Internet - optical fiber through water connected, satellite not preferred because distance is more

TIER 1 - cables all around world - TIER 2(AIRTEL) rent through tier1 - TIER 3(JIO) rent through tier2

MAN - metropolitian area network - provide internet through city

WAN - wide area network

I am using - LAN - local area network

WAN connects MAN connects LAN

OSI - Open system interconnection - standard by ISO

Application (whatsapp) , Presentation (End to end encryption), Session (session between each other in connection), Transport (Data transport between each other), Network (network between each other), Data link (connected to a particular device only), physical (phycical device)

TCP/IP model - Application layer, Transport Layer, Network Layer, Network Access Layer - real life usage

---

Application layer -

webpage transfer - http protocol,

mail transfer - smtp protocol

Transport layer - protocols for error checking of msgs - tcp 3ways acknowledgement (ensures reaching of data); udp - not much secure (can drop packets of Data)

Network layer - source IP, destination IP - linux command - traceroute google.com

---

Datagram - source IP, dest IP - transfer this packet - datagram diagram

Mac address we dont know of a particular device

ARP - address resolution protocol - source ip, dest IP, mac Ip of ours, mac address of receiver(don't know) - this is broadcasted and wherever it is broadcasted within the network, Mac address of that destination is been added in ARP and then unicasted to the source - the way to get MAC address of destination

RARP - ip address is missing so it is found out using MAC address in the packet

DNS - domain name system

FTP

Telnet - terminal network, SMTP , SNMP , HTTP

VPC - subnet - route table(path for connections to establish) - security group(permission for the connections)

---

VPC flow

A person outside internet named Person ABC wants to access an application on System A but system A has purchased a VPC from AWS, so how the process will be followed now so that System A gives access to person within internet (public network)

System A has to pass through a gate before entering VPC, the gate is called the Internet Gateway

Now the connection is present within VPC but still in the public subnet
so before going further lets know from where public subnet came from

In VPC we have subnets - subnets are section where different applications will be there in different subnets to ensure more secure environment within VPC

So suppose VPC has CIDR range of 10.0.0.0/16, subnets will be divided within this VPC, so for example there are two subnets with CIDR range 10.0.1.0/24 and 10.0.2.0/24

So we have to access the application within these subnets which are the private subnets, but the VPC will also have public subnet by default where internet people can roam freely just passing through internet gateway

So coming back, Person ABC will pass through the internet gateway and enter VPC and will be there in the public subnet, now in public Subnet there is Load Balancer which is responsible for forwarding the requests according to the load present, but now there is a path required to go from Load Balancer to the application inside subnet, there is someone needed to show this path, which is the route, so in AWS it is route table who will show the path till the subnet

So now once the application reaches the private subnet, there is again a validation done at the subnet gate regarding the IP address and the port number it wants to visit to by a security which is security group in AWS, so Security group is responsible in AWS to allow Person ABC to enter into the subnet

---

So again learning about VPC

VPC has 2 things to secure the application

1. Security group - on Instance level

2. NACL - on subnet level

So if NACL allows then question is asked by SG, but if NACL doesnt allow, it is surely a deny for Instance with any permission through SG

In Azure
One simple clarification

NSG -> all connections denied

only AzureLoadBalancer to subnet is allowed

vnet to vnet is allowed

for inbound as well as outbound rules

we need to explicitly deny whatever is by default allowed

and explicitly allow whatever is by default not allowed

---

DNS - Domain Name System

Route53 in AWS has two parts - Domain Name Registration which we have to pay and get and another one is hosted zones where dns records are maintained and also Route53 does health checks for the web servers where the application is running