Network Engineer Certification

I prepare for being certified as Network Engineer. This means you have to digest a lot of complicated topics... or you make it fun by using analogies. I bet I will teach you BGP, Interconnects and VPN in the next 10 minutes so that you won't forget it or you get your money back.

Let's start like this: Imagine the internet is the highway network connecting towns (datacenters). Then, the cars are network packets driving over it.

If highways are the internet, network
packets are cars

The cars deliver pizza. There are routes where you can drive fast and there are slow routes. Some have four lanes, others are just narrow alleys. That's latency and bandwidth aka throughput. Now I tell you, if I want a pizza, I want it in 10 minutes. Having 5 pizzas after 50 minutes just isn't the same experience although throughput would be the same. 

Next time you wait for a pizza - think of this blog and agree: nothing beats latency ;)

Do you know Lombard street? That's the curviest street in the world, look here:
Data packets must not be too long.

If your car is longer than 10 meters, then, it will get stuck here. So the pizza will never arrive, neither will an accident message :( 
That's the MTU, the maximum transfer unit, the maximum size of a network packet. For Google cloud it's typically 1460 bytes, but there are considerations.

An interconnect is a private highway connection. Obviously such a private highway will allow

  • more cars to travel
  • faster and with
  • more privacy - neither the police nor gangsters drive on your highway, you can have private car plates (IP addresses)
  • more secrecy - you can just build a wall around the highway (encryption)

Cool analogy, right? In the certification exam, when they talk about interconnects, you will know what to say about interconnects.

Now, what is a VPN (virtual private network)? A VPN uses the public highway routes, but uses car transporters with a canopy so you cannot see the cars from the outside:

Car transporters can hide cars, and the
number plates do not have to be official

You can have one ore more car transporters. Obviously, the cars don't need to have official number plates (IP addresses) either. They can have private car plates ( or whatever). For the certification you have to know that a VPN:

  • is secure. Transmitted packets cannot be inspected from third parties because they are encrypted. This means privacy. It is analog to the canopy hiding the cars inside the car transporter.
  • can use private IP addresses. Analog to the car plates that do not need to be official.
  • can use several tunnels (car transporters)
  • does not have a lower latency or higher bandwidth than the underlying public highway... err, internet connection

Next topic, every highway system needs signposts:

A routing table in real life ;)

In our analogy, cities are datacenters, or, more exactly, IP address ranges with names like Our cities frequently get deleted or moved or extended or shrinked or they get new suburbs (subnetworks). Or highways get deleted. So we need a service to re-label the signposts. This signpost labelling service is called BGP (border gateway protocol). It says things like "Munich? If your car plate ends in 7, go this way, otherwise, go this way. By doing that, it can load balance the traffic between nodes.

A "signpost" shown by the command route.
We can make it more complicated ;)

Now, a VPC (virtual private cloud) is what used to be called a "network" in the on-premise days. Compare it to a town's streetmap. The town has suburbs (subnetworks) which are part of the streetmap. A VPC is a "town" (network) in the cloud.

VPC peering is dynamic routing, that you allow the BGP (signpost labelling service) to extend over two towns ("peered" towns or networks). Typically you have an on-premise datacenter and want to peer it with a VPC in the cloud.

A VPC includes firewall rules like "only red cars are allowed to drive to the house with the address". And of course a security concept who is allowed to change what rules. If you want to extend this to another VPC, you create a shared VPC.

Now our pizza bakery has local storage places in every bigger city. They are called proxies and are part of the content delivery network CDN. The pizza stored there is pre-orderable (static) pizza.

What's Cloud NAT

I used to work for BASF, and they have the world's largest chemical compound. 7.11km² of chemical factories. In that compound, you could drive with their own cars. Perfectly normal cars, but... you guessed it, they did not have official car plates. Now imagine your boss gets hungry and wants a pizza. They send you in the internal car to gate. Then, you cannot get outside because of your car plate, so, you get into a taxi (with official car plates) and drive to the restaurant to get the pizza, right? And when you return, someone has noted your internal car's internal car plate and your taxi's external one. And hands you back the key to your internal car, so you can bring the pizza back to the factory where it has been requested. Now that's NAT (network address translation) - you don't have an external IP address, but you can access the internet nevertheless.


Post a Comment

Popular posts from this blog

Set up a webcam with Linux

PuTTY: No supported authentication methods available

My SAT>IP Server