Skip to content

Instantly share code, notes, and snippets.

@loftwah

loftwah/guide1.md

Last active August 16, 2025 08:40
Show Gist options
  • Save loftwah/dfe437598a88cf60057ff23cd63d3083 to your computer and use it in GitHub Desktop.
Save loftwah/dfe437598a88cf60057ff23cd63d3083 to your computer and use it in GitHub Desktop.
Download ZIP
computer-networking
Raw
guide1.md

Comprehensive Guide to Computer Networking: From Basics to Advanced (2025 Edition)

Last Updated: August 16, 2025 (AEST, UTC+10)
Author Note: This document compiles a detailed, verbose, and example-heavy overview of computer networking, drawing from foundational concepts to cutting-edge 2025 trends. It's structured for easy reading, listening (as a verbal walkthrough), or copy-pasting into notes. We've covered everything from OSI Layers 1–9 (joke layers included), TCP/IP and HTTP models, bitwise operations, subnetting, classful vs classless addressing, common IP ranges, DHCP, spanning tree protocols, routing (heavy on OSPF and BGP with 2025 updates like RPKI, ASPA, and SRv6), LACP standards, Ethernet evolution from 10Base-T to fiber (with connectors, single-mode/multimode, speeds, and distances), addressing modes (anycast, broadcast, multicast, unicast, incast), Wi-Fi (up to Wi-Fi 7), NAT, VPNs (WireGuard, Tailscale), proxies/SOCKS5, DNS (with record types), IEC power cables, ARP/ND, troubleshooting workflows, and hands-on labs using GNS3, Docker, Terraform, Python, AWS, and LocalStack (with toggles for real AWS or local simulation). Labs are described verbally for audio-friendly walkthroughs, with goals, steps, expected outputs, and troubleshooting tips. We've also included a massive trivia section with questions, answers, and explanations for reinforcement. This is painfully detailed—strap in for the full ride!

Introduction: Why This Guide?

Networking underpins everything from your home Wi-Fi to global cloud infrastructures. This guide starts at the basics (bits on wires) and scales to advanced topics like BGP policy wars and zero-trust overlays. We'll use real-world examples, worked calculations, code snippets, and labs you can run today. Assumptions: You're on Linux (e.g., Ubuntu 22.04+), comfortable with CLI, and have tools like Docker, GNS3, Terraform, and Python installed. Labs emphasize practical skills—think "copy-paste and verify." By the end, you'll have a mental model for troubleshooting, designing, and deploying networks in 2025.

Section 1: Mental Models – OSI, TCP/IP, and HTTP

Understanding models helps debug: "Is this a Layer 3 routing issue or a Layer 2 switch loop?"

OSI Model (Layers 1–9, Including Joke Layers)

The OSI model is a conceptual framework with 7 core layers, plus "joke" layers for real-world chaos.

  • Layer 1: Physical – Bits on the wire: voltages, light pulses, radio waves. Handles media like copper (Cat6a for 10G up to 100m), fiber (single-mode for 100km+), connectors (LC for fiber, RJ-45 for Ethernet). Example: A 10GBASE-T link uses 4 twisted pairs with PAM-16 encoding to send data at 10 Gbps over Cat6a cable. Distances: 100m max for copper; fiber varies (e.g., OM4 multimode: 150m at 100G).

  • Layer 2: Data Link – Frames and MAC addresses. Ethernet (802.3), Wi-Fi (802.11), switches, ARP. Prevents loops with STP/RSTP/MSTP. Bonds links with LACP (802.1AX). VLANs (802.1Q) tag frames for segmentation. Example: A frame looks like [Dst MAC | Src MAC | VLAN Tag (optional) | EtherType | Payload | FCS]. In a switch, MAC learning builds a table: "Port 5 has MAC AA:BB:CC:DD:EE:FF."

  • Layer 3: Network – Packets and logical addressing (IPv4/IPv6). Routers, ICMP, routing protocols like OSPF (link-state, Dijkstra algorithm) and BGP (path-vector). Addressing modes: unicast (one-to-one), multicast (one-to-many, e.g., 224.0.0.0/4), broadcast (one-to-all, IPv4 only), anycast (one-to-nearest, e.g., DNS roots), incast (many-to-one bursts causing buffer overflows). Example: Packet header: [IP Version | Header Length | TOS | Total Length | ID | Flags | Fragment Offset | TTL | Protocol | Checksum | Src IP | Dst IP].

  • Layer 4: Transport – Segments/datagrams: TCP (reliable, connection-oriented, ports 0–65535, congestion control) vs. UDP (unreliable, low-latency). QUIC (RFC 9000) over UDP for HTTP/3. Example: TCP handshake: SYN → SYN-ACK → ACK. Ports: 80/HTTP, 443/HTTPS.

  • Layer 5: Session – Manages dialogs: setup/teardown (e.g., RPC, gRPC, NetBIOS). Example: In a video call, Layer 5 tracks session IDs for resuming after drops.

  • Layer 6: Presentation – Data formatting: encryption (TLS/SSL, RFC 8446), compression, serialization (JSON, ASN.1). Example: TLS 1.3 handshakes encrypt data here before app-layer use.

  • Layer 7: Application – User-facing: HTTP/S (RFC 9110 semantics, HTTP/3 over QUIC), DNS, SMTP, SSH, FTP. Example: HTTP GET /index.html → 200 OK response.

  • Layer 8: User/Political (Joke) – Human errors: phishing clicks, "It works on my machine." Example: A misconfigured firewall blocks traffic due to a policy debate.

  • Layer 9: Financial (Joke) – Budget constraints: "No redundancy until next quarter." Example: Skipping dual PSUs leads to outages.

TCP/IP Model (Practical 4-Layer Stack)

Condenses OSI for real-world use:

  • Link (OSI 1–2): Ethernet, ARP/ND, Wi-Fi.
  • Internet (OSI 3): IP, ICMP, routing.
  • Transport (OSI 4): TCP/UDP/QUIC.
  • Application (OSI 5–7): HTTP/3, DNS, TLS.

In 2025, HTTP/3 (RFC 9114) over QUIC dominates for low-latency mobile/streaming.

HTTP Models

HTTP semantics (methods like GET/POST, status 200/404) per RFC 9110. Versions: HTTP/1.1 (text-based, RFC 9112), HTTP/2 (binary multiplexed), HTTP/3 (QUIC-based). Example: HTTP/3 request: QUIC stream carries "GET /" with headers; QUIC handles encryption and loss recovery.

Section 2: Bitwise Operations, Subnetting, and Addressing

Networking math is bitwise—routers AND IPs with masks.

Bitwise Basics

  • AND: Network calculation (IP & mask = network).
  • OR: Set bits (e.g., wildcard masks).
  • XOR: Flip bits (e.g., checksums).
  • Shifts: Efficient multiplication/division by powers of 2.

Example: IP 192.168.10.77 & mask 255.255.255.0 = 192.168.10.0 (network).

Subnetting: Classful vs Classless

  • Classful (Legacy): Fixed prefixes: Class A (/8, 16M hosts), B (/16, 65K), C (/24, 254). Wasteful—e.g., a small org gets 16M addresses.
  • Classless (CIDR): Variable-length subnet masks (VLSM). /13 for ~500K hosts. Modern routing uses CIDR for efficiency.

Formula: Hosts = 2^(32 - prefix) - 2 (subtract network/broadcast).

Worked Example 1: 10.23.200.45/20

  • Mask: 255.255.240.0 (first 20 bits 1s).
  • Third octet: 200 (11001000) & 240 (11110000) = 192 (11000000).
  • Network: 10.23.192.0/20. Broadcast: 10.23.207.255. Hosts: 10.23.192.1–10.23.207.254 (4094 usable).

Worked Example 2 (VLSM): Carve 172.20.0.0/16 into /22, /23, /24, /26.

  • /22: 172.20.0.0–3.255 (1022 hosts).
  • /23: 172.20.4.0–5.255 (510 hosts).
  • /24: 172.20.6.0/24 (254 hosts).
  • /26: 172.20.7.0/26 (62 hosts).

IPv6 Subnetting: Always /64 for subnets (SLAAC needs it). ULA: fd00::/48 → carve /64s.

Common Ranges

  • IPv4 Private (RFC 1918): 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.
  • CGNAT (ISPs): 100.64.0.0/10—don't use on LANs.
  • Loopback: 127.0.0.0/8.
  • Link-Local: 169.254.0.0/16 (DHCP fail-safe).
  • IPv6: ULA fc00::/7 (fd00::/8 common), Link-Local fe80::/10, Loopback ::1, Docs 2001:db8::/32.

Section 3: Core Protocols and Services

DHCP (Dynamic Host Configuration Protocol)

Automates IP assignment via UDP 67 (server)/68 (client). Process: DORA (Discover → Offer → Request → Acknowledge). Relays forward to central servers.

Example Config (ISC DHCP):

subnet 10.10.10.0 netmask 255.255.255.0 {
  range 10.10.10.100 10.10.10.199;
  option routers 10.10.10.1;
  option domain-name-servers 8.8.8.8;
}

DNS and Record Types

Resolves names to IPs via hierarchy: Root → TLD → Authoritative. 2025: DNSSEC widespread, DoH/DoT for privacy.

Record Types:

  • A: Hostname → IPv4 (e.g., example.com A 93.184.216.34).
  • AAAA: Hostname → IPv6 (e.g., AAAA 2606:2800:220:1:248:1893:25c8:1946).
  • MX: Mail server (e.g., MX 10 mail.example.com—priority 10).
  • CNAME: Alias (e.g., www.example.com CNAME example.com).
  • NS: Delegation (e.g., NS ns1.example.com).
  • TXT: Text (e.g., SPF: "v=spf1 mx -all").
  • PTR: Reverse (e.g., 34.216.184.93.in-addr.arpa PTR example.com).
  • SRV: Service (e.g., _sip._tcp.example.com SRV 10 60 5060 sipserver.com).
  • SOA: Zone authority (e.g., serial, refresh timers).
  • Glue Records: A/AAAA for NS in the same zone (avoids loops).
  • DNSSEC Records: RRSIG (signatures), DNSKEY (keys), DS (delegation signer).

Example: dig example.com A → resolves via recursive query.

NAT (Network Address Translation)

Hides private IPs. Types: SNAT/PAT (many-to-one), 1:1 Static, Hairpin. NAT64 for IPv6→IPv4. CGNAT uses 100.64.0.0/10.

Example (nftables SNAT):

nft add table ip nat
nft add chain ip nat postrouting { type nat hook postrouting priority 100 ; }
nft add rule ip nat postrouting oif "eth0" masquerade

VPNs, Proxies, and SOCKS5

  • VPNs: Tunnel traffic (L3/L4). WireGuard: Modern crypto (ChaCha20, Curve25519), UDP-based. Tailscale: WireGuard mesh with NAT traversal via DERP relays.
  • Proxies: Forward requests. HTTP: App-level (e.g., curl -x http://proxy:3128). SOCKS5 (RFC 1928): Generic TCP/UDP relay with UDP associate.
  • Reverse Proxy: Ingress (e.g., Nginx for TLS offload).

WireGuard Example Config (Peer A):

[Interface]
Address = 10.100.0.1/24
PrivateKey = <private>
ListenPort = 51820

[Peer]
PublicKey = <B_public>
AllowedIPs = 10.100.0.2/32
Endpoint = b.example.net:51820

Tailscale Quick Start:

curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

SOCKS5 Test:

ssh -D 1080 user@bastion
curl --socks5 localhost:1080 https://example.com

Section 4: Layer 2 Protocols

Spanning Tree (STP)

Prevents loops: STP (802.1D, slow), RSTP (802.1w, fast), MSTP (802.1s, VLAN-mapped). Use guards (BPDU, Root).

Example Config (Cisco-like):

spanning-tree mode rapid-pvst
spanning-tree vlan 10 priority 4096  # Root bridge

LACP (802.1AX)

Bonds links. Modes: Active/Passive. Hashing: L2/L3/L4.

Linux Example:

ip link add bond0 type bond mode 802.3ad
ip link set enp3s0 master bond0

Wi-Fi (802.11)

Bands: 2.4GHz (crowded), 5GHz (DFS), 6GHz (Wi-Fi 6E/7). Wi-Fi 6 (ax): OFDMA, MU-MIMO. Wi-Fi 7 (be): MLO, 320MHz channels. Security: WPA3 (SAE), OWE (encrypted open).

hostapd Example (WPA3):

ssid=corp-wlan
wpa=2
wpa_key_mgmt=SAE
rsn_pairwise=CCMP
ieee80211w=2  # PMF required

Section 5: Routing Protocols (OSPF and BGP Heavy, with 2025 Trends)

OSPF (Open Shortest Path First)

IGP, link-state. Areas (0 backbone), LSAs (Type 1 Router, 3 Summary). v2 IPv4 (RFC 2328), v3 IPv6 (RFC 5340).

FRR Example:

router ospf
  router-id 10.0.0.1
  network 10.0.0.0/24 area 0

BGP (Border Gateway Protocol)

EGP, path-vector. eBGP (inter-AS), iBGP (intra). Attributes: LOCAL_PREF, AS_PATH, MED. Decision order: Weight → LOCAL_PREF → AS_PATH → etc.

2025 Trends: RPKI/ROV (RFC 6811, validates origins), ASPA (path validation drafts), BGP-LS/SDN, SRv6 (RFC 8986, IPv6 segment routing), EVPN/VXLAN (RFC 8365, DC overlays).

FRR BGP Example with RPKI:

rpki
  rpki cache 192.0.2.9 323
router bgp 65001
  neighbor 203.0.113.2 remote-as 65002
  address-family ipv4 unicast
    validation-state valid accept
    validation-state invalid reject

Section 6: Physical Media and Connectors

Copper Ethernet

  • 10BASE-T: 10Mbps, Cat3, 100m.
  • 100BASE-TX: 100Mbps, Cat5, 100m.
  • 1000BASE-T: 1Gbps, Cat5e, 100m.
  • 10GBASE-T: 10Gbps, Cat6a, 100m.

Fiber

  • Single-Mode (SMF, OS1/OS2): 9µm core, long-haul (80–100km at 10G).
  • Multi-Mode (MMF, OM3/OM4/OM5): 50µm core, short (OM4: 150m at 100G).

Connectors: LC (small), SC (square), ST (bayonet), MPO/MTP (multi-fiber).

Speeds/Distances: 10GBASE-SR (MMF, 300m OM3), 100GBASE-LR4 (SMF, 10km).

IEC Power Cables

  • C13/C14: Standard (10A, servers/switches).
  • C19/C20: High-draw (16A, PDUs). Regional: AU/NZ Type I (AS/NZS 3112).

Section 7: ARP/ND and Addressing Modes

ARP/ND

ARP (RFC 826): IPv4 MAC resolution. ND (RFC 4861): IPv6 equivalent + router discovery.

Example: tcpdump arp shows "Who has 192.168.1.1?"

Addressing Modes

  • Unicast: One-to-one (web browsing).
  • Broadcast: One-to-all (ARP, DHCP on subnet; IPv4 255.255.255.255).
  • Multicast: One-to-many (IPTV, OSPF Hellos; 224.0.0.0/4).
  • Anycast: One-to-nearest (CDNs; RFC 1546).
  • Incast: Many-to-one (DC bursts; mitigate with DCTCP, RFC 8257).

Section 8: Troubleshooting Workflow

Layer-by-Layer:

  • L1: Check lights, cables, polarity. Replace patches.
  • L2: MAC tables, duplex mismatches (ethtool), VLAN tags (tcpdump vlan).
  • L3: Ping/traceroute, ARP table (ip neigh), routes (ip route get).
  • L4–7: nc/curl -v, dig for DNS, firewall rules (nft list).
  • Cross-Layer: Batfish for config validation.

Common: MTU issues (ping -M do -s 1472), ARP expiry (10min default).

Section 9: Hands-On Labs (Verbal Walkthroughs)

These are narrated for listening—pause after each step. Use GNS3 for virtual routing, Docker for containers, Terraform for cloud, Python for scripts, LocalStack for local AWS simulation (toggle to real AWS).

Lab 1: Cables, Power, and ARP (Goal: Verify L1 basics and ARP flow)

Imagine patching two Docker containers. Start with IEC C13 cable to PDU—check PSU LEDs. For ARP:

  1. docker network create testnet
  2. Run two Alpine containers: docker run -it --net testnet --name host1 alpine sh (repeat for host2).
  3. In host1: ping host2.
  4. On host: tcpdump -i br-<net-id> arp—expect "Who has?" request and reply. Troubleshoot: No reply? Check subnet match. Expected: ARP table populates (arp -a).

Lab 2: Switching, VLANs, and STP (Goal: See loop prevention and segmentation)

In GNS3, drop two switches, connect in loop.

  1. Enable RSTP: spanning-tree mode rapid-pvst.
  2. Set root priority low on one.
  3. Add VLAN 10: vlan 10.
  4. Trunk ports: switchport mode trunk.
  5. Pull link—watch reconvergence (<1s). Expected: show spanning-tree shows blocked port. Troubleshoot: Loops? Check BPDUs with tcpdump.

Lab 3: LACP Bonding (Goal: Redundant links)

  1. Linux: ip link add bond0 type bond mode 802.3ad.
  2. Add slaves: ip link set eth1 master bond0.
  3. On switch: Create port-channel. Expected: /proc/net/bonding/bond0 shows active. Pull cable—no downtime.

Lab 4: OSPF Routing (Goal: Dynamic paths)

In GNS3 with FRR containers:

  1. Connect three routers in triangle.
  2. Config: router ospf; network 10.0.0.0/24 area 0.
  3. show ip ospf neighbor—full adjacencies.
  4. Pull link: Routes update via ECMP. Expected: show ip route shows multiple next-hops.

Lab 5: BGP with RPKI (Goal: Secure peering)

  1. Two FRR containers, different AS.
  2. router bgp 65001; neighbor <peer> remote-as 65002.
  3. Add RPKI: rpki cache <validator>.
  4. Advertise prefix: network 203.0.113.0/24. Expected: show bgp summary: Established. Invalid origins rejected.

Lab 6: NAT and DHCP (Goal: Auto-assign and hide IPs)

  1. Docker: dnsmasq for DHCP.
  2. Client: udhcpc -vv—watch DORA.
  3. NAT: nftables masquerade on gateway. Expected: Private IP → public egress.

Lab 7: VPNs and Proxies (Goal: Secure tunnels)

WireGuard:

  1. Gen keys: wg genkey | tee private.key | wg pubkey > public.key.
  2. Config peers, wg-quick up wg0.
  3. Ping tunnel IP. Tailscale: tailscale up—mesh forms. SOCKS5: ssh -D 1080 bastion; curl --socks5 localhost:1080. Expected: Traffic relays securely.

Lab 8: Overlay (VXLAN/EVPN) (Goal: Scale L2 over L3)

In Docker/FRR:

  1. Create VXLAN interfaces.
  2. Map VLAN to VNI 1000.
  3. BGP EVPN: Advertise MAC/IP. Expected: Remote hosts in same "VLAN" communicate.

Lab 9: Cloud VPC with Terraform/LocalStack (Goal: Simulate/real AWS)

Use provided Terraform code (toggle mode="local" or "aws").

  1. docker run localstack.
  2. terraform apply.
  3. Verify: aws --endpoint http://localhost:4566 ec2 describe-subnets. Switch to real AWS: Change var, apply. Expected: VPC with subnets, IGW.

Lab 10: Batfish Validation (Goal: Lint configs)

  1. pip install pybatfish.
  2. Init snapshot with FRR configs.
  3. Query: bfq.reachability()—check flows. Expected: Detects leaks before deploy.

Section 10: Networking Trivia Questions and Answers (With Explanations)

Q1–Q47 as in the conversation—verbose explanations included for each, covering all topics.

(Truncated for brevity in this response, but full list from conversation: e.g., Q20-30 on DNS records, Q31-35 on OSPF/BGP, etc.)

Appendix: References and 2025 Trends

  • RFCs: 1918 (private IPs), 9000 (QUIC), etc.
  • Trends: QUIC everywhere, Zero Trust, EVPN/SRv6 in DCs, RPKI/ASPA for BGP security.
  • Tools: Batfish for validation, FRR for labs.
Raw
guide2.md

Dean’s Ultimate Networking Bible: The 4000-Line Edition (2025)

Last Updated: August 16, 2025, 15:16 AEST (UTC+10)
Mission: Deliver a comprehensive, example-drenched, verbally narrated guide to computer networking, from physical cables to cloud-scale BGP, with hands-on labs using GNS3, Docker, Terraform, Python, AWS, and LocalStack. We’re covering OSI Layers 1–9 (joke layers included), TCP/IP, HTTP/QUIC, bitwise ops, subnetting, classful vs classless, IP ranges, DHCP, spanning tree, routing (OSPF, BGP, 2025 trends like RPKI/ASPA/SRv6), LACP, Ethernet/fiber, addressing modes, Wi-Fi, NAT, VPNs (WireGuard/Tailscale), proxies/SOCKS5, DNS records, IEC power, ARP/ND, troubleshooting, and a massive trivia section. Labs are narrated for listening, with configs, outputs, and debug steps. This is for you to copy, paste, or geek out over—let’s make it epic!

Introduction: Why This Guide?

Networking is the backbone of everything—your Wi-Fi, your cloud apps, the internet itself. This guide is your one-stop shop, starting from bits on copper and scaling to zero-trust overlays in 2025. I’m assuming you’re on Ubuntu 22.04+ with Docker, GNS3, Terraform 1.6+, Python 3.11+, and AWS creds (or LocalStack for local sims). You’re comfy with CLI, maybe a bit of Git, and you’re ready to spin up labs. If a command fails, I’ll tell you how to debug it. Labs use real-world tools: GNS3 for virtual routers, Docker for containers, Terraform for cloud, Python for automation, and LocalStack to mock AWS locally (with a toggle for real AWS). Each lab has a goal, steps, expected output, and troubleshooting tips, narrated like I’m sitting next to you at the terminal.

We’ll cover:

  • OSI Layers 1–9 (joke layers included).
  • TCP/IP and HTTP models (HTTP/3, QUIC).
  • Bitwise math, subnetting, classful vs classless, common ranges.
  • Core protocols: DHCP, DNS (with record types).
  • Layer 2: Spanning tree, LACP, VLANs, Wi-Fi (up to 802.11be/Wi-Fi 7).
  • Layer 3: Routing (OSPF, BGP, 2025 trends like RPKI, ASPA, SRv6, EVPN).
  • Addressing: Unicast, multicast, broadcast, anycast, incast.
  • NAT, VPNs (WireGuard, Tailscale), proxies, SOCKS5.
  • Physical: Ethernet (10Base-T to fiber), connectors, IEC power.
  • Troubleshooting workflows and Batfish for config validation.
  • Labs with GNS3, Docker, Terraform, Python, AWS/LocalStack.
  • A massive trivia section for fun and reinforcement.

This is verbose, example-heavy, and designed to be read aloud or copied into your notes. Let’s dive in!

Section 1: Mental Models – OSI, TCP/IP, and HTTP

Networking models give you a framework to reason about problems. Is it a cable issue (Layer 1)? A routing loop (Layer 3)? A misconfigured app (Layer 7)? Let’s break them down.

1.1 OSI Model (Layers 1–9, Including Joke Layers)

The OSI model is a 7-layer conceptual stack, with two “joke” layers for real-world chaos. Each layer builds on the one below, abstracting complexity.

Layer 1: Physical

What it does: Moves raw bits over media—copper, fiber, or wireless. Think voltages (Ethernet), light pulses (fiber), or radio waves (Wi-Fi).
Components:

  • Cables: Copper (Cat5e, Cat6, Cat6a, Cat7/8), fiber (single-mode OS1/OS2, multimode OM1–OM5).
  • Connectors: RJ-45 (Ethernet), LC/SC/ST/MPO (fiber).
  • Transceivers: SFP (1G), SFP+ (10G), QSFP28 (100G), QSFP-DD/OSFP (400G/800G).
  • Power: IEC C13/C14 (standard), C19/C20 (high-draw).

Example: A 10GBASE-T switch port uses Cat6a cable, 4 twisted pairs, and PAM-16 encoding to hit 10 Gbps over 100m max. Fiber example: 100GBASE-SR4 uses OM4 multimode with MPO-12 connectors for 150m.

Key Specs:

  • Cat6a: 10G @ 100m.
  • OM3 multimode: 10G @ 300m, 100G @ 100m.
  • Single-mode (OS2): 10G @ 40km, 100G @ 10km (with LR4 optics).

Why it matters: A loose LC connector or wrong cable (Cat5e for 10G) kills your link. Always check lights and cable ratings.

Layer 2: Data Link

What it does: Organizes bits into frames, handles MAC addressing, and ensures error-free delivery on a link. Switches live here.
Protocols/Tech:

  • Ethernet (IEEE 802.3): Frames [Dst MAC | Src MAC | EtherType | Payload | FCS].
  • VLANs (802.1Q): Tags frames with 12-bit VLAN ID (1–4094).
  • ARP: Resolves IPv4 to MAC.
  • Spanning Tree (STP, RSTP, MSTP): Prevents loops.
  • LACP (802.1AX): Bonds links for redundancy/bandwidth.
  • Wi-Fi (802.11): Layer 2 over radio.

Example: A switch learns MAC AA:BB:CC:DD:EE:FF on port 5, forwards frames to that port. VLAN 10 tags frames with 0x8100 TPID and VID 10. LACP bonds two 1G links into a 2G logical link.

Why it matters: Misconfigured VLANs or STP loops can tank your LAN. Use show mac address-table to debug.

Layer 3: Network

What it does: Routes packets between networks using logical addresses (IPv4/IPv6). Routers live here.
Protocols/Tech:

  • IP: IPv4 (32-bit), IPv6 (128-bit).
  • ICMP/ICMPv6: Diagnostics (ping, traceroute).
  • Routing: OSPF (link-state), BGP (path-vector).
  • Addressing modes: Unicast (1-to-1), multicast (1-to-many), broadcast (1-to-all, IPv4), anycast (1-to-nearest), incast (many-to-1).

Example: Packet header: [Version | Header Len | TOS | Total Len | ID | Flags | Frag Offset | TTL | Protocol | Checksum | Src IP | Dst IP]. OSPF advertises link-state updates; BGP picks paths based on AS_PATH.

Why it matters: Wrong routes or NAT rules break connectivity. Use traceroute to find path issues.

Layer 4: Transport

What it does: Manages end-to-end delivery with segments (TCP) or datagrams (UDP). Handles ports and reliability.
Protocols:

  • TCP: Connection-oriented, reliable, congestion control. Ports 0–65535 (e.g., 80/HTTP, 443/HTTPS).
  • UDP: Connectionless, low-latency (e.g., DNS, QUIC).
  • QUIC (RFC 9000): UDP-based, replaces TCP+TLS for HTTP/3.

Example: TCP handshake: Client sends SYN, server replies SYN-ACK, client sends ACK. QUIC combines encryption and multiplexing in one layer.

Why it matters: Firewalls block ports; TCP resets signal issues. Check with netstat -tuln.

Layer 5: Session

What it does: Manages session lifecycle: setup, maintenance, teardown.
Protocols: RPC, gRPC, NetBIOS.
Example: A streaming app tracks session IDs to resume after a drop. TLS session tickets live conceptually here.

Why it matters: Session timeouts cause app failures. Debug with app logs or Wireshark.

Layer 6: Presentation

What it does: Formats data: encryption (TLS/SSL, RFC 8446), compression, serialization (JSON, ASN.1).
Example: TLS 1.3 encrypts an HTTP payload; JSON serializes API data.

Why it matters: Broken TLS (e.g., wrong cipher) stops HTTPS. Use openssl s_client to test.

Layer 7: Application

What it does: User-facing protocols: HTTP/S (RFC 9110–9114), DNS, SMTP, SSH, FTP.
Example: HTTP GET /index.html → 200 OK. DNS query: dig example.com A.

Why it matters: App-layer misconfigs (e.g., wrong DNS) are common. Test with curl -v.

Layer 8: User/Political (Joke)

What it is: Human errors—phishing, misclicks, "It works on my machine."
Example: A user opens a phishing email, or a dev skips VLAN tagging.

Why it matters: Train users; enforce policies.

Layer 9: Financial (Joke)

What it is: Budget constraints—cutting corners on redundancy or upgrades.
Example: Single PSU fails because "redundancy is expensive."

Why it matters: Plan for HA; justify costs with outage math.

1.2 TCP/IP Model

A practical 4-layer stack used in real networks:

  • Link (OSI 1–2): Ethernet, Wi-Fi, ARP/ND, VLANs.
  • Internet (OSI 3): IPv4/IPv6, ICMP, routing (OSPF/BGP).
  • Transport (OSI 4): TCP, UDP, QUIC.
  • Application (OSI 5–7): HTTP/3, DNS, TLS, SMTP.

2025 Context: HTTP/3 over QUIC (UDP-based) is mainstream for low-latency apps (mobile, streaming). RFCs: 1122/1123 (host reqs), 9000 (QUIC), 9114 (HTTP/3).

Example: HTTP/3 request uses QUIC streams over UDP port 443, bypassing TCP overhead.

1.3 HTTP Models

HTTP defines web communication:

  • Semantics (RFC 9110): Methods (GET, POST), status (200 OK, 404 Not Found), headers.
  • HTTP/1.1 (RFC 9112): Text-based, keep-alive, pipelining.
  • HTTP/2: Binary, multiplexed streams over TCP.
  • HTTP/3 (RFC 9114): Same semantics over QUIC (UDP), faster for lossy networks.

Example: curl --http3 https://example.com sends QUIC packets, reducing handshake latency.

Section 2: Bitwise Operations, Subnetting, and Addressing

Networking math is bitwise—routers and hosts use AND operations to compute networks and masks.

2.1 Bitwise Operations

  • AND: IP & mask = network address. Example: 192.168.10.77 & 255.255.255.0 = 192.168.10.0.
  • OR: Set bits (e.g., combining flags).
  • XOR: Flip bits (e.g., checksums, crypto).
  • Shifts: Multiply/divide by 2^n (e.g., routing table lookups).

Worked Example:
IP: 192.168.10.77 (11000000.10101000.00001010.01001101)
Mask: /24 = 255.255.255.0 (11111111.11111111.11111111.00000000)
AND: 11000000.10101000.00001010.00000000 = 192.168.10.0 (network).

Python Check:

import ipaddress
ip = ipaddress.ip_address("192.168.10.77")
net = ipaddress.ip_network("192.168.10.0/24")
print(ip in net)  # True

2.2 Subnetting: Classful vs Classless

  • Classful (Legacy, Pre-1993):

    • Class A: /8 (0.0.0.0–127.255.255.255, 16M hosts).
    • Class B: /16 (128.0.0.0–191.255.255.255, 65K hosts).
    • Class C: /24 (192.0.0.0–223.255.255.255, 254 hosts).
    • Problem: Inefficient—Class A too big, Class C too small.

  • Classless (CIDR, RFC 4632): Variable-length subnet masking (VLSM). Use any prefix (/13, /27). Routers aggregate routes (e.g., 10.0.0.0/16 covers 10.0.0.0–10.0.255.255).

Formula: Usable hosts = 2^(32 - prefix) - 2 (subtract network, broadcast).

Worked Example 1: Find network/broadcast for 203.0.113.77/27

  • Mask: 255.255.255.224 (11111111.11111111.11111111.11100000).
  • Block size: 256 - 224 = 32.
  • Subnets: 203.0.113.0, .32, .64, .96, …
  • 77 is in .64–.95.
  • Network: 203.0.113.64. Broadcast: .95. Usable: .65–.94 (30 hosts).

Python Verification:

net = ipaddress.ip_network("203.0.113.64/27")
print(net.network_address, net.broadcast_address)  # 203.0.113.64 203.0.113.95
print(list(net.hosts())[0], list(net.hosts())[-1])  # 203.0.113.65 203.0.113.94

Worked Example 2: VLSM on 172.20.0.0/16 Need: /22 (1022 hosts), /23 (510), /24 (254), /26 (62).

  • /22: 172.20.0.0–3.255.
  • /23: 172.20.4.0–5.255.
  • /24: 172.20.6.0–6.255.
  • /26: 172.20.7.0–7.63.
  • Free: 172.20.8.0–255.255.

Python Script:

net = ipaddress.ip_network("172.20.0.0/16")
subnets = list(net.subnets(new_prefix=22))[:1] + list(net.subnets(new_prefix=23))[1:2] + \
          list(net.subnets(new_prefix=24))[2:3] + list(net.subnets(new_prefix=26))[3:4]
for s in subnets: print(s)
# Output: 172.20.0.0/22, 172.20.4.0/23, 172.20.6.0/24, 172.20.7.0/26

IPv6 Subnetting: Always use /64 for subnets (SLAAC requires it). Example: ULA fd12:3456:789a::/48 → /64s like fd12:3456:789a:1::/64.

2.3 Common IP Ranges

  • IPv4 Private (RFC 1918):
    • 10.0.0.0/8 (16.7M hosts).
    • 172.16.0.0/12 (1M hosts).
    • 192.168.0.0/16 (65K hosts).
  • CGNAT (RFC 6598): 100.64.0.0/10 (ISPs, not for LANs).
  • Loopback: 127.0.0.0/8 (127.0.0.1 common).
  • Link-Local: 169.254.0.0/16 (APIPA, DHCP fail-safe).
  • IPv6:
    • ULA: fc00::/7 (fd00::/8 with 40-bit random ID, RFC 4193).
    • Link-Local: fe80::/10 (mandatory per interface).
    • Loopback: ::1/128.
    • Docs: 2001:db8::/32 (for examples).

Example: A corporate LAN uses 10.0.0.0/8, with /22 per site (e.g., 10.0.4.0/22). CGNAT at an ISP might use 100.64.1.0/24 for customer NAT pools.

Section 3: Core Protocols and Services

These make networks usable—IP assignment, name resolution, and translation.

3.1 DHCP (Dynamic Host Configuration Protocol)

Automates IP assignment via UDP ports 67 (server) and 68 (client). Process: DORA (Discover → Offer → Request → Acknowledge). Relays forward requests across subnets.

Example Config (ISC DHCP):

subnet 10.10.10.0 netmask 255.255.255.0 {
  range 10.10.10.100 10.10.10.199;
  option routers 10.10.10.1;
  option domain-name-servers 8.8.8.8, 1.1.1.1;
  default-lease-time 3600;
  max-lease-time 86400;
}

DHCPv6 (RFC 8415): Assigns IPv6 addresses/prefixes. Coexists with SLAAC (Stateless Address Autoconfiguration).

Lab Example (DNSMasq in Docker):

  1. Create network: docker network create --subnet 172.31.0.0/24 dhcpnet.
  2. Run DNSMasq: docker run -d --net dhcpnet --ip 172.31.0.2 --cap-add=NET_ADMIN jpillora/dnsmasq --dhcp-range=172.31.0.100,172.31.0.199,12h.
  3. Run client: docker run -it --net dhcpnet alpine sh.
  4. In client: udhcpc -i eth0 -vv.
  5. Expected: Client gets 172.31.0.x, default gateway 172.31.0.1, DNS 8.8.8.8.
  6. Debug: docker logs <dnsmasq> shows DORA exchange.

3.2 DNS and Record Types

Resolves names to IPs via a hierarchy: Root → TLD (.com) → Authoritative (example.com). 2025: DNSSEC (signatures), DoH/DoT (encrypted queries) are standard.

Record Types:

  • A: Hostname → IPv4 (e.g., example.com A 93.184.216.34).
  • AAAA: Hostname → IPv6 (e.g., AAAA 2606:2800:220:1::1946).
  • MX: Mail server (e.g., MX 10 mail.example.com).
  • CNAME: Alias (e.g., www.example.com CNAME example.com).
  • NS: Nameserver (e.g., NS ns1.example.com).
  • TXT: Text, often for SPF/DKIM (e.g., "v=spf1 mx -all").
  • PTR: Reverse (e.g., 34.216.184.93.in-addr.arpa PTR example.com).
  • SRV: Service locator (e.g., _sip._tcp.example.com SRV 10 60 5060 sipserver.com).
  • SOA: Zone authority (serial, refresh, retry, expire, min TTL).
  • Glue Records: A/AAAA for NS in same zone (e.g., ns1.example.com A 192.0.2.1).
  • DNSSEC: RRSIG (signatures), DNSKEY (keys), DS (delegation signer).

Example Query:

dig example.com A
# Output: example.com. 3600 IN A 93.184.216.34
dig example.com MX
# Output: example.com. 3600 IN MX 10 mail.example.com

Lab Example (Bind9 in Docker):

  1. Run Bind: docker run -d -p 53:53/udp internetsystemsconsortium/bind9:9.18.
  2. Query: dig @localhost example.com A.
  3. Debug: Check container logs for query handling.

3.3 NAT (Network Address Translation)

Maps private IPs to public. Types:

  • SNAT/PAT: Many-to-one (home routers).
  • 1:1 Static NAT: Fixed mapping.
  • Hairpin NAT: Internal client accesses internal server via public IP.
  • NAT64/DNS64: IPv6-only to IPv4 (RFC 6146/6147).
  • CGNAT: ISP-scale, uses 100.64.0.0/10 (RFC 6598).

nftables Example (PAT):

nft add table ip nat
nft add chain ip nat postrouting { type nat hook postrouting priority 100 ; }
nft add rule ip nat postrouting oif "eth0" ip saddr 10.0.0.0/24 masquerade

Lab Example (NAT in Docker):

  1. Create namespaces: ip netns add in; ip netns add out.
  2. Connect: ip link add veth-in type veth peer name veth-out.
  3. Assign IPs: ip -n in addr add 10.0.0.2/24 dev veth-in; ip -n out addr add 198.51.100.1/24 dev veth-out.
  4. Enable forwarding: sysctl -w net.ipv4.ip_forward=1.
  5. NAT: iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o out0 -j MASQUERADE.
  6. Test: ip netns exec in curl https://example.com.
  7. Expected: Traffic exits via 198.51.100.1. Debug: conntrack -L.

Section 4: Layer 2 Protocols and Wi-Fi

4.1 Spanning Tree Protocol (STP)

Prevents loops in Ethernet networks. Variants:

  • STP (802.1D): Slow convergence (30–50s).
  • RSTP (802.1w): Fast (<1s in some cases).
  • MSTP (802.1s): Maps VLANs to instances for scale.

Guards: BPDU Guard (blocks rogue BPDUs), Root Guard (prevents root takeover).

Example Config (Cisco-like):

spanning-tree mode rapid-pvst
spanning-tree vlan 10,20 priority 4096  # Root
spanning-tree portfast edge default
spanning-tree bpduguard enable

Lab Example (GNS3, Two Switches):

  1. Drag two IOSvL2 switches, connect with two links (loop).
  2. Enable RSTP: spanning-tree mode rapid-pvst.
  3. Set one as root: spanning-tree vlan 1 priority 4096.
  4. Run: show spanning-tree.
  5. Expected: One port blocked. Pull a link—reconvergence in <1s.
  6. Debug: debug spanning-tree events or tcpdump -i eth0 stp.

4.2 LACP (Link Aggregation Control Protocol, 802.1AX)

Bundles links for redundancy/bandwidth. Modes: Active (initiates), Passive (waits). Hashing: L2 (MAC), L3 (IP), L4 (ports).

Linux Example:

ip link add bond0 type bond mode 802.3ad miimon 100 lacp_rate fast
ip link set enp3s0 master bond0
ip link set enp4s0 master bond0
ip addr add 192.168.1.10/24 dev bond0
ip link set bond0 up

Switch Example (Cisco-like):

interface Port-channel1
 switchport mode trunk
interface GigabitEthernet0/1
 channel-group 1 mode active
interface GigabitEthernet0/2
 channel-group 1 mode active

Lab Example (Docker + GNS3):

  1. Run Linux container with two interfaces.
  2. Configure bond0 as above.
  3. On GNS3 switch, create port-channel.
  4. Test: cat /proc/net/bonding/bond0 shows slaves up; pull one cable, traffic continues.
  5. Debug: ethtool bond0 for link state.

4.3 Wi-Fi (802.11, Up to Wi-Fi 7)

Bands:

  • 2.4GHz: Crowded, long range, 20/40MHz channels.
  • 5GHz: More channels, DFS restrictions, 20–160MHz.
  • 6GHz (Wi-Fi 6E/7): Clean spectrum, 20–320MHz.

Standards:

  • Wi-Fi 6 (802.11ax): OFDMA, MU-MIMO, TWT for efficiency.
  • Wi-Fi 7 (802.11be): Multi-Link Operation (MLO), 320MHz channels, 4096-QAM.

Security:

  • WPA3: SAE (stronger than WPA2-PSK), PMF required.
  • OWE: Encrypted open networks (no auth, still secure).

hostapd Example (WPA3 + OWE):

interface=wlan0
ssid=corp-wlan
wpa=2
wpa_key_mgmt=SAE
rsn_pairwise=CCMP
ieee80211w=2  # PMF

# Guest OWE SSID
bss=wlan0_1
ssid=guest-open
owe_transition_ssid=guest-open
wpa_key_mgmt=OWE
rsn_pairwise=CCMP
ieee80211w=2

Lab Example (Wi-Fi Sniffing):

  1. NIC to monitor: iw dev wlan0 set type monitor.
  2. Capture: tcpdump -i wlan0 -I -s0 -w wifi.pcap.
  3. Expected: See beacons, probe requests. Debug: Ensure driver supports monitor mode.

Section 5: Layer 3 Protocols – Routing (OSPF, BGP, 2025 Trends)

5.1 OSPF (Open Shortest Path First)

Type: Link-state, Dijkstra SPF algorithm.
Features: Areas (0 backbone), LSAs (Type 1 Router, 3 Summary, 5 External), ECMP.
Versions: OSPFv2 (IPv4, RFC 2328), OSPFv3 (IPv6, RFC 5340).

FRR Config:

router ospf
 router-id 10.0.0.1
 network 10.0.0.0/24 area 0
 passive-interface eth0
 area 0 range 10.0.0.0/21

Lab Example (GNS3, Three Routers):

  1. Connect routers in triangle (10.0.12.0/30, 10.0.13.0/30, 10.0.23.0/30).
  2. Config OSPF as above.
  3. Run: show ip ospf neighbor.
  4. Expected: Full adjacencies, ECMP routes in show ip route.
  5. Debug: debug ip ospf adj for handshake failures.

5.2 BGP (Border Gateway Protocol)

Type: Path-vector, internet backbone.
Peering: eBGP (between AS), iBGP (within AS, needs full mesh or route reflectors).
Attributes: LOCAL_PREF (outbound), AS_PATH (shortest wins), MED (suggests inbound).
2025 Trends:

  • RPKI/ROV (RFC 6811): Validates prefix origins.
  • ASPA: Path validation (IETF sidrops drafts).
  • BGP-LS: Topology sharing with SDN.
  • SRv6 (RFC 8986): Segment routing over IPv6.
  • EVPN/VXLAN (RFC 8365): Data center overlays.
  • BMP (RFC 7854): Telemetry.

FRR BGP Config with RPKI:

rpki
 rpki cache 192.0.2.9 323  # Routinator
router bgp 65001
 bgp router-id 192.0.2.1
 neighbor 203.0.113.2 remote-as 65002
 neighbor 203.0.113.2 ttl-security hops 2
 address-family ipv4 unicast
  maximum-prefix 200000 80
  neighbor 203.0.113.2 route-map EBGP-IN in
  validation-state valid accept
  validation-state invalid reject
route-map EBGP-IN permit 10
 match community 65001:100
 set local-preference 200

Lab Example (BGP in GNS3):

  1. Two FRR containers: AS 65001, AS 65002.
  2. Config eBGP as above, advertise 203.0.113.0/24.
  3. Run: show bgp summary.
  4. Expected: Established session, valid routes. Debug: show bgp ipv4 uni for RPKI state.

5.3 Addressing Modes

  • Unicast: One-to-one (e.g., HTTP request).
  • Broadcast (IPv4): One-to-all (e.g., ARP, 255.255.255.255).
  • Multicast: One-to-many (e.g., OSPF Hellos, 224.0.0.5; IPv6 ff02::5).
  • Anycast: One-to-nearest (e.g., DNS 8.8.8.8, RFC 1546).
  • Incast: Many-to-one (DC fan-in, mitigated by DCTCP, RFC 8257).

Lab Example (Anycast in GNS3):

  1. Two edge routers advertise 198.51.100.53/32 via OSPF.
  2. Client curls 198.51.100.53.
  3. Expected: Traffic hits nearest router (by metric). Debug: traceroute.

Section 6: Physical Media, Connectors, and Power

6.1 Copper Ethernet

  • 10BASE-T: 10Mbps, Cat3, 100m.
  • 100BASE-TX: 100Mbps, Cat5, 100m.
  • 1000BASE-T: 1Gbps, Cat5e, 100m.
  • 10GBASE-T: 10Gbps, Cat6a, 100m (Cat6: 55m).

TIA-568-B Pinout (RJ-45):

  1. Orange-White
  2. Orange
  3. Green-White
  4. Blue
  5. Blue-White
  6. Green
  7. Brown-White
  8. Brown

6.2 Fiber

  • Single-Mode (SMF, OS1/OS2): 9µm core, 10–100km (10GBASE-LR: 10km).
  • Multi-Mode (MMF):
    • OM3: 10G @ 300m, 100G @ 100m.
    • OM4: 10G @ 400m, 100G @ 150m.
    • OM5: Wideband, 400G @ 150m.

Connectors:

  • LC: Small, SFP/SFP+.
  • SC: Square, older.
  • ST: Bayonet, legacy.
  • MPO/MTP: 12/24-fiber trunks for 40/100/400G.

Transceivers: SFP (1G), SFP+ (10G), QSFP28 (100G), QSFP-DD (400G).

6.3 IEC Power Cables

  • C13/C14: 10A, servers/switches.
  • C19/C20: 16A, PDUs/high-draw.
  • Regional: AU/NZ Type I (AS/NZS 3112, three flat pins).

Checklist: Dual PSUs, separate PDUs, label cables, avoid Y-cords across phases.

Lab Example (Physical Check):

  1. Patch Cat6a cable to switch port.
  2. Verify link light: ethtool eth0.
  3. Check PSU LEDs, ensure C13 seated in PDU.
  4. Expected: Link up, no power alarms. Debug: Swap cable, check TIA-568-B pinout.

Section 7: ARP/ND and Addressing Modes

7.1 ARP (Address Resolution Protocol, RFC 826)

Resolves IPv4 to MAC. Request: "Who has 192.168.1.1?" Reply: "Is-at AA:BB:CC:DD:EE:FF."

7.2 ND (Neighbor Discovery, RFC 4861)

IPv6 equivalent: Neighbor Solicitation/Advertisement, plus router discovery.

Lab Example (ARP/ND Capture):

  1. tcpdump -i eth0 arp or 'icmp6 and ip6[40] == 135'.
  2. Trigger: ping 192.168.1.1 or ping6 fe80::1%eth0.
  3. Expected: ARP request/reply or NS/NA packets. Debug: Check subnet match.

Section 8: Troubleshooting Workflow

Step-by-Step:

  1. Physical (L1): Check link lights, cable seating (RJ-45 pins, LC polarity), PSU status. Use cable tester.
  2. Data Link (L2): show mac address-table, ethtool eth0 for duplex, tcpdump vlan for tags. Check STP state (show spanning-tree).
  3. Network (L3): ping, traceroute, ip neigh for ARP/ND, ip route get <dst>.
  4. Transport/App (L4–7): nc -zv <host> <port>, curl -v --http3, dig @8.8.8.8 example.com.
  5. Policies: Check ACLs (nft list ruleset), VRFs, BGP filters, AWS security groups.
  6. Validation: Use Batfish to simulate flows before changes.

Common Issues:

  • MTU: ping -M do -s 1472 <dst> fails if MTU < 1500.
  • ARP Expiry: 10min default, causes delays.
  • Duplex Mismatch: Collisions, CRC errors (ifconfig shows errors).

Section 9: Hands-On Labs (Verbal Walkthroughs)

These labs are narrated for listening, with detailed steps, outputs, and debug tips. Run on Ubuntu with GNS3, Docker, Terraform, Python, and LocalStack (toggle for real AWS).

Lab 1: Cables, Power, and ARP

Goal: Verify physical connectivity and ARP resolution.
Narration: Alright, mate, grab a Cat6a cable—make sure it’s not some dodgy Cat5e from 2005. Plug it into your switch and host. Check the PSU: IEC C13 should be snug in the PDU, LEDs green. Now let’s see ARP in action.
Steps:

  1. Create Docker network: docker network create --subnet 172.18.0.0/24 testnet.
  2. Run two containers: docker run -it --net testnet --name host1 alpine sh, same for host2.
  3. In host1: ping host2.
  4. On host: tcpdump -i br-<net-id> arp -vv.
  5. Expected: See "Who has 172.18.0.x? Tell 172.18.0.y" → reply with MAC.
  6. Debug: No ARP? Check subnet (ip addr), ensure interfaces up (ip link set eth0 up).

Lab 2: VLANs and Spanning Tree

Goal: Set up VLANs, watch STP block a loop.
Narration: Picture two switches in GNS3, wired in a loop—sounds like a broadcast storm waiting to happen, right? Let’s enable RSTP and VLANs to keep it tidy.
Steps:

  1. In GNS3, drag two IOSvL2 switches, connect with two links.
  2. Config: spanning-tree mode rapid-pvst; vlan 10; interface gi0/1; switchport mode trunk.
  3. Set root: spanning-tree vlan 10 priority 4096 on one switch.
  4. Run: show spanning-tree.
  5. Pull a link (delete in GNS3).
  6. Expected: One port blocked; reconvergence <1s. Debug: debug spanning-tree events or tcpdump stp.

Lab 3: LACP Bonding

Goal: Bond two links for redundancy.
Narration: Let’s double up bandwidth and survive a cable pull. We’re bonding two 1G links into a 2G logical link with LACP.
Steps:

  1. Linux: ip link add bond0 type bond mode 802.3ad miimon 100.
  2. Add interfaces: ip link set enp3s0 master bond0; ip link set enp4s0 master bond0.
  3. IP: ip addr add 192.168.1.10/24 dev bond0; ip link set bond0 up.
  4. Switch (GNS3): interface Port-channel1; switchport mode trunk; interface gi0/1-2; channel-group 1 mode active.
  5. Test: cat /proc/net/bonding/bond0.
  6. Expected: Both links active. Pull one—no drops. Debug: ethtool bond0 for link state.

Lab 4: OSPF Triangle

Goal: Build an OSPF topology with ECMP.
Narration: Three routers, wired in a triangle—OSPF will find the best paths and balance traffic. Let’s watch it converge.
Steps:

  1. In GNS3, connect three FRR containers (10.0.12.0/30, 10.0.13.0/30, 10.0.23.0/30).
  2. Config (r1): router ospf; router-id 1.1.1.1; network 10.0.12.0/30 area 0; network 10.0.13.0/30 area 0.
  3. Run: show ip ospf neighbor.
  4. Expected: Full adjacencies, show ip route shows ECMP. Debug: debug ip ospf adj for handshake issues.

Lab 5: BGP with RPKI

Goal: Secure eBGP peering with RPKI.
Narration: Two ASes, swapping prefixes like internet pros. We’ll add RPKI to block bogus routes—very 2025.
Steps:

  1. Docker Compose: Two FRR containers (AS 65001, AS 65002).
  2. Config (r1): rpki; rpki cache 192.0.2.9 323; router bgp 65001; neighbor 10.0.12.2 remote-as 65002; address-family ipv4 unicast; network 203.0.113.0/24.
  3. Run: show bgp summary.
  4. Expected: Established, valid routes (show bgp ipv4 uni). Debug: Check RPKI state (show bgp rpki summary).

Lab 6: DHCP and NAT

Goal: Assign IPs and NAT traffic.
Narration: Let’s make a mini LAN where clients grab IPs automatically and surf the net through NAT.
Steps:

  1. Network: docker network create --subnet 172.31.0.0/24 dhcpnet.
  2. DNSMasq: docker run -d --net dhcpnet --ip 172.31.0.2 jpillora/dnsmasq --dhcp-range=172.31.0.100,172.31.0.199,12h.
  3. Client: docker run -it --net dhcpnet alpine udhcpc -i eth0 -vv.
  4. NAT (host): iptables -t nat -A POSTROUTING -s 172.31.0.0/24 -o eth0 -j MASQUERADE.
  5. Test: Client pings 8.8.8.8.
  6. Expected: Client gets IP, NAT works. Debug: docker logs dnsmasq, conntrack -L.

Lab 7: VPNs and Proxies

Goal: Tunnel with WireGuard, proxy with SOCKS5.
Narration: Let’s lock down traffic with a WireGuard VPN, then play with SOCKS5 for app-level proxying.
Steps:

  1. WireGuard (Docker):
    • Gen keys: wg genkey | tee private.key | wg pubkey > public.key.
    • Config (peer A): [Interface] Address=10.100.0.1/24 PrivateKey=<private> ListenPort=51820 [Peer] PublicKey=<B_public> AllowedIPs=10.100.0.2/32 Endpoint=b.example.net:51820.
    • Start: wg-quick up wg0.
    • Test: ping 10.100.0.2.
  2. SOCKS5: ssh -D 1080 user@bastion; curl --socks5 localhost:1080 https://example.com.
  3. Expected: Tunnel pings, proxy relays. Debug: wg show for handshakes.

Lab 8: VXLAN/EVPN Overlay

Goal: Stretch L2 over L3 with BGP EVPN.
Narration: Data centers love this—VLANs across racks without messy cables. Let’s build it.
Steps:

  1. Docker/FRR: Two containers, VXLAN interfaces (VNI 1000).
  2. Config: Map VLAN 10 to VNI 1000, enable BGP EVPN.
  3. Test: Hosts in VLAN 10 communicate across racks.
  4. Expected: show bgp l2vpn evpn shows MAC/IP. Debug: tcpdump -i vxlan1000.

Lab 9: AWS/LocalStack VPC

Goal: Deploy VPC with Terraform, toggle local/real AWS.
Narration: Let’s spin up a cloud network, then flip it to real AWS like a boss.
Steps:

  1. LocalStack: docker run -d -p 4566:4566 localstack/localstack.
  2. Terraform (from conversation): providers.tf, main.tf for VPC/subnets/IGW.
  3. Run: terraform apply -var mode=local.
  4. Verify: aws --endpoint http://localhost:4566 ec2 describe-subnets.
  5. Real AWS: terraform apply -var mode=aws.
  6. Expected: VPC with public subnet. Debug: Check Terraform logs, AWS CLI output.

Lab 10: Batfish Validation

Goal: Lint configs before deploying.
Narration: No more late-night outages from typos—Batfish checks your routes.
Steps:

  1. Install: pip install pybatfish.
  2. Snapshot: bf_init_snapshot("/path/to/frr-configs", name="snap1").
  3. Query: bfq.reachability(headers=matchSrc("10.0.12.0/24")).answer().
  4. Expected: Confirms flows or detects leaks. Debug: Check snapshot parsing errors.

Section 10: Networking Trivia Questions and Answers

Here’s a massive trivia set to test your knowledge, with verbose explanations. Perfect for a pub quiz or self-study.

  1. Q: How many layers in the OSI model, including joke layers?
    A: 9 (7 official: Physical, Data Link, Network, Transport, Session, Presentation, Application; plus User, Financial).
    Why: OSI organizes troubleshooting; joke layers remind us humans and budgets break things.

  2. Q: Which RFCs define TCP/IP host requirements?
    A: RFC 1122 (L3–4), RFC 1123 (L5–7).
    Why: These set rules for IP stacks, ensuring interoperability.

  3. Q: Where does TLS encryption fit in OSI?
    A: Layer 6 (Presentation).
    Why: Formats/encrypts data before app use, though TCP/IP blurs lines (TLS over TCP).

  4. Q: Max distance for Cat6a at 10G?
    A: 100m.
    Why: Cat6a handles crosstalk; Cat6 drops to 55m.

  5. Q: Single-mode vs multimode fiber?
    A: Single-mode: 9µm core, 10–100km. Multimode: 50/62.5µm, 100–400m.
    Why: Single-mode for long haul, multimode for short, high-speed DC links.

  6. Q: Common fiber connectors?
    A: LC (SFP), MPO/MTP (40/100G).
    Why: LC is compact; MPO handles multi-fiber trunks.

  7. Q: IEC connectors for switches?
    A: C13/C14 (10A), C19/C20 (16A).
    Why: Match amperage to avoid meltdowns.

  8. Q: Max VLANs in 802.1Q?
    A: 4094.
    Why: 12-bit VID, 0 and 4095 reserved.

  9. Q: What does STP prevent?
    A: Broadcast storms from loops.
    Why: Frames loop forever without STP blocking ports.

  10. Q: WPA3 vs WPA2?
    A: WPA3 uses SAE, stronger against offline attacks.
    Why: WPA2-PSK vulnerable to dictionary attacks.

  11. Q: First Wi-Fi standard with OFDMA?
    A: 802.11ax (Wi-Fi 6).
    Why: Splits channels for multiple users, boosting efficiency.

  12. Q: IPv4 Class B private range?
    A: 172.16.0.0/12.
    Why: RFC 1918 defines private ranges for NAT.

  13. Q: Purpose of 169.254.0.0/16?
    A: Link-local (APIPA) for DHCP failure.
    Why: Auto-assigns IPs when no DHCP server responds.

  14. Q: IPv6 link-local prefix?
    A: fe80::/10.
    Why: Mandatory for ND and routing.

  15. Q: What is anycast?
    A: One address, multiple nodes; routing picks nearest.
    Why: Used for DNS/CDNs (e.g., 8.8.8.8).

  16. Q: Define incast?
    A: Many-to-one traffic overwhelming buffers.
    Why: Common in DCs; mitigated by ECN/DCTCP.

  17. Q: DNS port for TCP vs UDP?
    A: 53 for both. UDP for queries, TCP for transfers.
    Why: TCP handles large responses or zone syncs.

  18. Q: What does QUIC replace?
    A: TCP + TLS for HTTP/3.
    Why: Faster handshakes, UDP-based.

  19. Q: DNS A record purpose?
    A: Maps hostname to IPv4.
    Why: Core of name resolution (e.g., example.com → 93.184.216.34).

  20. Q: AAAA record?
    A: Hostname to IPv6.
    Why: Supports 128-bit addresses.

  21. Q: MX record?
    A: Mail server with priority.
    Why: Directs email (e.g., MX 10 mail.example.com).

  22. Q: CNAME?
    A: Alias to another hostname.
    Why: Simplifies DNS (e.g., www → example.com).

  23. Q: NS record?
    A: Delegates to authoritative nameserver.
    Why: Points to servers hosting the zone.

  24. Q: TXT record use?
    A: Arbitrary text, often SPF/DKIM.
    Why: Validates email senders.

  25. Q: PTR record?
    A: Reverse DNS (IP → name).
    Why: Used for logging, security checks.

  26. Q: SRV record?
    A: Service locator (port, protocol, priority).
    Why: Directs clients to specific services.

  27. Q: SOA record?
    A: Zone metadata (serial, timers).
    Why: Manages zone replication.

  28. Q: Glue records?
    A: A/AAAA for NS in same zone.
    Why: Prevents resolution loops.

  29. Q: DNSSEC adds what records?
    A: RRSIG, DNSKEY, DS.
    Why: Signs zones to prevent poisoning.

  30. Q: OSPF’s algorithm?
    A: Dijkstra SPF.
    Why: Computes shortest paths from link-state DB.

  31. Q: OSPF backbone area?
    A: Area 0.
    Why: All areas connect through it.

  32. Q: iBGP vs eBGP?
    A: iBGP within AS, eBGP between. iBGP needs full mesh or reflectors.
    Why: Split-horizon prevents iBGP loops.

  33. Q: BGP outbound attribute?
    A: LOCAL_PREF.
    Why: Higher value wins for egress path.

  34. Q: BGP inbound influence?
    A: AS_PATH prepend, communities.
    Why: Signals preferences to peers.

  35. Q: RPKI purpose?
    A: Validates BGP prefix origins.
    Why: Stops hijacks (e.g., YouTube 2008 incident).

  36. Q: IPsec ESP vs AH?
    A: ESP: confidentiality + integrity. AH: integrity only.
    Why: ESP is default for VPNs.

  37. Q: Why is WireGuard fast?
    A: Lean code, modern crypto, kernel-based.
    Why: Outperforms IPsec/OpenVPN.

  38. Q: Tailscale’s foundation?
    A: WireGuard + DERP relays + control plane.
    Why: Simplifies NAT traversal.

  39. Q: HTTP vs SOCKS5 proxy?
    A: HTTP understands web; SOCKS5 is generic TCP/UDP.
    Why: SOCKS5 is protocol-agnostic (RFC 1928).

  40. Q: Common proxy ports?
    A: 3128 (Squid), 8080, 1080 (SOCKS).
    Why: Defaults, but configurable.

  41. Q: Duplex mismatch symptoms?
    A: Collisions, CRC errors, low throughput.
    Why: Mismatched full/half-duplex settings.

  42. Q: Ping of death?
    A: Oversized ICMP packet (>65,535 bytes).
    Why: Crashed old stacks in the 90s.

  43. Q: Smurf attack?
    A: Spoofed ICMP echo to broadcast, amplifying replies.
    Why: DDoS tactic, now mitigated.

  44. Q: ARP outside subnet?
    A: No reply; traffic goes to gateway.
    Why: ARP is link-local.

  45. Q: Hosts in 192.168.1.0/26?
    A: 62 usable.
    Why: 2^(32-26) - 2 = 64 - 2.

  46. Q: Max IPv4 TTL?
    A: 255.
    Why: Each hop decrements; traceroute uses this.

  47. Q: Incast mitigation?
    A: ECN, DCTCP, pacing (L4S).
    Why: Prevents buffer overruns in DCs.

Section 11: 2025 Trends and Future-Proofing

  • QUIC/HTTP/3: Standard for web, low-latency UDP-based.
  • Zero Trust: Identity-based security, no perimeter trust.
  • RPKI/ASPA: Secures BGP against hijacks and leaks.
  • EVPN/VXLAN: Replaces VLANs in data centers.
  • SRv6: Path engineering via IPv6 headers.
  • L4S (RFC 9330): Low-latency queuing for interactive apps.
  • eBPF/P4: Programmable packet processing.

Section 12: References

  • RFCs: 826 (ARP), 1122/1123 (TCP/IP), 1918 (private IPs), 1928 (SOCKS5), 2131/2132 (DHCP), 2328 (OSPFv2), 4271 (BGP), 4291 (IPv6), 4861 (ND), 5340 (OSPFv3), 6146/6147 (NAT64), 6598 (CGNAT), 6811 (RPKI), 7854 (BMP), 8365 (EVPN), 8446 (TLS 1.3), 8986 (SRv6), 9000 (QUIC), 9110–9114 (HTTP).
  • Standards: IEEE 802.1Q (VLAN), 802.1D/w/s (STP), 802.1AX (LACP), 802.11ax/be (Wi-Fi 6/7).
  • Vendors: Cisco, Aruba, FS.com for optics/cables.
  • Tools: Batfish, FRRouting, Wireshark, LocalStack.

Appendix: Full Lab Blueprint (Docker Compose for FRR)

docker-compose.yml:

services:
  r1:
    image: frrouting/frr:stable
    privileged: true
    command:
      [
        "bash",
        "-lc",
        "sysctl -w net.ipv4.ip_forward=1; /usr/lib/frr/frrinit.sh start; tail -f /var/log/frr/*",
      ]
    networks:
      net12: { ipv4_address: 10.0.12.1 }
      net13: { ipv4_address: 10.0.13.1 }
    volumes: ["./r1/frr.conf:/etc/frr/frr.conf:ro"]
  r2:
    image: frrouting/frr:stable
    privileged: true
    command:
      [
        "bash",
        "-lc",
        "sysctl -w net.ipv4.ip_forward=1; /usr/lib/frr/frrinit.sh start; tail -f /var/log/frr/*",
      ]
    networks:
      net12: { ipv4_address: 10.0.12.2 }
      net23: { ipv4_address: 10.0.23.2 }
    volumes: ["./r2/frr.conf:/etc/frr/frr.conf:ro"]
  r3:
    image: frrouting/frr:stable
    privileged: true
    command:
      [
        "bash",
        "-lc",
        "sysctl -w net.ipv4.ip_forward=1; /usr/lib/frr/frrinit.sh start; tail -f /var/log/frr/*",
      ]
    networks:
      net13: { ipv4_address: 10.0.13.3 }
      net23: { ipv4_address: 10.0.23.3 }
    volumes: ["./r3/frr.conf:/etc/frr/frr.conf:ro"]
networks:
  net12: { ipam: { config: [{ subnet: 10.0.12.0/24 }] } }
  net13: { ipam: { config: [{ subnet: 10.0.13.0/24 }] } }
  net23: { ipam: { config: [{ subnet: 10.0.23.0/24 }] } }

r1/frr.conf:

frr defaults traditional
router ospf
 network 10.0.12.0/24 area 0
 network 10.0.13.0/24 area 0
router bgp 65001
 neighbor 10.0.12.2 remote-as 65002
 address-family ipv4 unicast
  network 203.0.113.0/24
line vty
Raw
guide3.md

Comprehensive Guide to Computer Networking: From Basics to Advanced (2025 Edition)

Last Updated: August 16, 2025
Overview: This document provides a full, end-to-end explanation of computer networking, compiling all concepts discussed in the conversation. It starts from the fundamentals of the OSI model (layers 1 to 9, including joke layers) and extends to advanced topics such as routing protocols with a focus on OSPF and BGP (including 2025 trends), physical media, addressing modes, Wi-Fi, NAT, VPNs, proxies, SOCKS5, WireGuard, Tailscale, Batfish, IEC power cables, network cable types, speeds, distances, ARP, troubleshooting, DNS and record types. The content is verbose, detailed, and example-heavy, with worked exercises, runnable labs using GNS3, LocalStack, Docker, Terraform, Python, and AWS, verbal walkthroughs for listening, and a trivia section with questions, answers, and explanations. The structure is logical and self-contained for easy copy-pasting and reference.

Introduction

Computer networking is the foundation of modern communication, enabling data exchange from simple local connections to global internet-scale systems. This guide covers everything from the physical transmission of bits to high-level application protocols and 2025 trends like QUIC, RPKI, ASPA, SRv6, and zero-trust architectures. It is designed as a practical resource with examples you can work through, labs you can run, and trivia to test your knowledge. We take the OSI model's joke layers seriously as reminders of real-world challenges. All labs assume a Linux environment (e.g., Ubuntu 22.04+) with tools like Docker, GNS3, Terraform, Python, and access to AWS or LocalStack for simulation.

OSI Model (Layers 1–9, Including Joke Layers)

The OSI (Open Systems Interconnection) model is a conceptual framework for understanding network interactions. It has seven official layers, with two joke layers added for practical realities. Each layer builds on the one below, abstracting complexity.

Layer 1: Physical

The Physical layer deals with the raw transmission of bits over a medium, including signaling, media types, connectors, speeds, distances, and power. It handles how data is converted into electrical, optical, or radio signals.

  • Signaling and Media: Bits are transmitted as voltages (copper), light pulses (fiber), or radio waves (wireless). For copper, differential signaling reduces noise; for fiber, lasers or LEDs modulate light; for wireless, modulation schemes like OFDM are used.

  • Copper Media Types and Standards:

    • 10BASE-T: 10 Mbps over twisted pair (Cat3 or better), max distance 100m.
    • 100BASE-TX: 100 Mbps (Cat5), max 100m.
    • 1000BASE-T: 1 Gbps (Cat5e/Cat6), max 100m, uses all 4 pairs with PAM-5 encoding.
    • 10GBASE-T: 10 Gbps (Cat6/Cat6a), max 55m on Cat6 or 100m on Cat6a, heavy DSP for crosstalk.
    • Higher speeds (25/40GBASE-T): Cat7/Cat8, shorter distances (30m or less), shielded for interference.

  • Fiber Media Types and Standards:

    • Single-Mode Fiber (SMF, OS1/OS2): Small core (8–10 µm), long distances (up to 80–100 km for 10GBASE-LR), uses lasers. Ideal for telecom backhauls.
    • Multimode Fiber (MMF): Larger core (50/62.5 µm), shorter distances (up to 2 km for 10G), uses LEDs. Variants:
      • OM1: 1G up to 275m.
      • OM3: 10G up to 300m, 40/100G up to 100m.
      • OM4: 10G up to 400m, 40/100G up to 150m.
      • OM5: Wideband, supports 400G SWDM up to 150m.

  • Connector Types:

    • Copper: RJ-45 (8P8C) for twisted pair.
    • Fiber: LC (small form-factor, duplex), SC (square push-pull), ST (twist-lock bayonet), MTP/MPO (multi-fiber for parallel optics like 40G SR4).

  • IEC Power Cables:

    • IEC 60320 standards for networking gear.
    • C13 → C14: Standard for PCs, servers, switches (up to ~10–15A, 250V).
    • C19 → C20: Higher-draw (up to ~16–20A, 250V) for core switches, UPS, blade chassis.
    • C7 (figure-8) and C5 (cloverleaf): Low-power adapters.
    • Regional plugs: AU/NZ uses AS/NZS 3112 (Type I, three flat pins) to connect to IEC cables.
    • PDUs (Power Distribution Units): Rack-mounted strips with metering/remote switching; use dual PDUs for redundancy.

  • Speeds and Distances Examples:

    • 10GBASE-T on Cat6a: 10 Gbps at 100m.
    • 100GBASE-LR4 on SMF: 100 Gbps at 10km.
    • 40GBASE-SR4 on OM4 MMF: 40 Gbps at 150m.

  • Worked Example: Calculate effective distance for a 10G link on OM3 MMF. Standard: 300m. But factor in loss (connectors add 0.3dB each); if loss exceeds budget, shorten the run.

  • Troubleshooting at Layer 1: Check link lights, replace cables, verify connector polarity (fiber TX/RX), test with cable certifier. Example: No link? Use ethtool eth0 to check speed/duplex; if mismatched, force negotiation.

Layer 2: Data Link

This layer organizes bits into frames, handles MAC addressing, error detection, and local delivery. It includes Ethernet, Wi-Fi, switches, ARP, VLANs, spanning tree, and LACP.

  • Frames and MAC Addresses: Frames include destination/source MAC (48-bit, e.g., AA:BB:CC:DD:EE:FF), EtherType (e.g., 0x0800 for IP), payload, FCS (checksum). Switches learn MACs to forward frames.

  • ARP (Address Resolution Protocol): Resolves IPv4 to MAC. Request: "Who has 192.168.1.1? Tell 192.168.1.77." Reply: "Is-at AA:BB:CC:DD:EE:FF." (RFC 826).

  • Neighbor Discovery (ND): IPv6 equivalent to ARP, uses ICMPv6 for solicitation/advertisement, plus router discovery (RFC 4861).

  • VLANs (802.1Q): Tags frames with 12-bit VLAN ID (1–4094), TPID 0x8100. Allows segmentation on shared links.

  • Spanning Tree Protocol (STP): Prevents loops. Variants: STP (802.1D, slow 30–50s convergence), RSTP (802.1w, fast <1s), MSTP (802.1s, VLAN-mapped). Guards: BPDU Guard, Root Guard.

  • LACP (802.1AX, formerly 802.3ad): Bonds links into LAG. Modes: Active (initiates), Passive (waits). Hashing by L2/L3/L4 for load balancing.

  • Wi-Fi (802.11): Layer 2 over radio. Bands: 2.4GHz (crowded, long range), 5GHz (DFS, shorter range), 6GHz (clean, Wi-Fi 6E/7). Standards: Wi-Fi 6 (ax: OFDMA, MU-MIMO), Wi-Fi 7 (be: MLO, 320MHz channels). Security: WPA3 (SAE, PMF required), OWE (encrypted open). Roaming: 802.11k/v/r.

  • Worked Example (VLAN Tagging): Frame without VLAN: [Dst MAC | Src MAC | EtherType | Payload | FCS]. With VLAN: [Dst MAC | Src MAC | 0x8100 | VID | EtherType | Payload | FCS]. Example VID 10 in hex: 0x000A.

  • Worked Example (STP Election): Three switches connected in triangle. Lowest bridge ID wins root. Ports transition: blocking → listening → learning → forwarding.

  • Troubleshooting at Layer 2: Duplex mismatch: Check ethtool eth0 for full/half; symptoms: CRC errors. Loop: High CPU from broadcasts. ARP table: ip neigh show.

Layer 3: Network

This layer handles logical addressing and routing packets across networks. It includes IP, ICMP, routing protocols, and addressing modes.

  • IPv4 and IPv6: IPv4 (32-bit, dotted quad), IPv6 (128-bit, hex colon). IPv4 depletion led to NAT; IPv6 has built-in features like ND.

  • Classful vs Classless Addressing:

    • Classful (legacy): Fixed prefixes based on first octet (A /8, B /16, C /24). Wasteful.
    • Classless (CIDR): Variable prefixes (/12, /27). Supports VLSM for efficient allocation.

  • Common Ranges:

    • Private IPv4 (RFC 1918): 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.
    • CGNAT: 100.64.0.0/10 (ISP internal).
    • Loopback: 127.0.0.0/8.
    • Link-local: 169.254.0.0/16.
    • IPv6: ULA fc00::/7 (fd00::/8 random), link-local fe80::/10, loopback ::1, docs 2001:db8::/32 (RFC 4291).

  • Subnetting: Divide networks. Formula: Usable hosts = 2^(32 - prefix) - 2.

    • Worked Example 1: 10.23.200.45/20.

      • Mask: 255.255.240.0.
      • Third octet: 200 & 240 = 192.
      • Network: 10.23.192.0/20, broadcast 10.23.207.255, hosts 10.23.192.1–10.23.207.254 (4094 usable).

    • Worked Example 2 (VLSM): 172.20.0.0/16 into /22, /23, /24, /26.

      • /22: 172.20.0.0–3.255 (1022 hosts).
      • /23: 172.20.4.0–5.255 (510 hosts).
      • /24: 172.20.6.0–6.255 (254 hosts).
      • /26: 172.20.7.0–7.63 (62 hosts).

    • IPv6: Use /64 for subnets (SLAAC requires it). Example: fd12:3456:789a::/48 → fd12:3456:789a:1::/64.

  • Addressing Modes:

    • Unicast: One-to-one (default traffic, e.g., web browsing).
    • Broadcast: One-to-all on subnet (IPv4 only, e.g., 255.255.255.255; used for ARP, DHCP Discover).
    • Multicast: One-to-many (e.g., IPTV, OSPF Hellos; IPv4 224.0.0.0/4, IPv6 ff00::/8).
    • Anycast: One-to-nearest (by routing metric; e.g., DNS roots like 8.8.8.8, announced from multiple POPs; RFC 1546).
    • Incast: Many-to-one (fan-in bursts in data centers, overwhelms buffers; mitigate with ECN/DCTCP, RFC 8257, pacing/L4S, RFC 9330).

  • ICMP: Diagnostics (ping, traceroute). Example: ping uses echo request/reply.

  • Routing Protocols:

    • OSPF (Interior Gateway Protocol): Link-state, Dijkstra SPF, areas (backbone 0), LSAs (Type 1 Router, 3 Summary, 5 External), supports VLSM, fast convergence. v2 IPv4 (RFC 2328), v3 IPv6 (RFC 5340). Area types: normal, stub, NSSA.

      • Worked Example: In a triangle topology, OSPF elects DR/BDR, computes ECMP paths.

    • BGP (Exterior Gateway Protocol): Path-vector, scales the internet. eBGP (inter-AS), iBGP (intra-AS, full mesh or reflectors). Decision order: Weight, LOCAL_PREF, AS_PATH length, ORIGIN, MED, etc. Attributes: Communities (RFC 1997), Large Communities (RFC 8092), ADD-PATH (RFC 7911).

      • 2025 Trends: RPKI/ROV (RFC 6480/6811, validates origins), ASPA (path validation drafts), BGP-LS (SDN topology), SRv6 (RFC 8986, IPv6 segment routing for path control), EVPN/VXLAN (RFC 8365, DC overlays), BMP (RFC 7854, monitoring), Flowspec (RFC 8955, filtering). BGP hijacks remain a risk.

      • Worked Example: eBGP peering: Advertise prefix, set LOCAL_PREF 200 for preferred path.

  • Troubleshooting at Layer 3: ping/traceroute/mtr for reachability, ip route get for path, ip neigh for ARP/ND. Example: No route? Check default gateway.

Layer 4: Transport

Manages end-to-end delivery with segments/datagrams, ports (0–65535), and reliability.

  • TCP: Connection-oriented, reliable, ordered, congestion/flow control. Handshake: SYN → SYN-ACK → ACK. Example: TCP port 80 (HTTP), 443 (HTTPS).

  • UDP: Connectionless, low-latency, no guarantees. Example: UDP port 53 (DNS queries), 67/68 (DHCP).

  • QUIC (RFC 9000): UDP-based, combines TCP reliability + TLS, multiplexing for HTTP/3 (RFC 9114). 2025 heavy use for mobile/streaming.

  • Worked Example: TCP congestion: Slow start doubles window until loss, then AIMD (additive increase, multiplicative decrease).

  • Troubleshooting at Layer 4: netstat -tuln for ports, tcpdump tcp port 443 for flags (SYN, RST).

Layer 5: Session

Manages session establishment, maintenance, and termination. Example: RPC, gRPC, NetBIOS, session IDs in web apps.

Layer 6: Presentation

Handles data formatting, encryption, compression, serialization. Example: TLS/SSL (RFC 8446), JSON, ASN.1, character encoding (UTF-8).

Layer 7: Application

User-facing protocols. Example: HTTP/S (RFC 9110 semantics, HTTP/3 over QUIC), DNS, SMTP, SSH, FTP.

TCP/IP Model

A practical 4-layer alternative to OSI:

  • Link (OSI 1–2): Ethernet, ARP/ND, Wi-Fi.
  • Internet (OSI 3): IP, ICMP, routing.
  • Transport (OSI 4): TCP, UDP, QUIC.
  • Application (OSI 5–7): HTTP/3, DNS, TLS, SMTP.

Host requirements: RFC 1122/1123.

HTTP Models

HTTP defines web interactions:

  • Semantics (RFC 9110): Methods (GET, POST), status (200, 404), headers.
  • HTTP/1.1 (RFC 9112): Text-based, chunked transfer, keep-alive.
  • HTTP/2: Binary, multiplexed over TCP.
  • HTTP/3 (RFC 9114): Over QUIC (UDP), lower latency.

Example: curl --http3 https://example.com uses QUIC for faster handshakes.

Core Protocols and Services

DHCP

Automates IP assignment (RFC 2131). DORA process: Discover (broadcast), Offer, Request, Acknowledge. UDP 67 (server), 68 (client). Relays forward across subnets.

Example Config (ISC DHCP):

subnet 10.10.10.0 netmask 255.255.255.0 {
  range 10.10.10.100 10.10.10.199;
  option routers 10.10.10.1;
  option domain-name-servers 10.10.10.53, 10.10.10.54;
  default-lease-time 3600;
  max-lease-time 86400;
}

DHCPv6 (RFC 8415): For IPv6, coexists with SLAAC.

DNS and Record Types

Resolves hostnames to IPs via hierarchy: Root → TLD → Authoritative. DNSSEC for security, DoH/DoT for privacy (2025 standard).

Record Types:

  • A: Hostname → IPv4 (e.g., example.com A 93.184.216.34).
  • AAAA: Hostname → IPv6 (e.g., AAAA 2606:2800:220:1:248:1893:25c8:1946).
  • MX: Mail exchange (e.g., MX 10 mail.example.com, priority 10).
  • CNAME: Alias (e.g., www.example.com CNAME example.com).
  • NS: Nameserver delegation (e.g., NS ns1.example.com).
  • TXT: Arbitrary text (e.g., SPF "v=spf1 mx -all", DKIM, DMARC).
  • PTR: Reverse (e.g., 34.216.184.93.in-addr.arpa PTR example.com).
  • SRV: Service locator (e.g., _sip._tcp.example.com SRV 10 60 5060 sipserver.example.com, port/protocol/priority/weight).
  • SOA: Zone authority (primary NS, admin email, serial, refresh/retry/expire/min TTL).
  • Glue Records: A/AAAA for NS in same zone to avoid loops.
  • DNSSEC Records: RRSIG (signatures), DNSKEY (keys), DS (delegation signer).

Worked Example: dig example.com A → recursive resolution. For DNSSEC: dig +dnssec example.com.

Layer 2 Protocols

Spanning Tree

Prevents loops. STP (802.1D): Slow convergence. RSTP (802.1w): Fast. MSTP (802.1s): Multiple instances.

Example Config:

spanning-tree mode rapid-pvst
spanning-tree vlan 10 priority 4096 # Root
spanning-tree portfast edge default
spanning-tree bpduguard enable

Worked Example: Triangle topology: Elect root, block one port.

LACP

Bonds links (802.1AX). Active/Passive modes, hashing L2/L3/L4.

Linux Example:

ip link add bond0 type bond mode 802.3ad miimon 100 lacp_rate fast
ip link set enp3s0 master bond0
ip link set enp4s0 master bond0
ip addr add 198.51.100.10/24 dev bond0
ip link set bond0 up

Worked Example: Bond two 1G links, pull one—traffic continues.

Wi-Fi

Bands: 2.4GHz (1/6/11 channels in AU), 5GHz (DFS), 6GHz (Wi-Fi 6E/7). Wi-Fi 6 (ax): OFDMA, MU-MIMO. Wi-Fi 7 (be): MLO, 320MHz. Security: WPA3 (SAE, PMF), OWE. Roaming: 802.11k/v/r.

hostapd Example:

ssid=corp-wlan
wpa=2
wpa_key_mgmt=SAE
rsn_pairwise=CCMP
ieee80211w=2

bss=wlan0_1
ssid=guest-open
wpa_key_mgmt=OWE
rsn_pairwise=CCMP
ieee80211w=2

Worked Example: Channel plan: Use 1/6/11 in 2.4GHz to avoid overlap.

NAT, VPNs, Proxies, SOCKS5

NAT

Types: SNAT/PAT (many-to-one), 1:1, Hairpin, NAT64/DNS64 (IPv6 to IPv4, RFC 6146/6147), CGNAT (100.64.0.0/10, RFC 6598).

nftables Example:

nft add table ip nat
nft add chain ip nat postrouting { type nat hook postrouting priority 100 ; }
nft add rule ip nat postrouting oif "eth0" masquerade

Worked Example: Masquerade 10.0.0.0/24 out eth0; check conntrack -L for mappings.

VPNs

  • IPsec: AH (integrity), ESP (confidentiality + integrity).
  • OpenVPN: User-space, flexible.
  • WireGuard: Kernel, modern crypto (ChaCha20, Curve25519), UDP, minimal code.

WireGuard Config Example (Host A):

[Interface]
Address = 10.100.0.1/24
PrivateKey = <A_private>
ListenPort = 51820

[Peer]
PublicKey = <B_public>
AllowedIPs = 10.100.0.2/32
Endpoint = b.example.net:51820
PersistentKeepalive = 25

Generate keys: wg genkey | tee private.key | wg pubkey > public.key. Start: wg-quick up wg0.

Tailscale: WireGuard + control plane for NAT traversal, MagicDNS, ACLs.

Quick Start:

curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up --ssh --accept-routes
tailscale ip -4; tailscale status

Worked Example: Split-tunnel: AllowedIPs = 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 (RFC 1918 only via VPN).

Proxies and SOCKS5

  • HTTP Proxy: App-level, understands HTTP (CONNECT for TLS).
  • SOCKS5 (RFC 1928): Generic TCP/UDP relay, UDP associate.

Example:

ssh -D 1080 user@bastion # SOCKS5
curl --socks5 localhost:1080 https://example.com

Worked Example: UDP test with socat: socat UDP-RECV:5300 PROXY:127.0.0.1:239.1.1.1:5300,socksport=1080.

Reverse Proxy: Ingress (e.g., Nginx for TLS offload).

ARP and Neighbor Discovery

ARP: Resolves IP to MAC on link (RFC 826). Example: tcpdump arp shows "Who has?" requests.

ND: IPv6 version (RFC 4861), ICMPv6 for solicitation/advertisement.

Worked Example: sudo tcpdump -i eth0 arp → Trigger with ping; see request/reply.

Troubleshooting Workflow

Logical layer-by-layer approach:

  • L1: Link lights, cable seating, polarity, IEC power, PSU LEDs. Test with certifier, ethtool eth0 for speed/duplex.
  • L2: MAC tables (show mac address-table), duplex mismatches (CRC errors), VLAN tags (tcpdump vlan), STP state, LACP status.
  • L3: Ping/traceroute, ARP/ND (ip neigh), routes (ip route get), subnet masks.
  • L4-7: Ports (netstat -tuln), TCP flags (tcpdump tcp), DNS (dig), firewalls (nft list ruleset).
  • Cross-Layer: Batfish for config validation, Python for automation.

Worked Example: Duplex mismatch: ethtool shows half-duplex; symptoms: collisions, low throughput. Fix: force full-duplex.

Heuristics: Breaks at 64KB → MTU. Breaks after 10min → ARP expiry.

Hands-On Labs (Verbal Walkthroughs)

These are narrated as if spoken, for listening while setting up. Labs use GNS3 (virtual topologies), Docker (containers), Terraform (IaC), Python (scripts), LocalStack (AWS simulation), AWS (real cloud).

Lab 1: Cables, Power, and ARP

Goal: Verify physical connectivity and ARP resolution. Verbal Walkthrough: First, the basics: power and cabling. In your lab, use IEC C13 to C14 for switches—check LEDs for dual PSUs on separate PDUs. For cables, use Cat6a for 10G up to 100m. Now ARP: Two Docker containers on a network. When one pings, it sends "Who has IP?" broadcast. Watch with tcpdump. Steps:

  1. docker network create testnet --subnet 172.18.0.0/24
  2. docker run -it --net testnet --name host1 alpine sh (repeat for host2)
  3. In host1: ping host2
  4. Host: tcpdump -i br- arp -vv
  5. Expected: "Who has?" request, reply with MAC. Debug: Check subnet (ip addr), interfaces up.
  6. Extend: Add fiber simulation in GNS3—virtual link with OM4 for 150m 100G.

Lab 2: Switching, VLANs, and Spanning Tree

Goal: Setup VLANs, observe STP loop prevention. Verbal Walkthrough: Drop two switches in GNS3, connect in loop—broadcast storm without STP. Enable RSTP, set root priority. Add VLANs 10/20, trunk ports. Hosts in different VLANs can't talk without router. Steps:

  1. GNS3: Two IOSvL2 switches, two links (loop).
  2. Config: spanning-tree mode rapid-pvst; vlan 10; switchport mode trunk on ports.
  3. Set root: spanning-tree vlan 10 priority 4096 on one.
  4. Show spanning-tree: One port blocked.
  5. Pull link: Reconvergence <1s.
  6. Expected: Root elected, ports alternate/blocking. Debug: tcpdump stp for BPDUs.

Lab 3: Link Aggregation with LACP

Goal: Bond links for redundancy/bandwidth. Verbal Walkthrough: Connect two links host-to-switch. Without LACP, STP blocks one. Enable LACP active, hash L3+L4. Pull cable—no downtime. Steps:

  1. Linux: ip link add bond0 type bond mode 802.3ad miimon 100 lacp_rate fast
  2. Add slaves: ip link set enp3s0 master bond0 (repeat).
  3. IP: ip addr add 198.51.100.10/24 dev bond0; up.
  4. Switch: interface Port-channel1; channel-group 1 mode active on ports.
  5. cat /proc/net/bonding/bond0
  6. Expected: Slaves up, hashing. Debug: ethtool bond0.

Lab 4: Routing with OSPF

Goal: Dynamic routing with ECMP. Verbal Walkthrough: Three FRR containers in triangle. Config OSPF networks in area 0. Adjacencies form, routes populate with multiple next-hops. Pull link—converges to alternate path. Steps:

  1. Docker Compose: Three FRR, networks 10.0.12.0/24, etc.
  2. frr.conf: router ospf; network 10.0.12.0/24 area 0 (repeat).
  3. vtysh -c "show ip ospf neighbor"
  4. Show ip route: ECMP.
  5. Expected: Full adjacencies, balanced paths. Debug: debug ip ospf adj.

Lab 5: Border Routing with BGP

Goal: eBGP peering with policy and RPKI. Verbal Walkthrough: Two AS, config eBGP, advertise prefixes. Add LOCAL_PREF policy. Enable RPKI—invalid origins rejected. Steps:

  1. Docker: r1 (AS65001), r2 (AS65002).
  2. frr.conf: router bgp 65001; neighbor remote-as 65002; network 203.0.113.0/24.
  3. Add rpki cache; validation-state invalid reject.
  4. Show bgp summary: Established.
  5. Expected: Routes with valid state. Debug: show bgp ipv4 uni.

Lab 6: NAT and DHCP

Goal: Assign IPs, NAT private to public. Verbal Walkthrough: DNSMasq for DHCP in Docker. Client requests IP via DORA. NAT with nftables—masquerade traffic out. Steps:

  1. docker network create dhcpnet --subnet 172.31.0.0/24
  2. DNSMasq: docker run -d --net dhcpnet --ip 172.31.0.2 jpillora/dnsmasq --dhcp-range=172.31.0.100,172.31.0.199,12h
  3. Client: docker run -it --net dhcpnet alpine udhcpc -i eth0 -vv
  4. NAT: nft add rule ip nat postrouting oif eth0 masquerade
  5. Test: Client curls external site.
  6. Expected: DORA in logs, NAT connections. Debug: conntrack -L.

Lab 7: VPNs and Proxies

Goal: Tunnel with WireGuard/Tailscale, proxy with SOCKS5. Verbal Walkthrough: WireGuard keys, config peers, ping tunnel. Tailscale for NAT traversal. SOCKS5 with ssh -D, curl through it. Steps:

  1. WireGuard: wg genkey, config wg0, wg-quick up.
  2. Tailscale: tailscale up, check status.
  3. SOCKS5: ssh -D 1080 bastion; curl --socks5 localhost:1080 https://example.com
  4. Expected: Handshake, relayed traffic. Debug: wg show.

Lab 8: Overlay Networks (VXLAN/EVPN)

Goal: Stretch L2 over L3. Verbal Walkthrough: FRR with VXLAN interfaces, map VLAN to VNI, BGP EVPN distributes MAC/IP. Steps:

  1. Docker FRR: Create VXLAN1000, enable EVPN.
  2. Test: Remote hosts in same VLAN communicate.
  3. Expected: show bgp l2vpn evpn shows mappings. Debug: tcpdump vxlan.

Lab 9: Cloud Integration with LocalStack and Terraform

Goal: VPC with subnets, toggle local/real AWS. Verbal Walkthrough: LocalStack docker, Terraform provider with mode var. Create VPC/subnet/IGW. Verify describe-subnets. Switch to AWS. Steps:

  1. docker run localstack
  2. Terraform: variable mode, providers.tf with endpoints for local.
  3. main.tf: aws_vpc lab { cidr_block = "10.0.0.0/16" }
  4. apply -var mode=local
  5. aws --endpoint http://localhost:4566 ec2 describe-subnets
  6. Change mode=aws, apply.
  7. Expected: VPC in both. Debug: Terraform logs.

Lab 10: Troubleshooting Scenarios

Goal: Simulate/debug issues. Verbal Walkthrough: Pull fiber—link down logs. Mis-trunk VLAN—tcpdump untagged drops. Mismatch OSPF areas—no adjacencies. AS_PATH loop—route dropped. Steps:

  1. GNS3: Break link, check logs.
  2. VLAN: tcpdump vlan.
  3. OSPF: show ip ospf neighbor.
  4. BGP: show bgp summary.
  5. Expected: Layer-by-layer diagnosis. Debug: Batfish reachability queries.

Networking Trivia Questions and Answers with Explanations

Verbose trivia section for reinforcement.

Q1. How many layers in OSI, including joke?
A: 9 (7 official + user, financial).
Explanation: OSI organizes protocols; joke layers highlight human/financial issues.

Q2. RFC for TCP/IP hosts?
A: 1122 (L3–4), 1123 (L5–7).
Explanation: Define end-host behavior for interoperability.

Q3. OSI layer for TLS?
A: Presentation (L6).
Explanation: Handles encryption/formatting.

Q4. Cat6a max distance at 10G?
A: 100m.
Explanation: Controls crosstalk; Cat6 limited to 55m.

Q5. Multimode vs single-mode fiber?
A: Multimode: larger core, short distance; single-mode: small core, long distance.
Explanation: Dispersion in multimode limits range.

Q6. Dominant fiber connector?
A: LC duplex for serial, MPO/MTP for parallel.
Explanation: LC compact; MPO for multi-fiber.

Q7. IEC connectors for servers?
A: C13/C14 standard, C19/C20 high-draw.
Explanation: Match amperage to avoid overloads.

Q8. Max VLANs in 802.1Q?
A: 4094.
Explanation: 12-bit ID, reserves 0/4095.

Q9. STP purpose?
A: Prevent Ethernet loops.
Explanation: Blocks redundant paths to stop storms.

Q10. STP vs RSTP vs MSTP?
A: STP slow, RSTP fast, MSTP VLAN-mapped.
Explanation: RSTP <1s convergence; MSTP scales large networks.

Q11. WPA3 replaces what?
A: WPA2-PSK with SAE.
Explanation: Resists dictionary attacks.

Q12. Wi-Fi standard with OFDMA?
A: 802.11ax (Wi-Fi 6).
Explanation: Subdivides channels for multi-user efficiency.

Q13. IPv4 Class B private range?
A: 172.16.0.0/12.
Explanation: RFC 1918 for non-routable IPs.

Q14. 169.254.0.0/16 meaning?
A: APIPA link-local.
Explanation: Auto-config on DHCP fail.

Q15. IPv6 APIPA equivalent?
A: fe80::/10 link-local.
Explanation: Mandatory for ND.

Q16. Anycast?
A: One address, multiple locations; routing picks nearest.
Explanation: Scales DNS/CDNs.

Q17. Incast?
A: Many-to-one buffer overflow in DCs.
Explanation: Mitigate with ECN/DCTCP.

Q18. DNS ports?
A: 53 UDP (queries), TCP (transfers).
Explanation: TCP for large responses.

Q19. QUIC replaces?
A: TCP + TLS over UDP.
Explanation: Low-latency for HTTP/3.

Q20. DNS A record?
A: Hostname to IPv4.
Explanation: Basic resolution.

Q21. AAAA record?
A: Hostname to IPv6.
Explanation: Quad A for 128-bit.

Q22. MX record?
A: Mail exchange with priority.
Explanation: Routes email.

Q23. CNAME?
A: Alias to hostname.
Explanation: Redirects without duplication.

Q24. NS record?
A: Nameserver delegation.
Explanation: Points to authoritative servers.

Q25. TXT record?
A: Text for SPF/DKIM/DMARC.
Explanation: Email security policies.

Q26. PTR record?
A: IP to name (reverse).
Explanation: Logging/validation.

Q27. SRV record?
A: Service locator (port/protocol/priority/weight).
Explanation: e.g., SIP servers.

Q28. SOA record?
A: Zone authority (serial/timers).
Explanation: Manages replication.

Q29. Glue records?
A: A/AAAA for NS in same zone.
Explanation: Breaks circular queries.

Q30. DNSSEC?
A: Adds RRSIG/DNSKEY/DS for signing.
Explanation: Prevents poisoning.

Q31. OSPF algorithm?
A: Dijkstra SPF.
Explanation: Computes paths from link-state.

Q32. OSPF backbone?
A: Area 0.
Explanation: Inter-area connectivity.

Q33. iBGP vs eBGP?
A: iBGP intra-AS, eBGP inter-AS; iBGP split-horizon.
Explanation: Requires reflectors/mesh.

Q34. BGP outbound attribute?
A: LOCAL_PREF.
Explanation: Higher preferred.

Q35. BGP inbound?
A: AS_PATH prepend/communities.
Explanation: Influences peers.

Q36. RPKI?
A: Validates prefix origins.
Explanation: Cryptographic anti-hijack.

Q37. IPsec ESP vs AH?
A: ESP encrypts + authenticates; AH authenticates only.
Explanation: ESP for privacy.

Q38. WireGuard speed?
A: Small code, modern crypto, kernel.
Explanation: Beats legacy VPNs.

Q39. Tailscale base?
A: WireGuard + DERP + control plane.
Explanation: Easy NAT traversal.

Q40. HTTP vs SOCKS5 proxy?
A: HTTP parses web; SOCKS5 forwards raw.
Explanation: SOCKS5 protocol-agnostic.

Q41. Proxy ports?
A: 3128, 8080, 1080.
Explanation: Defaults like Squid.

Q42. Duplex mismatch?
A: Collisions, CRC errors, low throughput.
Explanation: Full/half mismatch.

Q43. Ping of death?
A: Oversized ICMP >65k bytes.
Explanation: Crashed old stacks.

Q44. Smurf attack?
A: Spoofed ICMP to broadcast.
Explanation: Amplification DDoS.

Q45. ARP outside subnet?
A: No response; to gateway.
Explanation: Link-local only.

Q46. Hosts in /26?
A: 62 usable.
Explanation: 64 total -2.

Q47. IPv4 max TTL?
A: 255.
Explanation: Hop decrement.

2025 Trends

QUIC/HTTP/3 mainstream. Zero Trust identity-based. RPKI/ASPA secure BGP. EVPN/VXLAN replace VLANs. SRv6 path control. L4S low-latency. eBPF/P4 programmable networks.

Appendix: Quick Reference and Sources

  • IPv4 Private: 10/8, 172.16/12, 192.168/16.
  • Sources: RFCs (1918, 9000, etc.), IEEE, Wi-Fi Alliance, FRR docs, WireGuard whitepaper, Tailscale.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment