Why Networking Matters in Cloud
Even if you're not a network engineer, understanding TCP/IP is essential for:
- Troubleshooting connectivity issues
- Designing secure architectures
- Understanding how services communicate
- Configuring firewalls and security groups
The TCP/IP Model Layers
OSI Model (7 Layers) TCP/IP Model (4 Layers)
┌─────────────────────┐
│ 7. Application │ ┌─────────────────────┐
├─────────────────────┤ │ 4. Application │
│ 6. Presentation │ ───► │ (HTTP, DNS, SSH) │
├─────────────────────┤ └─────────────────────┘
│ 5. Session │
├─────────────────────┤ ┌─────────────────────┐
│ 4. Transport │ ───► │ 3. Transport │
├─────────────────────┤ │ (TCP, UDP) │
│ 3. Network │ └─────────────────────┘
├─────────────────────┤ ┌─────────────────────┐
│ 2. Data Link │ ───► │ 2. Internet │
├─────────────────────┤ │ (IP, ICMP) │
│ 1. Physical │ └─────────────────────┘
└─────────────────────┘ ┌─────────────────────┐
│ 1. Network Access │
│ (Ethernet, Wi-Fi) │
└─────────────────────┘
1. Application Layer
- HTTP/HTTPS (port 80/443)
- DNS (port 53)
- SSH (port 22)
- RDP (port 3389)
- FTP (port 21)
- SMTP (port 25/587)
2. Transport Layer
TCP (Transmission Control Protocol):
- Connection-oriented (three-way handshake)
- Reliable, ordered delivery
- Flow control and congestion control
- Used for: Web traffic, email, file transfer
TCP Three-Way Handshake:
Client Server
│ │
│──── SYN ─────►│
│ │
│◄── SYN-ACK ──│
│ │
│──── ACK ─────►│
│ │
Connection Established!
UDP (User Datagram Protocol):
- Connectionless
- Fast but unreliable
- No ordering guarantee
- Used for: DNS queries, streaming, gaming, VoIP
3. Internet Layer
- IP addressing (IPv4, IPv6)
- Routing between networks
- ICMP (ping, traceroute)
4. Network Access Layer
- Physical connectivity
- MAC addresses
- Ethernet, Wi-Fi
Key Concepts for Cloud
CIDR Notation:
IP Address: 10.0.0.0/16
10.0.0.0 = Network address
/16 = Subnet mask (16 bits for network)
= 255.255.0.0
Available IPs: 10.0.0.0 - 10.0.255.255
Total: 65,536 addresses (minus network/broadcast)
Common CIDR Blocks: | CIDR | Addresses | Use Case | |------|-----------|----------| | /8 | 16,777,216 | Entire organization | | /16 | 65,536 | Large VNet/VPC | | /24 | 256 | Standard subnet | | /28 | 16 | Small subnet (min for Azure) | | /32 | 1 | Single host |
Private IP Ranges (RFC 1918):
- 10.0.0.0/8 (Class A) - 16 million addresses
- 172.16.0.0/12 (Class B) - 1 million addresses
- 192.168.0.0/16 (Class C) - 65,000 addresses
Common Ports:
| Port | Service | Protocol | Notes | |------|---------|----------|-------| | 22 | SSH | TCP | Secure shell | | 80 | HTTP | TCP | Web (unencrypted) | | 443 | HTTPS | TCP | Web (encrypted) | | 3306 | MySQL | TCP | Database | | 5432 | PostgreSQL | TCP | Database | | 1433 | SQL Server | TCP | Database | | 6379 | Redis | TCP | Cache | | 27017 | MongoDB | TCP | Database | | 53 | DNS | UDP/TCP | Name resolution | | 123 | NTP | UDP | Time sync |
Cloud-Specific Networking
Virtual Networks (VNet/VPC):
- Isolated network environment in the cloud
- Define your own IP range (CIDR)
- Subdivide into subnets
- Similar to on-premises networks
VNet: 10.0.0.0/16
├── Public Subnet: 10.0.1.0/24
│ └── Web servers, Load Balancers
├── Private Subnet: 10.0.2.0/24
│ └── Application servers
└── Database Subnet: 10.0.3.0/24
└── Databases (no internet access)
Subnets:
- Public subnets: Resources accessible from internet (have Internet Gateway route)
- Private subnets: Internal resources only (no direct internet access)
Security Groups / NSGs:
- Virtual firewalls at the instance/NIC level
- Allow/deny rules by port and IP
- Stateful (return traffic automatically allowed)
- Process rules in priority order
Example NSG Rules: | Priority | Name | Port | Protocol | Source | Action | |----------|------|------|----------|--------|--------| | 100 | AllowHTTPS | 443 | TCP | Any | Allow | | 110 | AllowSSH | 22 | TCP | 10.0.0.0/8 | Allow | | 65000 | DenyAll | Any | Any | Any | Deny |
NAT Gateway:
- Allows private subnet resources to reach internet
- Outbound only (no inbound from internet)
- Provides static public IP for outbound traffic
- Essential for updates, API calls from private subnets
Load Balancers:
| Type | Layer | Use Case | |------|-------|----------| | Application LB | Layer 7 | HTTP/HTTPS routing, path-based | | Network LB | Layer 4 | TCP/UDP, high performance | | Gateway LB | Layer 3 | Third-party appliances |
DNS in the Cloud
How DNS Resolution Works:
User types: www.example.com
│
▼
Local DNS Cache → Not found
│
▼
ISP DNS Server → Not cached
│
▼
Root DNS Server → .com TLD server
│
▼
.com TLD Server → example.com nameserver
│
▼
example.com NS → 93.184.216.34 (A record)
│
▼
Browser connects to IP
Common DNS Record Types: | Type | Purpose | Example | |------|---------|---------| | A | IPv4 address | www → 93.184.216.34 | | AAAA | IPv6 address | www → 2606:2800:220:1:... | | CNAME | Alias | blog → www.example.com | | MX | Mail server | @ → mail.example.com | | TXT | Text data | SPF, DKIM records | | NS | Nameserver | @ → ns1.example.com |
Troubleshooting Checklist
When connectivity fails, check in this order:
-
Is DNS resolving?
nslookup example.com dig example.com -
Can you reach the IP?
ping 10.0.0.5 -
Is the port open?
telnet 10.0.0.5 443 nc -zv 10.0.0.5 443 -
Check security groups/NSGs - Most common issue!
-
Check route tables - Is there a route to the destination?
-
Check NACLs (if applicable) - Stateless, both directions needed
Exam Tips
Common exam questions:
- Calculate available IPs from CIDR notation
- Identify which port a service uses
- Design subnet architecture
- Configure security group rules
- Troubleshoot connectivity scenarios
Quick CIDR math:
- /24 = 256 IPs (254 usable)
- /25 = 128 IPs
- /26 = 64 IPs
- /27 = 32 IPs
- /28 = 16 IPs
Key Takeaway
You don't need to be a network expert, but understanding these fundamentals will help you design better architectures and troubleshoot issues faster. Cloud certifications test these concepts, and real-world projects depend on them.