DEV Community

Ashutosh Sarangi
Ashutosh Sarangi

Posted on

12 Networking Fundamentals

#beginners #infrastructure #networking #webdev

Personal Note:-

Foundational Concepts (Single Server to Secure Zones)

The video starts by following the imaginary travel booking website, TravelBody, to understand how its networking needs evolve over time.

  1. IP Address (Internet Protocol Address): Every device connected to a network requires an identifier so that other devices can send data to it. This is analogous to a house address. TravelBody's initial single server was assigned a public IP address so any device on the internet could send a request to it.
  2. DNS (Domain Name System): Because users do not memorize IP addresses, DNS translates easy-to-remember names (like travelbody.com) into the corresponding IP addresses, much like contacts in a phone.
  3. Ports: When a single server runs multiple applications (e.g., website, database, payment service), ports are numbered channels (ranging from 1 to 65,535) that direct incoming traffic to the correct application. Standard ports include 80 (web applications), 443 (secure web connections), and 3306 (MySQL). This is comparable to apartment numbers in a building that shares one street address.
  4. Network Segmentation / Subnets: To mitigate security risks, especially when handling sensitive information, the network must be divided into separate sections called subnets. This keeps different functions (like the public-facing front end, application servers, and database servers) cleanly separated.
  5. Routing: Necessary to direct traffic between these different network segments (subnets). A router determines the path, acting like a GPS for network data.
  6. Firewalls: Act as a security guard, checking every piece of traffic and deciding whether to allow it based on set rules.
    • Host firewalls protect individual servers.
    • Network firewalls sit between subnets (or between the internet and the front-end subnet) to filter traffic and enforce security rules.
  7. Private IP Addresses: Used inside a company's network (like internal extension numbers) and cannot communicate directly with the internet, offering an additional layer of security.
  8. NAT (Network Address Translation): Allows multiple devices with private IP addresses (like the 50 secured backend servers) to share a single public IP address when accessing the internet. The NAT device replaces the private source address with its own public address for outbound requests and routes the response back to the correct private server. This keeps backend servers hidden and protected while allowing them to reach the internet for updates or external APIs. (Note: These first five concepts—IP address, DNS, Ports, Segmentation/Routing, and Firewalls—along with NAT, are described as the foundational concepts that remain constant regardless of the environment.)

Cloud Networking Concepts

When TravelBody moves to the cloud to rent computing resources and increase flexibility, the fundamental networking concepts remain, but the tools change.

  1. VPC (Virtual Private Cloud): This is the user's isolated section of the cloud provider's network, analogous to renting a secured office floor in a large building.
    • Within the VPC, public subnets (for internet-facing resources) and private subnets (for protected resources) are created.
    • An Internet Gateway connects public subnets to the internet.
    • Route Tables direct traffic within the network, acting like signposts.
    • NAT Gateway is the cloud-managed version of NAT, placed in a public subnet to allow resources in private subnets to send outbound internet traffic. Container and Orchestration Networking Concepts As TravelBody moves to microservices and containers (using Docker for portability), new networking concepts emerge.
  2. Container Networking (Bridge Network / Port Mapping):
    • Bridge Network: Docker creates a private network on a single server, allowing containers on that server to communicate using container names.
    • Port Mapping: Because applications listen on internal container ports (e.g., 9090), the internal port must be mapped or bound to a port on the host server so external requests can reach the application inside the container.
  3. Overlay Network: When containers span multiple servers, Docker's overlay network creates a virtual network that makes containers on different servers appear as if they were on the same network, allowing communication across hosts.
  4. Container Orchestration (Kubernetes - Pods, Services, Ingress): Kubernetes automates the management of hundreds of containers.
    • Pods: The basic unit in Kubernetes; each pod gets its own temporary IP address. Since pods are ephemeral (temporary), their IP addresses change when they are recreated or moved.
    • Kubernetes Services: Solve the problem of ephemeral pod IP addresses by providing a stable IP address and DNS name that never changes. The service automatically forwards the connection to a healthy, active pod behind it, ensuring uninterrupted connections.
    • Ingress: Handles all incoming traffic into the cluster, routing visitors to the correct service inside the cluster based on configured rules (like a reception desk routing visitors to the right department). Regardless of whether you are working with physical servers, cloud infrastructure, Docker, or Kubernetes, these underlying principles remain the same.

Reference:-
https://www.youtube.com/watch?v=xj_GjnD4uyI

Top comments (0)