DevOps

Networking Fundamentals

Master essential networking concepts for DevOps: TCP/IP, DNS, HTTP/HTTPS, ports, firewalls, and network troubleshooting.

By TechCoder TeamLast updated: 2026-06-02
In a Nutshell

Master essential networking concepts for DevOps: TCP/IP, DNS, HTTP/HTTPS, ports, firewalls, and network troubleshooting. This hands-on tutorial focuses on practical implementation of networking fundamentals concepts.

Networking Fundamentals

Networking is the backbone of modern infrastructure. As a DevOps engineer, understanding network fundamentals is crucial for designing, deploying, and troubleshooting systems.

TCP/IP Model

The TCP/IP model is the foundation of internet communication:

┌─────────────────────────────────────────┐
│  Layer 4: Application (HTTP, FTP, SSH)  │
├─────────────────────────────────────────┤
│  Layer 3: Transport (TCP, UDP)          │
├─────────────────────────────────────────┤
│  Layer 2: Internet (IP, ICMP)          │
├─────────────────────────────────────────┤
│  Layer 1: Network Access (Ethernet)     │
└─────────────────────────────────────────┘

OSI Model vs TCP/IP

OSI LayerTCP/IP LayerProtocols/Devices
7. ApplicationApplicationHTTP, HTTPS, FTP, SSH, DNS
6. PresentationSSL/TLS, JPEG, ASCII
5. SessionNetBIOS, RPC
4. TransportTransportTCP, UDP
3. NetworkInternetIP, ICMP, Routers
2. Data LinkNetwork AccessEthernet, MAC, Switches
1. PhysicalCables, Hubs, Signals

IP Addresses and Subnetting

IPv4 Addressing

IPv4 Address: 192.168.1.100
              │││││││││││││
              ││││││││││└┴┴─ Host ID
              ││││││││└┴┴── Network ID
              └┴┴┴┴┴┴┴──── IP Address

Classes:
- Class A: 1.0.0.0 to 126.0.0.0    (Subnet: 255.0.0.0 /8)
- Class B: 128.0.0.0 to 191.255.0.0 (Subnet: 255.255.0.0 /16)
- Class C: 192.0.0.0 to 223.255.255.0 (Subnet: 255.255.255.0 /24)

Private Ranges:
- 10.0.0.0/8      (10.0.0.0 - 10.255.255.255)
- 172.16.0.0/12   (172.16.0.0 - 172.31.255.255)
- 192.168.0.0/16  (192.168.0.0 - 192.168.255.255)

CIDR Notation

CIDRSubnet MaskTotal IPsUsable IPs
/24255.255.255.0256254
/16255.255.0.065,53665,534
/8255.0.0.016,777,21616,777,214
/32255.255.255.25511

IPv6 Addressing

IPv6: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
      └─┬─┘└─┬──┘└─┬──┘└┬┘└┬┘└─┬──┘└┬──┘└┬┘
      Global│Site  │Sub  │  │   │    │    │
      Routing│     │     │  │   │    │    │
      Prefix  │     │     │  │   │    │    │
              └─────┴─────┴──┘   │    │    │
                                  │    │    │
              Interface Identifier─┴────┴────┘

# Shortened form
2001:db8:85a3::8a2e:370:7334

TCP vs UDP

TCP (Transmission Control Protocol)

Characteristics:

  • Connection-oriented
  • Reliable delivery (acknowledgments, retransmission)
  • Ordered delivery
  • Flow control
  • Error checking

Use Cases:

  • HTTP/HTTPS (web)
  • SSH
  • FTP
  • Email (SMTP, IMAP)

UDP (User Datagram Protocol)

Characteristics:

  • Connectionless
  • Unreliable (no guarantees)
  • No ordering guarantees
  • Low overhead
  • Faster than TCP

Use Cases:

  • DNS queries
  • Video streaming
  • Online gaming
  • VoIP

Common Ports

PortProtocolUse
20/21FTPFile Transfer
22SSHSecure Shell
25SMTPEmail Sending
53DNSDomain Name System
80HTTPWeb (Unencrypted)
443HTTPSWeb (Encrypted)
3306MySQLMySQL Database
5432PostgreSQLPostgreSQL Database
6379RedisRedis Cache
8080HTTP AltAlternative HTTP
27017MongoDBMongoDB Database

DNS (Domain Name System)

DNS translates human-readable domain names into IP addresses.

How DNS Works

DNS Record Types

RecordPurposeExample
AIPv4 addresstechcoder.io. 300 IN A 192.0.2.1
AAAAIPv6 addresstechcoder.io. 300 IN AAAA 2001:db8::1
CNAMEAlias to another domainwww.techcoder.io. CNAME techcoder.io.
MXMail servertechcoder.io. MX 10 mail.techcoder.io.
TXTText informationtechcoder.io. TXT "v=spf1 include:_spf.google.com"
NSName servertechcoder.io. NS ns1.cloudflare.com.
SOAStart of authorityZone configuration

DNS Commands

# DNS lookup
dig techcoder.io
dig +short techcoder.io
dig techcoder.io A
dig techcoder.io MX

# Reverse DNS
dig -x 192.0.2.1

# Trace DNS resolution
dig +trace techcoder.io

# Check DNS propagation
nslookup techcoder.io 8.8.8.8    # Google DNS
nslookup techcoder.io 1.1.1.1    # Cloudflare DNS

HTTP vs HTTPS

HTTP (HyperText Transfer Protocol)

Client                    Server
  |                         |
  |---- GET /index.html --->|
  |                         |
  |<--- 200 OK + HTML ------|
  |                         |
  • Port: 80
  • Unencrypted
  • Fast but insecure
  • Vulnerable to interception

HTTPS (HTTP Secure)

Client                    Server
  |                         |
  |---- TLS Handshake ----->|
  |<--- Certificate --------|
  |---- Key Exchange ------>|
  |<--- Encrypted comms ----|
  |                         |
  • Port: 443
  • Encrypted with TLS/SSL
  • Authenticated
  • Protects against MITM attacks

TLS/SSL Versions

VersionStatusSecurity
SSL 2.0DeprecatedInsecure
SSL 3.0DeprecatedInsecure
TLS 1.0DeprecatedWeak
TLS 1.1DeprecatedWeak
TLS 1.2SupportedSecure
TLS 1.3RecommendedMost Secure

Firewalls and Security

Types of Firewalls

  1. Network Firewalls

    • Hardware devices
    • Filter by IP, port, protocol
    • Example: Cisco ASA, pfSense

  2. Host-based Firewalls

    • Software on individual systems
    • iptables, firewalld, ufw

  3. Web Application Firewalls (WAF)

    • Filter HTTP/HTTPS traffic
    • Protect against SQL injection, XSS
    • Example: AWS WAF, Cloudflare WAF

Firewall Rules Best Practices

# Default Deny Policy
- Deny all incoming by default
- Allow only what's needed
- Log denied attempts
- Regular rule reviews

# Rule Order Matters
1. Allow specific management access
2. Allow required services
3. Allow established connections
4. Deny everything else
5. Log suspicious activity

Network Troubleshooting

Essential Commands

# Connectivity test
ping google.com -c 4          # Send 4 packets
ping6 ipv6.google.com         # IPv6 test

# Trace route
traceroute google.com
tracepath google.com          # No root required
mtr google.com                # Real-time stats

# DNS issues
dig google.com
dig @8.8.8.8 google.com       # Test specific DNS
nslookup google.com

# Check connections
netstat -tuln                 # Listening ports
ss -tuln                      # Modern alternative
lsof -i :80                   # What's using port 80

# Packet capture
sudo tcpdump -i eth0 port 80
sudo tcpdump -i any host 192.168.1.1

# Network interfaces
ip addr show
ip route show

# Bandwidth test
iperf3 -c server.example.com
curl -o /dev/null http://speedtest.tele2.net/10MB.zip

Common Issues and Solutions

SymptomLikely CauseSolution
Can't reach serverFirewall blockingCheck iptables/firewalld
DNS not resolvingDNS server issueTest with dig @8.8.8.8
Connection refusedService not runningCheck service status
Connection timeoutNetwork path issuetraceroute to identify
Slow transferBandwidth/congestioniperf3 test, check QoS

Quiz

Quiz

Question 1 of 5

Which protocol is connectionless and provides no delivery guarantees?

TCP
HTTP
UDP
SSH

Next Steps

Now let's explore load balancers and reverse proxies, essential components for scaling and securing applications.