IP address

CIDR

192.168.0.0/24
192.168.0.0 -> 192.168.0.255
2^(32-X) = 2^(32-24) = 2^8 = 256

Private IP

192.168.0.0/16
172.16.0.0/12
10.0.0.0/8

Subnet

192.168.0.0/16
Subnet = 192.168.0.0

Broadcast

192.168.0.0/16
Broadcast = 192.168.255.255
Messages received by machines 192.168.0.0 -> 192.168.255.254

Gateway

192.168.0.0/16
Gateway (usely) = 192.168.0.1
Network node equipped for interfacing with another network
When a machine want to speak outside, it send data to the gateway

Terminology

192.168.0.0/16 => Subnet
192.168.0.0 => SubnetId
/16 => BitMask
192.168.0.1 => Gateway
192.168.255.255 => Broadcast

NAT

Network address translation
Remapping one IP address into another

Load Balancer

Distributes workloads across multiple computing resources

Algorithm

Round robin
Weighted round robin
Least connections
Least response time
Least Sessions

Persistance

Cookie
Source address
SSL
SIP

HTTPS

Monitoring

active vs passive
ping
tcp / udp
HTTP(s) / FTP / IMAP / etc...

Firewall

Network security system that controls the incoming and outgoing network traffic

How does it work

List of rules
One rule contains:
- source: IP / range
- destination: IP / range
- service: protocol + port
- policy: allow | drop
First match = First win

Service == ?

list of ports
protocol
- tcp
- udp
- icmp

Source or destination

Source

Destination

Service FTP

active

passive

Best Practice

Deny all by default
Last rule is equals to:
- source: ANY
- destination: ANY
- service: ANY
- policy: drop

VLAN

Isolate multiple subnet inside switch/router
Grouping host with a common set of requirements
Split private network and public network

Architecture

SSH Forwarding

laptop$ apt-get install squid

laptop$ ssh -R 3128:localhost:3128 user@back_server

user@back_server$ export http_proxy=http://127.0.0.1:3128/

user@back_server$ apt-get update

SDN

Software Defined Network

Concept

Directly programmable
Centrally managed
Programmatically configured
Open Standards-based / Vendor neutral

Control plane

Makes decisions about where traffic is sent
include the system configuration, management, and exchange of routing table information
routers exchanges the topology information with other routers

Data plane

Forwards traffic to the next hop along the path to the selected destination network according to control plane logic

Network

IP address

CIDR

Private IP

Subnet

Broadcast

Gateway

Terminology

NAT

Load Balancer

Distributes workloads across multiple computing resources

Algorithm

Persistance

HTTPS

Monitoring

Firewall

Network security system that controls the incoming and outgoing network traffic

How does it work

Service == ?

Source or destination

Service FTP

Best Practice

VLAN

Architecture

SSH Forwarding

SDN

Software Defined Network

Concept

Control plane

Data plane

Questions ?

network

network

Jérémy DERUSSÉ

Network

IP address

CIDR

Private IP

Subnet

Broadcast

Gateway

Terminology

NAT

Load Balancer

Distributes workloads across multiple computing resources

Algorithm

Persistance

HTTPS

Monitoring

Firewall

Network security system that controls the incoming and outgoing network traffic

How does it work

Service == ?

Source or destination

Service FTP

Best Practice

VLAN

Architecture

SSH Forwarding

SDN

Software Defined Network

Concept

Control plane

Data plane

Questions ?

network

More from Jérémy DERUSSÉ