Understand Networking visually

The 7-layer reference model for network communication

The OSI (Open Systems Interconnection) model is a reference model that standardizes communication between different systems into 7 layers. From the physical layer to the application layer, each layer performs its role independently and only communicates with adjacent layers.

A reliable, connection-oriented transport protocol

TCP (Transmission Control Protocol) and IP (Internet Protocol) form the core protocol stack of the internet. TCP establishes connections via a 3-way handshake and detects data loss and out-of-order delivery for retransmission. IP routes each packet to its destination.

Network addressing and subnet design

An IP (Internet Protocol) address is a unique identifier for every device connected to the internet. Subnets divide large networks into purpose-specific segments. CIDR notation (/24, /16, etc.) defines network ranges and creates routing boundaries.

A distributed system that translates domain names to IP addresses

DNS (Domain Name System) is a distributed hierarchical database that translates human-readable domain names (example.com) into computer-usable IP addresses (93.184.216.34). Thousands of name servers worldwide cooperate to provide fast and reliable name resolution.

The common language of the web: a request-response protocol

HTTP (HyperText Transfer Protocol) is the protocol for exchanging data between clients and servers. Methods (GET, POST, PUT, DELETE) express intent, and status codes (200, 404, 500) convey results. HTTPS is the secure version of HTTP with TLS encryption added.

Encryption and identity verification for internet communication

TLS (Transport Layer Security) is a protocol that encrypts communication between client and server and verifies the server's identity through certificates. It's used everywhere sensitive data travels: HTTPS, email (SMTPS), database connections, and more.

The backbone of traffic distribution and high availability

A load balancer distributes incoming network traffic across multiple servers, preventing any single server from being overloaded and providing high availability. Health checks automatically remove failed servers, while clients see a single stable entry point.

Fast content delivery to users worldwide

A CDN (Content Delivery Network) caches content on globally distributed edge servers, delivering it quickly from locations close to users. It reduces origin server load, minimizes network latency, and is also effective for DDoS mitigation.

A traffic filter that guards network boundaries

A firewall allows or blocks network traffic based on predefined rules. It inspects packets by source/destination IP, port, and protocol to protect internal networks from unauthorized access.

An encrypted private network tunnel over the internet

A VPN (Virtual Private Network) creates an encrypted virtual tunnel over the public internet, connecting users or networks as if they were on a private link. It's used for remote workers accessing internal systems, linking branch offices, and connecting on-premises to cloud.

Connectionless transport that favors low latency over retransmission

UDP (User Datagram Protocol) is a transport-layer protocol that sends packets immediately without establishing a connection first. It minimizes ordering, retransmission, and flow-control overhead, so it's commonly used when a little loss matters less than keeping latency low.

A protocol that automatically assigns addresses and network settings to devices

DHCP (Dynamic Host Configuration Protocol) lets a device automatically obtain an IP address, subnet mask, gateway, and DNS server information when it joins a network. That removes the need for humans to configure every device manually, which is why DHCP is fundamental in office Wi-Fi and enterprise networks.

Address translation that bridges private networks to public ones

NAT (Network Address Translation) rewrites internal private IP addresses into externally visible public ones. It lets many private hosts share a smaller set of public addresses, easing IPv4 exhaustion while allowing internal networks to reach the internet without exposing their structure directly.

Network path selection that decides where packets go next

Routing is the process of choosing the next hop for a packet based on its destination address. It stays mostly invisible in a single small network, but once subnets, VPNs, internet gateways, and multiple sites are involved, routing rules determine the real path traffic follows.

Address space design for dividing networks by purpose

A subnet splits one large network into smaller logical segments. CIDR (Classless Inter-Domain Routing) notation lets you define network ranges in flexible sizes like /24 or /20. Devices within the same subnet communicate directly without a router, while reaching another subnet requires a routing table. These boundaries become the basic unit for security rules, traffic paths, and access control.

A technology for logically separating networks on a physical switch

A VLAN (Virtual Local Area Network) makes a single physical switch behave as multiple independent networks. By isolating traffic based on ports or tags, devices on the same switch but in different VLANs cannot communicate directly. Communication between VLANs requires a Layer 3 router.

A logical door number that distinguishes services on a server

A port is a logical number that lets multiple services run simultaneously on a single IP address by distinguishing each service. Port numbers range from 0 to 65535, with well-known ports (0--1023) assigned to standard services like HTTP (80), HTTPS (443), and SSH (22). When a client connects to a server, it opens an ephemeral port and sends requests to a specific port on the server.

A protocol that resolves IP addresses to MAC addresses within the same network

ARP (Address Resolution Protocol) finds the physical MAC address corresponding to a destination IP address within the same local network (LAN). Sending an Ethernet frame requires the destination MAC address, so when only the IP is known, ARP broadcasts a query to discover the target device's MAC.

An intermediary layer that relays requests between clients and servers

A proxy is a structure where clients and servers do not communicate directly but go through an intermediary server. A forward proxy controls outbound access from the client side, while a reverse proxy receives incoming requests on the server side and distributes them to backend servers. Functions like caching, access control, TLS termination, and routing can be handled at this middle layer instead of in each application.

A protocol that upgrades from HTTP to bidirectional real-time communication

WebSocket starts with an HTTP upgrade handshake and establishes a full-duplex communication protocol where both client and server can send messages simultaneously over a single TCP connection. It solves the limitations of HTTP's request-response model in scenarios where the server needs to push data first, such as chat, real-time notifications, stock tickers, and collaborative editing.

A protocol providing encrypted shell access and file transfer to remote servers

SSH (Secure Shell) is an encrypted protocol for securely connecting to remote servers to execute commands and transfer files. It establishes an encrypted channel over TCP port 22 through key exchange and authentication, handling shell sessions, file transfers (SCP/SFTP), and port forwarding over a single connection.

A control protocol for network diagnostics and error reporting

ICMP (Internet Control Message Protocol) is a protocol for reporting error conditions and exchanging diagnostic information on IP networks. It lets you check host reachability with ping, trace the path packets take with traceroute, and reports network errors like destination unreachable back to the sender.

The LAN standard for delivering data between devices in frame units within the same network

Ethernet is the standard that defines how devices on the same local network (LAN) exchange data. Each device has a unique MAC address, and Ethernet delivers data units called frames to their destination based on these MAC addresses. It corresponds to the Data Link layer (Layer 2) of the OSI model, and IP packets travel inside Ethernet frames when crossing actual cable or wireless segments.

The internet's routing protocol for exchanging paths between autonomous systems

BGP (Border Gateway Protocol) is the protocol that exchanges route information between autonomous systems (AS), the independent network units that make up the internet. ISPs, large enterprises, and cloud providers each operate their own networks, and BGP connects them while making policy-driven decisions about which paths traffic should take.