TCP/IP Model(4 Layers)
- Application Layer: HTTP, FTP, SSH
- Transport Layer: TCP, UDP, QUIC
- Internet Layer: IP, ICMP
- Link Layer: MAC, device driver
OSI Model(7 Layers)
- Layer 7: Application Layer (HTTP, FTP, BGP, SNMP)
- Layer 6: Presentation Layer
- Layer 5: Session Layer, controls the dialogues (connections) between computers.
- Layer 4: Transport Layer (TCP, UDP)
- Layer 3: Network Layer (IP, ICMP)
- Layer 2: Data Link Layer.
- Media Access Control (MAC) layer
- Logical Link Control (LLC) layer
- Point-to-Point Protocol (PPP)
- Layer 1: Physical Layer
OSI vs TCP/IP
- In TCP/IP model, Internet Layer is a subset of OSI model's network layer. It describes only one type of network architecture: the internet.
- OSI's top 3 layers (application, presentation and session) are not distinguished separately in TCP/IP model.
Layer 1 data is just bits sent across a wire.
Equipments: without logic. E.g. cables, hubs (a hub simply broadcasts traffic to all ports).
Layer 2 is primarily involved in transmitting data from one specific node to another. 2 sub-layers: Medium Access Control (MAC) and Logical Link Control (LLC).
- MAC: provides a unique address for each endpoint on the Layer 2 topology.
- LLC: a helper layer to assist between Layer 2's MAC and Layer 3
frame is a protocol data unit, the smallest unit of bits on a Layer 2 network. (for multiplexing Layer 3 Protocols, i.e. helps facilitate the ability for multiple Layer 3 protocols to be used simultaneously over the same medium)
Unilke bits, frames have a defined structure and can be used for error detection, control plane activities and so forth.
Layer 2 equipments: switches, bridges, network cards. They use the headers of the packet to determine where it goes.
- unicast: sending frames from one node to a single other node.
- multicast: sending traffic from one node to multiple nodes.
- broadcasting: the transmission of frames to all nodes in a network. A broadcast domain is a logical division of a network in which all nodes of that network can be reached at Layer 2 by a broadcast.
Segments of a LAN can be linked at the frame level using bridges. Bridging creates separate broadcast domains on the LAN, creating VLANs, which are independent logical networks that group together related devices into separate network segments.
Forwarding is the relaying of packets from one network segment to another by nodes in the network.
Data: a packet. A stateless grouping of data. No validation (which may be done by layer 4, e.g. TCP yes, UDP no).
Equipment: routers, Layer 3 switches. Firewalls.
- Layer 3.
- IP is connectionless, i.e. a data packet can travel from a sender to a recipient without the recipient having to send an acknowledgement.
IPv4 Private address: (NOT publicly routable):
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
- Layer 3. No associated TCP or UDP port number.
- a supporting protocol.
- sends success/failure and error messages (e.g. a requested service is not available or that a host or router could not be reached.) when communicating with another IP address.
- not typically used to exchange data between systems
- for diagnostic or control purposes, e.g. used by diagnostic tools like
- ICMPv6 is for IPv6.
Simple Network Management Protocol (SNMP)
- Layer 7 (Application).
- Purpose: network monitoring.
- Used in modems, routers, switches, servers, workstations, printers, etc.
Dynamic Host Configuration Protocol
- automatically assigning IP addresses and other communication parameters to devices, eliminates the need for individually configuring network devices manually.
- a client–server architecture: a centrally installed network DHCP server and client instances of the protocol stack on each computer or device.
TFTP can be easily implemented by code with a small memory footprint.
- the protocol of choice for the initial stages of any network booting strategy like BOOTP, PXE, BSDP, etc.
- to transfer firmware images and configuration files to network appliances like routers, firewalls, IP phones, etc.
- virtually unused for Internet transfers.
Anycast addressing uses a one-to-nearest association; datagrams are routed to a single member of a group of potential receivers that are all identified by the same destination address.
what happens: type
example.com in browser, use Anycast to find the nameserver (google/godaddy), nameserver lookup your ip in their records, the request is redirected to that ip, your server receives the request, parse the http request, retrieve static html or data from databse, return response, user’s browser receive response, render HTML
Multiprotocol Label Switching (MPLS)
Directs data from one node to the next based on labels rather than network addresses.
Multiple analog or digital signals are combined into one signal over a shared medium. The aim is to share a scarce resource.
Domain Names / DNS
FQDN: Fully Qualified Domain Name: sometimes also referred as an absolute domain name is a domain name that specifies its exact location in the tree hierarchy of the Domain Name System (DNS).
TLD: Top Level Domains.
Google DNS is a public DNS service that is provided by Google.
18.104.22.168: the primary DNS server for Google DNS.
22.214.171.124: the secondary DNS server.
iSCSI stands for Internet Small Computer Systems Interface.
An Internet Protocol (IP)-based storage networking standard for linking data storage facilities. The protocol allows admins to better utilize shared storage by allowing hosts to store data to remote networked storage, and virtualizes remote storage for applications that require direct attached storage.
Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems, allowing a user on a client computer to access files over a computer network much like local storage is accessed. Similar protocols include SMB (Server Message Block) and AFP (Apple Filing Protocol).
NFS vs iSCSI
- NFS: for data sharing among multiple client machines.
- iSCSI: supports a single client for each volume on the server.
Standard: DOCSIS (Data Over Cable Service Interface Specification)
|Version||Since||Max Downstream||Max Upstream|
|1.0||1997||40 Mbit/s||10 Mbit/s|
|1.1||2001||40 Mbit/s||10 Mbit/s|
|2.0||2002||40 Mbit/s||30 Mbit/s|
|3.0||2006||1 Gbit/s||200 Mbit/s|
|3.1||2013||10 Gbit/s||1-2 Gbit/s|
|4.0||2017||10 Gbit/s||6 Gbit/s|
Bluetooth 5 is the latest version.
One feature is Dual Audio: you can play audio on two connected devices at the same time, or stream two different audio sources to two different audio devices at the same time.
- 5.0: 2016
- 5.1: Jan 2019
- 5.2: Dec 2019
- 5.3: 2021
About the name and the logo:
- The king Harald "Bluetooth" is most famous for uniting Norway and DenmarkGormsson (bluetooth is to unite the PC and cellular industries with a short-range wireless link)
- Logo: a combination of the Nordic runes for the letters H (ᚼ) and B (ᛒ) for 'Harald Bluetooth'
Near-field communication: a set of communication protocols for communication between two electronic devices. Used for contactless payment.
The network is distributed over land areas called "cells", each served by at least one fixed-location transceiver.
- mmWave: higher speeds, however with a limited range.
- sub-6GHz: speeds in the 100-150 Mbps (in the United States), easier to deploy but far less powerful than mmWave 5G.
Border Gateway Protocol (BGP)
When someone submits data via the Internet, BGP is responsible for looking at all of the available paths that data could travel and picking the best route.
BGP is the protocol that makes the Internet work by enabling data routing.
Berkeley Packet Filter (BPF) and eBPF
BPF: Provides a raw interface to data link layers, permitting raw link-layer packets to be sent and received.
eBPF: origins in the Linux kernel, using a JIT mechanism.
eBPF = Kernel Runtime (including verifier, JIT, etc) + SDKs (Go, C++, Rust, etc) + Projects (Cilium, Falco, etc).
Use cases: networking, observability / monitoring, tracing / profiling, and security.
eBPF is clearly superior to iptables.
There is no such thing as a pre-defined eBPF datapath. eBPF is a programming language and runtime engine that allows to build datapath features among many other things. The Cilium and Calico eBPF datapaths differ quite significantly.
Physically connected but isolated at the data link layer (Layer 2).
VLANs work by creating multiple virtual switches over a single physical switch, with each virtual switch handling the communication for a single VLAN.
"Virtual" = a physical object recreated and altered by additional logic, within the local area network. VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks.
Software defined: can group hosts together even if the hosts are not directly connected to the same network switch.
Many Internet hosting services use VLANs to separate customers' private zones from one other, allowing each customer's servers to be grouped in a single network segment no matter where the individual servers are located in the data center.
Virtual eXtensible Local Area Network (VXLAN): a tunneling protocol that carries layer 2 packets over a layer 3 network, that is ethernet over IP; creating multiple L2 overlay networks in a given L3 overlay network.
VLAN vs VXLAN
- VLAN: 12 bit identifier, up to 4094 virtual networks.
- VXLAN: 24-bit identifier, around 16 million VXLANs.
In VLAN, a layer 2 network is divided into subnetworks using virtual switches and creating multiple broadcast domains within a single LAN network. In VXLAN, a layer 2 network is overlaid on an IP underlay, and the layer 2 ethernet frame is encapsulated in a UDP packet and sent over a VXLAN tunnel.
GENEVE (Generic Network Virtualization Encapsulation), A new network virtualization standard, promises to address the perceived limitations of the earlier specifications and support all of the capabilities of VXLAN, NVGRE and STT.
define an encapsulation data format only. it does not include any information or specification for the control plane.
Virtual routing and forwarding (VRF)
IP technology that enables the virtual creation of multiple routes instate on one physical device, layer 3. It allows multiple instances of a routing table to co-exist within the same router at the same time.
VRFs are used for network isolation/virtualization at Layer 3 of the OSI model as VLANs serve similarly at Layer 2. (VRFs are the TCP/IP layer 3 equivalent of a VLAN.)
- Full VRF focuses on labeling Layer 3 traffic via MPLS—a similar idea to Layer 2 VLANS.
- VRF lite, actually a subset of VRF, is normally VRF without MPLS and MP BGP. Used in the office LAN or data center environment to virtualize various security zones and network elements.
Example: Within each VRF, set at least two VXLAN based subnets: an external subnet and an internal subnet. The CIDR blocks of the external subnets will be advertised to the data center network, thus accessible from a outside client.
The Cost of Encryption: Wireguard vs IPsec
Wireguard outperforms IPsec.
A SOCKS5 proxy is an alternative to a VPN. It routes packets between a server and a client using a proxy server. This means that your real IP address is hidden and you access the internet with an address provided to you by a proxy provider.
SOCKS is a de facto standard for circuit-level gateways (level 5 gateways). A circuit-level gateway is a type of firewall.
- Telnet => SSH: because of serious security concerns when using Telnet over an open network such as the Internet, its use for this purpose has waned significantly in favor of SSH.
- Internet Group Management Protocol (IGMP): used on IPv4 networks. Multicast management on IPv6 networks is handled by Multicast Listener Discovery (MLD) which is a part of ICMPv6 in contrast to IGMP's bare IP encapsulation.
- SSL => TLS; TLS 1.0 and 1.1 were deprecated in 2021.
- Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is a mechanism ethernet uses to help deal with collisions on half duplex networks. Today, with Gigabit Ethernet and higher, there is virtually no half duplex and therefore no need to do this.
L4 vs L7 Load Balancer
L4 Load Balancer:
- a combination of L3 and L4 (L3/L4 Load balancers).
- calculating the best server based on fewest connections and fastest server response times.
- The source and destination IP of each packet is changed by the load balancer using NAT (Network address translation). When a response is received from the server, the same translation is performed again at the load balancer.
- When using L4 load balancers, we are unaware of the data. This means we cannot make any decisions based on data in our request. The only thing we have is IPs (source and destination)and ports.
- No smart load balancing
- Doesn’t work with streaming/keep-alive connections
- No TLS termination
L7 Load Balancer:
- actually layer 5,6,7
- bases its routing decisions on various characteristics of the HTTP/HTTPS header, the content of the message, the URL type, and information in cookies.
- When a client makes a request, it creates a TCP connection with the load balancer. The Load Balancer then creates a new TCP connection with one of the upstream servers. Thus, there are 2 TCP connections as compared to 1 in a TCP/UDP passthrough L4 Load balancer.
- Since we are at layer7, we are aware of the data in our request. This allows us to perform a variety of operations like
- Authentication — 401 if some header is not present
- Smart Routing — Route /payments call to a particular upstream
- TLS termination
- woks with multiplexed/keep-alive protocols,
- L7 load balancer creates a TCP connection with every upstream for a single client connection rather than choosing a single upstream.
InfiniBand vs Ethernet
- InfiniBand: used in high-performance computing that features very high throughput and very low latency.
- Ethernet: IEEE 802.3, a family of wired computer networking technologies.
- divide a stream of data into shorter pieces called frames.
- Ethernet provides services up to and including the data link layer. (L2)
- The 48-bit MAC address was adopted by other IEEE 802 networking standards, including IEEE 802.11 (Wi-Fi).
- one of the key technologies that make up the Internet.
- Wi-Fi: IEEE 802.11
In 2016, Ethernet replaced InfiniBand as the most popular system interconnect of TOP500 supercomputers.
Small Form Factor Committee (SFF)
small form-factor pluggable (SFP):
- fiber-optic cable
- The SFP replaced the larger gigabit interface converter (GBIC) in most applications, and has been referred to as a Mini-GBIC by some vendors.
- At introduction, typical speeds were 1 Gbit/s for Ethernet SFPs and up to 4 Gbit/s for Fibre Channel SFP modules
- SFP+ (2006): up to 10 Gbit/s
- SFP28: up to 25 Gbit/s.
- A slightly larger sibling is the four-lane Quad Small Form-factor Pluggable (QSFP)
- QSFP28 (2014): up to 100 Gbit/s
- QSFP56 (2019): up to 200 Gbit/s
- SFP-DD: allows for 100 Gbit/s over two lanes
- QSFP-DD: allows for 400 Gbit/s over eight lanes
- OSFP (Octal Small Format Pluggable) (2022): up to 800 Gbit/s
Network interface cards (NICs)
Brands: sMellanox and Granite.
Datacenter networking in computing: by actuating MEMS mirros, the same input port can be connected to a different output port.