Introduction :

Networking is the backbone of the internet and plays a crucial role in DevOps. Whether it's managing servers, deploying applications, or ensuring smooth communication between different services, understanding networking is essential for any DevOps engineer.

In Week 1 of my 90 Days of DevOps Challenge, I focused on learning the fundamentals of networking. I explored how the internet works, different types of networks, important protocols, IP addresses, and cloud networking concepts. I also did hands-on work by launching an AWS EC2 instance and testing various networking commands.

If you’ve found this blog, consider it a guide to learning networking for DevOps. I’ve structured it in a way that will help beginners understand the concepts step by step, along with practical exercises.

Through this blog, I’ll share what I learned in Week 1, covering both theoretical concepts and practical applications. If you're new to DevOps or want to strengthen your networking skills, this will be a great starting point! 🏁

Basics of Networking :

How the Internet Works?

The internet is a vast network that connects millions of devices worldwide. It allows computers, smartphones, and servers to communicate with each other using standardized protocols.

Here’s a simple breakdown of how data travels over the internet:

1. When you visit a website, your browser sends a request to a server.

2. The request travels through routers, switches, and other networking devices.

3. The server processes the request and sends back the necessary data (webpage, images, etc.).

4. The data is transmitted in small packets, which follow different routes to reach your device.

5. Your browser receives the packets, assembles them, and displays the content.

This entire process happens in milliseconds, thanks to networking technologies!

Types of Networks: WAN, MAN, LAN, PAN

Networking is classified into different types based on the size and range of the network:

• PAN (Personal Area Network) – Smallest network, connects personal devices like Bluetooth headphones, smartwatches, or a hotspot.

• LAN (Local Area Network) – Used in homes, offices, or schools to connect multiple computers within a limited area using routers and switches.

• MAN (Metropolitan Area Network) – Covers a larger area than LAN, typically used by cities or large campuses.

• WAN (Wide Area Network) – The largest type, used to connect networks over long distances, like the internet itself.

💡 Example: Your home Wi-Fi is a LAN, while the entire internet is a WAN!

Understanding OSI Model vs. TCP/IP Model

Networking works based on structured models that define how data is transmitted and received. The two most important models are:

OSI Model (7 Layers) :

The OSI (Open Systems Interconnection) Model is a theoretical framework that describes how network communication happens in seven layers:

1. Physical Layer – Deals with actual hardware (cables, switches, signals).

2. Data Link Layer – Manages data transfer between connected devices (MAC addresses, Ethernet).

3. Network Layer – Handles routing of data using IP addresses.

4. Transport Layer – Ensures data is delivered correctly (TCP, UDP).

5. Session Layer – Manages sessions (opening, closing, and maintaining connections).

6. Presentation Layer – Converts data into readable formats (encryption, compression).

7. Application Layer – The user interacts with this layer (HTTP, FTP, Email, etc.).

💡 Think of the OSI Model as a layered cake 🍰, where each layer has a specific role in communication.

TCP/IP Model (5 Layers) :

The TCP/IP (Transmission Control Protocol/Internet Protocol) Model is a practical model used for real-world networking. It simplifies the OSI model into five layers:

1. Application Layer – Combines OSI’s application, presentation, and session layers.

2. Transport Layer – Handles end-to-end communication (TCP, UDP).

3. Internet Layer – Manages IP addressing and routing.

4. Data Link Layer – Responsible for direct data transfer between devices (Ethernet, Wi-Fi, MAC addressing).

5. Physical Layer – Deals with hardware transmission (cables, network interfaces, signals).

💡 Key Difference:

• The OSI model is a conceptual framework, while the TCP/IP model is actually used in the internet and networking today.

• The Data Link Layer in TCP/IP is sometimes merged with the Physical Layer, but it is essential for managing communication between devices at the hardware level.

Important Protocols and Ports in DevOps :

Understanding networking protocols and ports is essential for DevOps engineers, as they help in communication between different systems, servers, and services. Below is a comprehensive list of 24 important networking protocols along with their ports and significance in DevOps.

Key Networking Protocols in DevOps (24 Protocols)

Why Are These Protocols & Ports Important for DevOps?

✅ Server Management – SSH enables secure server access, while RDP is useful for Windows-based systems.
✅ Networking & Troubleshooting – ICMP helps with connectivity testing, and SNMP is crucial for network monitoring.
✅ Web Hosting & Security – HTTP/HTTPS are the backbone of web applications, and DNS ensures proper domain resolution.
✅ Database Connectivity – MySQL, PostgreSQL, and Redis ports are essential for backend services.
✅ File Transfers & Remote Access – FTP, SFTP, and Telnet play a role in managing remote systems and transferring files.
✅ Monitoring & Logging – Prometheus and Grafana are key tools for DevOps observability.

Understanding Addresses

In networking, addresses play a crucial role in identifying devices, ensuring communication, and maintaining security. Let’s break down the different types of addresses and their significance in DevOps.

IP Addressing (IPv4 vs. IPv6)

An IP Address (Internet Protocol Address) is a unique identifier assigned to each device connected to a network.

IPv4 (Internet Protocol Version 4)

• Format: 32-bit address (e.g., 192.168.1.1)

• Total Addresses: ~4.3 billion

• Notation: Dotted decimal (e.g., 192.168.1.1)

• Limitation: Exhaustion of available addresses

IPv6 (Internet Protocol Version 6)

• Format: 128-bit address (e.g., 2001:0db8:85a3::8a2e:0370:7334)

• Total Addresses: 340 undecillion (virtually unlimited)

• Notation: Hexadecimal separated by colons (e.g., fe80::1)

• Advantage: Larger address space, better security (IPSec by default), and no need for NAT (Network Address Translation)

IPv6 is the future of networking due to its infinite address space and improved performance over IPv4.

MAC Address and How It Works

A MAC Address (Media Access Control Address) is a physical address assigned to a device’s network interface card (NIC).

Format: 48-bit address (e.g., 00:1A:2B:3C:4D:5E)
Usage: Identifies devices in a local network (LAN)
Static & Unique: Assigned by the manufacturer and cannot be changed

How It Works?

• When a device connects to a network, it uses its MAC Address to communicate within the local network.

• The ARP (Address Resolution Protocol) translates IP addresses to MAC addresses to enable communication.

Public vs. Private IPs

Public IP Address

• Accessible from the internet 🌍

• Assigned by ISPs (Internet Service Providers)

• Used for web servers, cloud services, and other internet-facing applications

• Example: 8.8.8.8 (Google’s DNS)

Private IP Address

• Used within local networks 🏠

• Not routable on the internet

• Assigned by routers to internal devices

• Common private IP ranges:

  • 10.0.0.0 – 10.255.255.255

  • 172.16.0.0 – 172.31.255.255

  • 192.168.0.0 – 192.168.255.255

Why Are Private IPs Used?

• Security: Devices inside a private network are not directly exposed to the internet.

• Address Conservation: Allows multiple devices to use the same public IP via NAT (Network Address Translation).

Subnetting Basics

Subnetting is the process of dividing a large network into smaller sub-networks (subnets) to improve efficiency, security, and performance.

Why Subnet?
✅ Reduces network congestion
✅ Improves security by isolating network segments
✅ Helps in efficient IP address allocation

Subnet Mask Example:

• IP Address: 192.168.1.10

• Subnet Mask: 255.255.255.0

• Network ID: 192.168.1.0

• Host Range: 192.168.1.1 – 192.168.1.254

CIDR Notation:
Instead of writing the full subnet mask, we use CIDR (Classless Inter-Domain Routing) notation:

• /8 = 255.0.0.0

• /16 = 255.255.0.0

• /24 = 255.255.255.0

Example:
192.168.1.10/24 → This means 256 addresses are available (192.168.1.0 – 192.168.1.255).

Why Is Addressing Important in DevOps?

✅ Configuring Servers & Networking – IP addressing ensures proper connectivity and communication.
✅ Cloud & On-Prem Deployments – Public vs. Private IPs play a key role in AWS, Azure, GCP setups.
✅ Security & Access Control – Proper subnetting and MAC address filtering enhance security.
✅ Optimizing Performance – Efficient use of IPs prevents unnecessary network congestion.

Understanding addresses helps DevOps engineers efficiently set up networks, troubleshoot issues, and deploy scalable infrastructures.

On-Premise vs. Cloud Servers

When setting up infrastructure, organizations have two main options: On-Premise Servers and Cloud Servers. Let’s explore their differences and why cloud computing is the preferred choice in DevOps.

Difference Between On-Premise and Cloud-Based Servers

Why Cloud is Preferred in DevOps?

DevOps focuses on automation, scalability, and efficiency. Cloud computing aligns perfectly with these principles.

✅ Rapid Deployment – Cloud servers can be set up within minutes, unlike on-premise setups that take weeks.
✅ Cost-Efficient – Pay only for what you use (pay-as-you-go model), reducing waste and optimizing expenses.
✅ Scalability – Easily scale infrastructure up or down based on demand.
✅ Automation & CI/CD – Cloud providers offer seamless integration with CI/CD pipelines for faster software delivery.
✅ High Availability & Disaster Recovery – Built-in redundancy, failover mechanisms, and automated backups ensure minimal downtime.
✅ Remote Access & Collaboration – DevOps teams can work from anywhere, making remote work more effective.
✅ Security & Compliance – Major cloud providers offer security best practices, encryption, and compliance with regulations.

DevOps + Cloud = Faster, More Efficient, and Scalable Deployments! 🚀

Cloud Providers Overview (AWS, Azure, GCP)

There are three major cloud service providers that dominate the market:

1. Amazon Web Services (AWS)

✅ Market Leader (~33% market share)
✅ Wide range of services (Compute, Storage, AI, Networking, etc.)
✅ Common services:

• EC2 (Virtual Machines)

• S3 (Storage)

• RDS (Databases)

• Lambda (Serverless computing)
  ✅ Used by Netflix, Airbnb, NASA, and many more

2. Microsoft Azure

✅ Strong enterprise adoption (~22% market share)
✅ Best for companies using Microsoft products (Windows Server, Active Directory)
✅ Common services:

• Azure Virtual Machines (Compute)

• Azure Blob Storage (Storage)

• Azure DevOps (CI/CD Pipelines)

• Azure Kubernetes Service (AKS)
  ✅ Used by LinkedIn, Adobe, BMW

3. Google Cloud Platform (GCP)

✅ Best for AI/ML & big data analytics (~11% market share)
✅ Common services:

• Compute Engine (Virtual Machines)

• Cloud Storage (Object storage)

• BigQuery (Data analytics)

• Google Kubernetes Engine (GKE)
  ✅ Used by Spotify, Twitter, PayPal

Conclusion

• On-Premise servers provide full control but are costly and hard to scale.

• Cloud servers offer flexibility, automation, and scalability, making them ideal for DevOps workflows.

• AWS, Azure, and GCP are the top cloud providers, each with its strengths.

For DevOps Engineers, mastering cloud platforms is essential! Would you like a hands-on guide on setting up an AWS EC2 instance? 😊

Network Topologies

Network topology refers to the arrangement of devices (nodes) in a network and how they communicate with each other. Choosing the right topology is essential for performance, scalability, and fault tolerance in a system's architecture.

Types of Network Structures

1. Bus Topology 🚌

• Structure: All devices are connected to a single central cable (backbone).

• Pros: Easy to set up, cost-effective, requires less cabling.

• Cons: If the backbone fails, the entire network goes down; difficult to troubleshoot.

• Example: Used in early Ethernet networks.

2. Star Topology ⭐

• Structure: All devices connect to a central hub or switch.

• Pros: High reliability (if one device fails, others continue working), easy to manage.

• Cons: If the central hub fails, the entire network is affected.

• Example: Most modern LANs (Wi-Fi routers use a star topology).

3. Ring Topology 🔁

• Structure: Each device is connected to exactly two other devices, forming a loop.

• Pros: Predictable data transmission, no data collisions.

• Cons: If one device fails, the entire network can break unless a dual-ring structure is used.

• Example: Used in older fiber networks (Token Ring networks).

4. Mesh Topology 🕸️

• Structure: Every device is connected to multiple other devices, creating a web-like structure.

• Pros: Highly fault-tolerant, multiple paths for data transmission.

• Cons: Expensive due to high cabling and hardware requirements.

• Example: Used in military communication and data centers.

5. Hybrid Topology 🔄

• Structure: A combination of two or more topologies (e.g., a mix of Star and Mesh).

• Pros: Flexible, scalable, can be optimized based on requirements.

• Cons: Complex setup and management.

• Example: Large enterprise networks with multiple buildings and departments.

Importance of Network Topologies in System Architecture

✅ Performance Optimization – The right topology ensures efficient data flow and minimal delays.
✅ Scalability – Networks can be expanded easily without affecting existing connections.
✅ Fault Tolerance & Redundancy – Some topologies (like Mesh) ensure reliability by providing multiple data paths.
✅ Cost Management – Choosing an optimal topology helps in reducing infrastructure and maintenance costs.
✅ Security Considerations – Properly structured networks enhance security by segmenting sensitive data.

Conclusion

Network topology plays a crucial role in designing scalable, efficient, and secure network infrastructures. For DevOps and cloud engineers, understanding these structures helps in designing fault-tolerant and high-performance systems.

Want to see real-world examples of these topologies in cloud computing? Let me know! 😊

You're absolutely right to ask that question! Let me clarify and correct the explanation. The Presentation Layer is indeed the 6th layer in the OSI Model, not the second. I misspoke earlier, so let me rewrite the section with the correct order and a clearer explanation. Here's the revised version:

Structure of OSI & TCP/IP Models

When it comes to networking, two models help us understand how data travels from one device to another: the OSI Model and the TCP/IP Model. Think of these models as instruction manuals that explain how your message (like an email or a website request) gets from your computer to a server and back.

Let’s break them down in simple terms:

OSI Model (7 Layers)

The OSI Model is like a detailed, step-by-step guide for how data moves across a network. It has 7 layers, each with a specific job. Here’s how it works, from the bottom up:

1. Physical Layer:

   • This is the actual hardware—cables, Wi-Fi signals, and switches.

   • It’s like the roads and highways that your data travels on.

2. Data Link Layer:

   • This layer makes sure data gets to the right device on your local network using MAC addresses (a unique ID for each device).

   • Think of it as the postal service that delivers mail to the correct house on your street.

3. Network Layer:

   • This layer handles IP addresses and routing. It figures out the best path for your data to travel across different networks.

   • It’s like a GPS that guides your data to its destination.

4. Transport Layer:

   • This layer ensures your data arrives safely and in the right order. It uses protocols like TCP (reliable but slower) and UDP (faster but less reliable).

   • Imagine it as a delivery person who double-checks that your package isn’t damaged or missing.

5. Session Layer:

   • This layer manages the connection between devices. It starts, maintains, and ends the conversation.

   • It’s like a phone call—it sets up the call, keeps it going, and hangs up when you’re done.

6. Presentation Layer:

   • This layer translates data into a format that applications can understand. It handles things like encryption, compression, and data formatting.

   • Think of it as a translator who makes sure both sides can understand each other. For example, it might convert a file into a PDF or encrypt data for security.

7. Application Layer:

   • This is the layer you interact with directly. It includes protocols like HTTP (for websites) and FTP (for file transfers).

   • It’s like the apps on your phone—they’re what you see and use every day.

TCP/IP Model (4 Layers)

The TCP/IP Model is a simpler, real-world version of the OSI Model. It combines some of the layers and is what actually powers the internet. Here’s how it works:

1. Network Interface Layer:

   • This combines the Physical and Data Link layers. It’s all about the hardware and local network.

   • It’s like the foundation of a house—everything else is built on top of it.

2. Internet Layer:

   • This layer handles IP addresses and routing. It’s responsible for getting your data from one network to another.

   • Think of it as the postal service that delivers mail across cities and countries.

3. Transport Layer:

   • This is the same as the OSI Transport layer. It ensures data arrives safely using TCP or UDP.

   • It’s like the delivery person who makes sure your package gets to the right address.

4. Application Layer:

   • This combines the Session, Presentation, and Application layers from the OSI Model. It’s where apps like your browser or email client live.

   • It’s the part of the house where you actually live and interact—like the living room or kitchen.

Why Do These Models Matter?

• The OSI Model is great for learning and troubleshooting because it breaks everything down into detailed steps.

• The TCP/IP Model is what’s actually used in the real world. It’s simpler and more practical.

Both models help us understand how data moves across networks, which is essential for everything from browsing the web to deploying applications in DevOps.

Absolutely! Let’s take a deep dive into the TCP/IP layers. The TCP/IP model is the backbone of modern networking, and understanding its layers is crucial for anyone in DevOps. I’ll break it down in simple terms, layer by layer, and explain what happens at each stage. Ready? Let’s go! 🚀

Deep Dive into TCP/IP Layers 🌐

The TCP/IP Model has 4 layers, each with a specific role in ensuring data gets from one place to another. Think of it as a relay race where each layer passes the baton (data) to the next until it reaches its destination. Here’s how it works:

1. Application Layer 🖥️

This is the layer you interact with directly. It’s where applications like your web browser, email client, or file transfer tools live. Here’s what happens at this layer:

• What It Does:

  • Handles high-level protocols like HTTP, FTP, SMTP, and DNS.

  • Ensures data is presented in a format that applications can understand.

• Examples:

  • When you type a website address (like google.com) into your browser, the Application Layer uses HTTP/HTTPS to request the webpage.

  • When you send an email, it uses SMTP (Simple Mail Transfer Protocol) to deliver it.

• Key Protocols:

  • HTTP/HTTPS: For web browsing.

  • FTP: For file transfers.

  • DNS: For translating domain names to IP addresses.

  • SMTP: For sending emails.

2. Transport Layer 🚚

The Transport Layer is like the delivery person who ensures your data arrives safely and in the right order. It uses two main protocols: TCP and UDP.

• What It Does:

  • Breaks data into smaller chunks called segments.

  • Ensures data is delivered reliably (with TCP) or quickly (with UDP).

• TCP (Transmission Control Protocol):

  • Reliable but slower: TCP checks if data arrived correctly and resends it if needed.

  • Used for things like loading webpages or sending emails.

• UDP (User Datagram Protocol):

  • Fast but less reliable: UDP sends data without checking if it arrived.

  • Used for real-time applications like video calls or online gaming.

• Key Concepts:

  • Port Numbers: Help identify which application should receive the data (e.g., port 80 for HTTP, port 22 for SSH).

  • Error Checking: Ensures data isn’t corrupted during transmission.

3. Network Layer 🌍

The Network Layer is like the GPS for your data. It figures out the best path for your data to travel across networks.

• What It Does:

  • Handles IP addressing and routing.

  • Breaks data into packets and adds source and destination IP addresses.

• Key Protocols:

  • IP (Internet Protocol): Assigns IP addresses to devices and routes packets.

  • ICMP (Internet Control Message Protocol): Used for error reporting and diagnostics (e.g., the ping command).

• How It Works:

  • When you send data, the Internet Layer adds an IP header to each packet, which includes the source and destination IP addresses.

  • Routers use this information to forward packets to the correct network.

4. Physical Layer 🔌

This is the "physical" layer where data is transmitted over cables, Wi-Fi, or other hardware.

• What It Does:

  • Handles the actual transmission of data over physical media.

  • Converts data into electrical, optical, or radio signals.

• Key Components:

  • Ethernet Cables: For wired connections.

  • Wi-Fi: For wireless connections.

  • MAC Addresses: Unique identifiers for network devices.

• How It Works:

  • Data is broken into frames and sent over the network.

  • Devices use MAC addresses to identify each other on the local network.

How the Layers Work Together 🤝

Let’s say you’re loading a website. Here’s how the TCP/IP layers work together:

1. Application Layer: Your browser sends an HTTP request for the webpage.

2. Transport Layer: The request is broken into segments, and TCP ensures it’s delivered reliably.

3. Internet Layer: IP addresses are added, and the data is routed across the internet.

4. Network Interface Layer: The data is converted into signals and sent over the network.

At the destination, the process happens in reverse:

• The server receives the signals, reassembles the data, and sends back the webpage.

Why Is This Important in DevOps? 🛠️

Understanding the TCP/IP layers helps you:

• Troubleshoot network issues: If a website isn’t loading, you can check if the problem is at the Application Layer (e.g., DNS issue) or the Transport Layer (e.g., port blocked).

• Optimize performance: For example, using UDP for real-time applications or TCP for reliable data transfer.

• Secure your systems: By understanding how data flows, you can implement firewalls, encryption, and other security measures at the right layers.

Absolutely! Let’s dive into the AWS Hands-On: Launching an EC2 Instance section. I’ll walk you through the process step by step, explaining each part in simple terms. This is a crucial skill in DevOps, as EC2 (Elastic Compute Cloud) is one of the most commonly used services in AWS for running virtual servers. Let’s get started! 🚀

AWS Hands-On: Launching an EC2 Instance ☁️

An EC2 instance is essentially a virtual server in the cloud. It allows you to run applications, host websites, or perform computations without needing physical hardware. Here’s how you can launch your first EC2 instance:

Step 1: Log in to AWS

1. Go to the AWS Management Console.

2. Sign in with your AWS account. If you don’t have an account, you can create one (AWS offers a free tier for beginners).

Step 2: Navigate to EC2

1. In the AWS Management Console, search for EC2 in the search bar.

2. Click on EC2 under Services to open the EC2 Dashboard.

Step 3: Launch an Instance

1. On the EC2 Dashboard, click the Launch Instance button.

2. You’ll be taken to a step-by-step wizard to configure your instance.

Step 4: Choose an Amazon Machine Image (AMI)

An AMI is a template that contains the software configuration (operating system, application server, and applications) for your instance.

• Select an AMI:

  • For beginners, I recommend choosing Amazon Linux 2 AMI (free tier eligible) or Ubuntu Server.

  • These are popular, well-documented, and free to use.

Step 5: Choose an Instance Type

An instance type determines the hardware specifications of your server (CPU, memory, storage, etc.).

• For this tutorial, select the t2.micro instance type (free tier eligible).

• This is perfect for learning and small applications.

Step 6: Configure Instance Details

This step allows you to configure advanced settings. For now, you can leave most settings at their defaults.

• Key settings to note:

  • Number of instances: Set to 1 (you can launch multiple instances later).

  • Network: Leave the default VPC (Virtual Private Cloud).

  • Subnet: Automatically selected.

Step 7: Add Storage

By default, AWS provides 8 GB of free storage for the root volume.

• You can increase the storage size if needed, but for this tutorial, leave it at the default.

• Click Next to proceed.

Step 8: Configure Security Groups

A security group acts as a virtual firewall for your instance. It controls inbound and outbound traffic.

• Create a new security group or use an existing one.

• Add rules to allow specific traffic:

  • SSH (Port 22): To connect to your instance remotely.

  • HTTP (Port 80): To allow web traffic (if hosting a website).

  • HTTPS (Port 443): For secure web traffic.

• Example:

  • Type: SSH

  • Protocol: TCP

  • Port Range: 22

  • Source: My IP (to restrict access to your IP address only).

Step 9: Review and Launch

1. Review all the settings you’ve configured.

2. Click Launch when you’re ready.

Step 10: Create a Key Pair

A key pair is used to securely connect to your instance via SSH.

• Choose Create a new key pair.

• Give it a name (e.g., my-first-keypair).

• Download the .pem file and store it securely. You’ll need it to connect to your instance.

Step 11: Launch the Instance

1. Click Launch Instances.

2. You’ll see a confirmation page with your instance ID.

3. Click View Instances to go back to the EC2 Dashboard.

Step 12: Connect to Your Instance

Once your instance is running (you’ll see a green status check), you can connect to it using SSH.

1. Select your instance in the EC2 Dashboard.

2. Click Connect.

3. Follow the instructions to connect via SSH:

   • Open a terminal (Linux/Mac) or use an SSH client like PuTTY (Windows).

   • Use the private key (.pem file) you downloaded earlier.

Example SSH command:

ssh -i /path/to/your-keypair.pem ec2-user@<public-ip-address>

• Replace <public-ip-address> with the public IP of your instance (found in the EC2 Dashboard).

Step 13: Test Your Instance

Once connected, you can start using your EC2 instance!

• Update the system:

    sudo yum update -y
  

• Install a web server (optional):

    sudo yum install httpd -y
    sudo systemctl start httpd
    sudo systemctl enable httpd
  

• Visit your instance’s public IP in a browser to see the default Apache page (if you installed httpd).

Why Is This Important in DevOps?

Launching an EC2 instance is a fundamental skill in DevOps because:

• It allows you to deploy and manage applications in the cloud.

• You can scale your infrastructure up or down based on demand.

• It’s the foundation for more advanced AWS services like Auto Scaling, Load Balancing, and Elastic Beanstalk.

That’s it! You’ve successfully launched your first EC2 instance. Now you can start experimenting, deploying apps, or learning more about AWS. Let me know if you’d like to dive deeper into any part of this process! 😊

Security Groups in AWS 🛡️

Security Groups act as virtual firewalls for your EC2 instances. They control inbound and outbound traffic, ensuring only authorized users and systems can access your instances. Think of them as bouncers at a club—they decide who gets in and who doesn’t.

What Are Security Groups?

• Inbound Rules: Control incoming traffic to your instance (e.g., allowing SSH access from your IP).

• Outbound Rules: Control outgoing traffic from your instance (e.g., allowing your instance to access the internet).

• Stateful: If you allow inbound traffic, the response is automatically allowed outbound, and vice versa.

Why Are Security Groups Important?

• Protect Your Instances: They prevent unauthorized access to your servers.

• Control Traffic: You can specify exactly which ports and IP addresses are allowed.

• Flexible: You can modify security group rules at any time, and the changes take effect immediately.

How to Configure Security Groups

Let’s walk through the steps to create and configure a security group for your EC2 instance.

Step 1: Create a Security Group

1. Go to the EC2 Dashboard in the AWS Management Console.

2. In the left-hand menu, click Security Groups under Network & Security.

3. Click Create Security Group.

Step 2: Configure Inbound Rules

Inbound rules control who can access your instance. Here’s how to set them up:

1. Name and Description:

   • Give your security group a name (e.g., my-ssh-http-sg).

   • Add a description (e.g., “Allow SSH and HTTP access”).

2. Add Inbound Rules:

   • Rule 1: Allow SSH Access

     • Type: SSH

     • Protocol: TCP

     • Port Range: 22

     • Source: My IP (to restrict access to your IP address only).

   • Rule 2: Allow HTTP Access

     • Type: HTTP

     • Protocol: TCP

     • Port Range: 80

     • Source: 0.0.0.0/0 (to allow access from anywhere).

   • Rule 3: Allow HTTPS Access

     • Type: HTTPS

     • Protocol: TCP

     • Port Range: 443

     • Source: 0.0.0.0/0 (to allow access from anywhere).

Step 3: Configure Outbound Rules

Outbound rules control what your instance can access. By default, AWS allows all outbound traffic, but you can restrict it if needed.

1. Default Outbound Rule:

   • Type: All traffic

   • Protocol: All

   • Port Range: All

   • Destination: 0.0.0.0/0 (allows access to anywhere).

2. Custom Outbound Rule (Optional):

   • If you want to restrict outbound traffic, you can specify rules. For example, you might allow only HTTPS traffic to specific IP addresses.

---

Step 4: Assign the Security Group to an Instance

When launching an EC2 instance, you can assign your security group during the setup process:

1. In the Configure Security Group step, select Select an existing security group.

2. Choose the security group you just created (e.g., my-ssh-http-sg).

Alternatively, you can assign a security group to an existing instance:

1. Go to the Instances page in the EC2 Dashboard.

2. Select your instance, click Actions, then Security, and Change Security Groups.

3. Assign your security group and save the changes.

Best Practices for Security Groups

To keep your instances secure, follow these best practices:

1. Restrict Access:

   • Only allow traffic from trusted IP addresses. For example, restrict SSH access to your IP.

   • Avoid using 0.0.0.0/0 for sensitive ports like SSH (port 22).

2. Use Separate Security Groups:

   • Create different security groups for different types of instances (e.g., web servers, databases).

3. Regularly Review Rules:

   • Periodically check your security group rules to ensure they’re still necessary.

4. Leverage Security Group References:

   • Instead of opening ports to the public, allow traffic only from other security groups. For example, allow a web server security group to access a database security group.

Example Use Case

Let’s say you’re hosting a website on an EC2 instance:

• Inbound Rules:

  • Allow HTTP (port 80) and HTTPS (port 443) from anywhere.

  • Allow SSH (port 22) only from your IP.

• Outbound Rules:

  • Allow all outbound traffic (default).

This setup ensures your website is accessible to everyone, but only you can SSH into the server.

Why Is This Important in DevOps?

Security Groups are a cornerstone of cloud security in DevOps because:

• They help you enforce the principle of least privilege (only allowing necessary access).

• They protect your infrastructure from unauthorized access and attacks.

• They’re essential for compliance with security standards like GDPR, HIPAA, and more.

You now know how to create, configure, and manage them to keep your instances secure.

Hands-On Networking Commands

Networking commands are like a Swiss Army knife for DevOps engineers. They help you diagnose issues, test connectivity, and gather information about your network. Here are some of the most commonly used commands and how to use them:

1. ping 🎯

The ping command checks if a device is reachable over the network and measures the response time.

• What It Does:

  • Sends an ICMP (Internet Control Message Protocol) echo request to a target IP or domain.

  • Waits for a reply and displays the round-trip time.

• Example:

    ping google.com
  

  • This will send packets to google.com and show you the response time.

• Use Case:

  • Check if a server or website is online.

  • Test network connectivity.

2. traceroute 🛤️

The traceroute command shows the path data takes to reach a destination.

• What It Does:

  • Displays each hop (router or server) between your machine and the target.

  • Measures the time taken for each hop.

• Example:

    traceroute google.com
  

  • This will show you the route packets take to reach google.com.

• Use Case:

  • Diagnose network latency issues.

  • Identify where a connection is failing.

3. netstat 📊

The netstat command displays active network connections and listening ports.

• What It Does:

  • Shows all open connections, including their protocol, local and remote addresses, and state.

• Example:

    netstat -a
  

  • This will list all active connections and listening ports.

• Use Case:

  • Check which ports are open on your machine.

  • Identify unauthorized connections.

4. curl 🌍

The curl command is used to transfer data to or from a server.

• What It Does:

  • Sends HTTP/HTTPS requests and displays the response.

  • Can also be used for FTP, SMTP, and other protocols.

• Example:

    curl https://google.com
  

  • This will fetch the HTML content of google.com.

• Use Case:

  • Test APIs or web services.

  • Download files from the internet.

5. dig 🔍

The dig command queries DNS (Domain Name System) records.

• What It Does:

  • Retrieves information about domain names, such as IP addresses, MX records, and more.

• Example:

    dig google.com
  

  • This will show the DNS records for google.com, including its IP address.

• Use Case:

  • Troubleshoot DNS issues.

  • Verify domain configurations.

6. nslookup 🔎

The nslookup command is another tool for querying DNS records.

• What It Does:

  • Similar to dig, but with a simpler interface.

• Example:

    nslookup google.com
  

  • This will display the IP address of google.com.

• Use Case:

  • Quickly check DNS records.

  • Verify domain-to-IP mappings.

7. ifconfig (or ip on modern systems) 🖧

The ifconfig command displays network interface configurations.

• What It Does:

  • Shows IP addresses, MAC addresses, and network interface details.

• Example:

    ifconfig
  

  • This will list all network interfaces and their configurations.

• Use Case:

  • Check your machine’s IP address.

  • Diagnose network interface issues.

8. ssh 🔒

The ssh command is used to securely connect to a remote server.

• What It Does:

  • Establishes an encrypted connection to a remote machine.

• Example:

    ssh -i /path/to/your-key.pem ec2-user@<public-ip>
  

  • This will connect to an EC2 instance using the private key file.

• Use Case:

  • Access and manage remote servers.

  • Perform administrative tasks on cloud instances.

9. scp 📂

The scp command securely copies files between your local machine and a remote server.

• What It Does:

  • Transfers files over SSH.

• Example:

    scp -i /path/to/your-key.pem myfile.txt ec2-user@<public-ip>:/home/ec2-user/
  

  • This will copy myfile.txt to the remote server.

• Use Case:

  • Upload or download files to/from a server.

  • Backup files securely.

10. telnet 📞

The telnet command tests connectivity to a specific port on a remote server.

• What It Does:

  • Connects to a remote server on a specified port.

• Example:

    telnet google.com 80
  

  • This will test if port 80 (HTTP) is open on google.com.

• Use Case:

  • Check if a specific port is open and reachable.

  • Troubleshoot service availability.

Why Are These Commands Important in DevOps?

These networking commands are essential because:

• They help you troubleshoot network issues quickly.

• They allow you to monitor and manage connections effectively.

• They’re universal and work across most operating systems.

• They’re lightweight and don’t require additional software.

These tools will become your best friends when working with servers, cloud infrastructure, or debugging network issues.

Conclusion

And that’s a wrap for Week 1 of my 90 Days of DevOps Challenge! 🎉 This week was all about Networking, the foundation of everything in DevOps. Here’s a quick recap of what I covered:

• Basics of Networking: Learned how the internet works, explored different types of networks, and compared the OSI and TCP/IP models.

• Key Protocols and Ports: Dived into essential protocols like HTTP, SSH, and DNS, and understood their roles in DevOps.

• Addressing: Explored IP addresses, MAC addresses, and subnetting.

• AWS Hands-On: Launched my first EC2 instance and configured security groups to control access.

• Networking Commands: Practiced essential commands like ping, traceroute, and curl to troubleshoot and manage networks.

It’s been an intense but rewarding week! Networking might seem daunting at first, but breaking it down into smaller concepts made it much more approachable. I’m already seeing how these fundamentals will play a crucial role in my DevOps journey.

Key Takeaways

1. Networking is the backbone of DevOps: Whether you’re deploying apps, managing servers, or troubleshooting issues, a solid understanding of networking is essential.

2. Hands-on practice is key: Launching an EC2 instance and using networking commands helped me connect the dots between theory and practice.

3. Security matters: Configuring security groups taught me the importance of controlling access to my resources.

What’s Next?

In Week 2, I’ll be diving into Linux Fundamentals! 🐧 As the operating system of choice for most DevOps tools and environments, Linux is a must-know skill. I’ll be exploring:

• Basic Linux commands and file systems.

• Shell scripting and automation.

• User and permission management.

If you’re just starting out with Linux, don’t worry—I’ll break everything down step by step. And if you’re already familiar with Linux, stick around for some tips and tricks to level up your skills!

Final Thoughts

This challenge has already been an incredible learning experience, and I’m excited to keep building on this foundation. If you’re following along, I’d love to hear about your progress—feel free to share your thoughts, questions, or tips in the comments below!

Thanks for joining me on this journey, and I’ll see you in Week 2!

Resources

As part of this 90 Days of DevOps Challenge, I’ve curated a list of resources to help you dive deeper into the topics we covered this week. These resources are handpicked to ensure you’re building a strong foundation and staying on track to master DevOps in 90 days!

Networking Basics:

• Networking For DevOps by TrainWithShubham

• Computer Networking by Kunal Kushwaha

• OSI Model explained - Geeks For Geeks

• Common Networking Protocols

• AWS free tier

Connect with Me

If you enjoyed this blog or have any questions, feel free to reach out! Let’s connect and grow together:

• LinkedIn: https://www.linkedin.com/in/saxenapratham/

• Twitter: https://x.com/Pratham26803135

  Looking forward to hearing from you! 😊