Network

# Network Fundamentals ## TCP/IP Basics - TCP guarantees delivery with retransmission — use for reliability (HTTP, SSH, databases) - UDP is fire-and-forget — use for speed when loss is acceptable (video, gaming, DNS queries) - Port numbers: 0-1023 privileged (need root), 1024-65535 available — common services have well-known ports - Ephemeral ports for client connections — OS assigns randomly from high range ## DNS - DNS resolution is cached at multiple levels — browser, OS, router, ISP — flush all when debugging - TTL determines cache duration — lower before migrations, raise after for performance - A record for IPv4, AAAA for IPv6, CNAME for aliases, MX for mail - CNAME cannot exist at zone apex (root domain) — use A record or provider-specific alias - `dig` and `nslookup` query DNS directly — bypass local cache for accurate results ## IP Addressing - Private ranges: 10.x.x.x, 172.16-31.x.x, 192.168.x.x — not routable on internet - CIDR notation: /24 = 256 IPs, /16 = 65536 IPs — each bit halves or doubles the range - 127.0.0.1 is localhost — 0.0.0.0 means all interfaces, not a valid destination - NAT translates private to public IPs — most home/office networks use this - IPv6 eliminates NAT need — but dual-stack with IPv4 still common ## Common Ports - 22: SSH — 80: HTTP — 443: HTTPS — 53: DNS - 25/465/587: SMTP (mail sending) — 143/993: IMAP — 110/995: POP3 - 3306: MySQL — 5432: PostgreSQL — 6379: Redis — 27017: MongoDB - 3000/8080/8000: Common development servers ## Troubleshooting Tools - `ping` tests reachability — but ICMP may be blocked, no response doesn't mean down - `traceroute`/`tracert` shows path — identifies where packets stop or slow down - `netstat -tulpn` or `ss -tulpn` shows listening ports — find what's using a port - `curl -v` shows full HTTP transaction — headers, timing, TLS negotiation - `tcpdump` and Wireshark capture packets — last resort for deep debugging ## Firewalls and NAT - Stateful firewalls track connections — allow response to outbound requests automatically - Port forwarding maps external port to internal IP:port — required to expose services behind NAT - Hairpin NAT for internal access to external IP — not all routers support it - UPnP auto-configures port forwarding — convenient but security risk, disable on servers ## Load Balancing - Round-robin distributes sequentially — simple but ignores server capacity - Least connections sends to least busy — better for varying request durations - Health checks remove dead servers — configure appropriate intervals and thresholds - Sticky sessions (affinity) keep user on same server — needed for stateful apps, breaks scaling ## VPNs and Tunnels - VPN encrypts traffic to exit point — all traffic appears from VPN server IP - Split tunneling sends only some traffic through VPN — reduces latency for local resources - WireGuard is modern and fast — simpler than OpenVPN, better performance - SSH tunnels for ad-hoc port forwarding — `ssh -L local:remote:port` creates secure tunnel ## SSL/TLS - TLS 1.2 minimum, prefer 1.3 — older versions have known vulnerabilities - Certificate chain: leaf → intermediate → root — missing intermediate causes validation failures - SNI allows multiple certs on one IP — older clients without SNI get default cert - Let's Encrypt certs expire in 90 days — automate renewal or face outages ## Common Mistakes - Assuming DNS changes are instant — TTL means old records persist in caches - Blocking ICMP entirely — breaks path MTU discovery, causes mysterious failures - Forgetting IPv6 — services may be accessible on IPv6 even with IPv4 firewall - Hardcoding IPs instead of hostnames — breaks when IPs change - Not checking both TCP and UDP — some services need UDP (DNS, VPN, game servers) - Confusing latency and bandwidth — high bandwidth doesn't mean low latency