I’ve been working on setting up couple of host and guest machines at my home/office for last couple of years. I wanted to replicate real world scenario where we have multiple hosts on multiple subnet and still interacting with each other. While working on this i found that lot of people are either not aware of basic concepts or confused because of abundant information available online. I want to simplify networking in a short concise manner all in single post.
I would also show application layers along with network layers to make it more clear. I see that these 2 department don’t have any common knowledge in common everywhere in industry. I would love my developers to understand network connectivity while designing distributed application or even basic non distributed applications.
There are 5 major components of that any company or network admin has to look at
and 2 basic concepts
- Nic Cards/ Network Interface Cards
Gateway : This is the target applicance/device/machine to which source computer sends all its packets for any networking. Assuming there is only one network interface card in source computer. (Note: A machine can have any number of interface cards as hardware supports). If we use gateway we mostly need to add static routes to all machines
Firewall: This generally sits between cloud/internet and private network which can control flow of data packets from inside/outside interfaces. Example: Cisco ASA Applicance. Without a firewall every network is susceptible to brute force attacks and heavy load on systems. (This is funny link which shows how everyone around the world are trying to attach each other digitally http://map.norsecorp.com)
Hub: This is a device to which all networking devices connect to. This is good for lab testing but not efficient way of connecting devices.Major disadvantage it has is that it broadcasts information sent from one device over common channel that is visible to all other devices connected to that hub. This also creates unnecessary bandwidth issues as it floods information to everyone irrespective of who it is destined to.
Switch: This is an efficient way of creating a minimal network. Switches have multiple sockets to connect different available in network. Switches separate communication channels between all devices which makes it very efficient in connecting devices.
Router: As the name suggests it routes traffic between different networks. This generally sits coupled with gateway and knows where to send packets to. It stores all information in routing table and decides best possible route for given packet. Router automatically takes care of routing removing need for nodes to add static routes
Below diagram explain a very high level connection scenario’s
If you observe in above diagram i’ve one network with subnet 192.168.1.0/24 connected to one switch and other network 10.0.0.1/24 connected to different switch.
Both of them are connected via a router/gateway
And gateway is connected to internet via Firewall.
This explain a minimalistic design of any company.
We can have multiple layers of switches and router sitting on top of each other in tree fashion but basic concepts remain the same.
Now coming to NIC Card/Network Interface Cards
NIC: This is located in each and every networking device and enable the device to get connected via ethernet. These days we can create Virtual NIC cards on any Operating system which behave same as physical NIC. There are other concepts of NIC called Nic Teaming or Bonding which improve bandwidth and performance of Network IO apart from providing failover connectivity. I would explain all these concepts in details in subsequent series.
Subnet: Subnets are single most important concept that allow us to segregate different kind of networks. Originally when networks originated in 80’s there was concept of Class Based Networking
Example: for 192.168.1.1
Class A: Network portion is just 192 and rest 168.1.1 defines the node address
Class B: 192.168 defines network portion and rest 1.1 is node address
Class C: 192.168.1 defines network and remaining 1 represents node address
This approach was good till early 90’s but then issue of ip address exhaustion started.
Then IETF introduced a concept of CIDR (Classless Internet Domain Routing). With introduction of this approach now IP Address is never complete without Network Mask. Example 192.168.1.1 doesn’t represent a node unless we define netmask. So now ip address have to defined as 192.168.1.1/24 where 24 represents 24 bits which is prefix or network portion of above address.
With advent of Virtual Machines/Containerization of networks and Operating system like linux we can replicate all above devices with software code.
I would start explain each concept in detail and how to configure and build multiple computers and network routes in subsequent series.
Technologies i’m going to use and topic coverage in next couple of months. I’m going to write each one fresh using latest version so that my code is not outdated.
- Vagrant ( To manage Virtual machines)
- Oracle VirtualBox ( Virtual machine provider . We can also use HyperV or VMWare)
- Docker (Lightweight replica of VM which can provide similar features)
- CentOS/Ubuntu ( I’m going to use both flavors of linux in different devices)
- Linux Routing Table for basic
- Quagga/Zebra to create powerful router
- Iptables used as simple firewall
- OpenVPN to setup VPN connections.
- Chef/Berkshelf (One of the most versatile OS provisioner )
- Shell Scripting ( This is obvious)
- Apache/PHP/Mysql For a demo website
- Cassandra as demo database to show how data gets across different racks in out virtual data centers (VM’s on different networks).
I’ve already have one base version written which i’m going to reuse in bits and pieces.
Part 2 of the series is at