MAC address. Once received the L2 frame is removed and the IP packet passed to L3.

Know Network

Local device-to-device communication takes place using L1 (physical) and L2 (DataLink) using MAC addresses and Physical 0's and 1's. This does not scale across LANs and so a method of network to network transit is needed. IP routing provides this. The method used depends on if the two devices are local, in a known remote network or and an unknown network.

If the two hosts are connected via a single router or series of routers directly connected, then host A will send the packet to its default Gateway Router and Routers will keep forwarding the packets from host A's default routers to host B till it reaches Host B's local router. Host B's local router will then forward it to host B.

Unknown Network

If the two hosts are on unknown networks then intermediate Routers on Internet will be advertising their networks using BGP (Border Gateway Protocol) routing protocol and packet will reach from host A to host B.

Firewalls

A firewall is a device which historically sits at the border between different networks, and monitors traffic flowing between them. A firewall is capable of reading packet data and either allowing OR denying traffic based on that data.

Firewalls establish a barrier between networks of different security levels and historically have been the first line of defense against perimeter attacks.

What data a firewall can read and act on depends on the OSI layer the firewall operates at:

  • Layer 3 (Network) - Source/Destination IP addresses or Ranges

  • Layer 4 (Transport) - Protocol (TCP/UDP) & Port Numbers

  • Layer 5 (Session) - As Layer 4, but understand response traffic

  • Layer 7 (Application) - Application specifics, e.g. HTML paths, images

Proxy Server

A proxy server is a type of gateway which sites between a private and public network (e.g. the internet). A proxy server is something that generally needs application support - a proxy server is configured in the operating system or a web browser or other application.

The client makes a connection to the proxy server, and the proxy makes a connection to the destination server. Proxy servers can provide filtering (child safety, malware, removing adult content) or it can act as a web cache, speeding up web access for a large organization at a remote site.

Proxy servers can also choose to pass on traffic or not based on things network layer appliances cannot. Thinks like username or elements of a corporate identity...department, age, security privilege or the DNS name rather than IP.

Next: AWS Private Networking