Computer Networks

date
Apr 30, 2025
type
Post
AI summary
slug
computer-networks
status
Published
tags
Networks
summary
This blog post provides a structured overview of computer networking fundamentals, organized around the OSI model and real-world practices. It begins with the basics of the OSI and TCP/IP stacks, then explores each layer’s function—from physical transmission and link-layer protocols like Ethernet and ARP, to IP addressing and routing at the network layer, and reliable communication via TCP and UDP at the transport layer. The application layer section covers protocols such as HTTP, DNS, and SMTP. It also explains core routing algorithms (like OSPF and RIP), and addresses NAT and firewall principles for secure Internet access. Designed for both students and practitioners, the post balances theoretical clarity with engineering relevance.

OSI Model

The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes the functions of a telecommunication or computing system into seven distinct layers. Each layer serves a specific role and communicates with the layers directly above and below it, facilitating interoperability between diverse systems and protocols.
Starting from the top, the Application Layer (Layer 7) provides network services directly to end-user applications, such as web browsers and email clients. The Presentation Layer (Layer 6) ensures that data is in a usable format and is where data encryption and compression occur. The Session Layer (Layer 5) manages sessions between applications, establishing, maintaining, and terminating connections.
The Transport Layer (Layer 4) is responsible for reliable data transfer between end systems, providing services such as error checking and flow control. The Network Layer (Layer 3) handles the routing of data across the network, determining the best physical path for the data to reach its destination. The Data Link Layer (Layer 2) provides node-to-node data transfer—a link between two directly connected nodes—and handles error correction from the physical layer. Finally, the Physical Layer (Layer 1) transmits raw bitstreams over a physical medium, dealing with the hardware aspects of data transmission.
This layered approach allows for modular engineering, simplifies troubleshooting, and enables interoperability between different systems and technologies.

Layer 1: The Physical Layer

The Physical Layer is the foundational layer (Layer 1) of the OSI model. It defines the hardware elements involved in transmitting raw bits over a physical medium — including electrical signals, light pulses, or radio waves. This layer is not concerned with meaning or structure of the data; it only ensures that binary 1s and 0s are transmitted from sender to receiver.
Key Responsibilities
  • Bit Transmission: Converts frames into electrical, optical, or radio signals suitable for transmission.
  • Medium Specification: Defines the type of transmission media (copper cables, fiber optics, wireless).
  • Signal Encoding: Determines how bits are encoded into physical signals (e.g., NRZ, Manchester encoding).
  • Connector and Interface Specs: Includes definitions of cables, jacks (e.g., RJ45), and pin layouts.
  • Synchronization: Ensures sender and receiver are aligned on bit timing (bit rate and clocking).
Common Devices at Layer 1
  • Hubs: Simple repeaters that forward incoming signals to all ports without any intelligence.
  • Repeaters: Regenerate and amplify signals to extend physical network range.
  • Cables and Connectors: Twisted pair (Cat5e/Cat6), coaxial, and fiber optic cables.
Example
When a laptop sends a ping to another device on a LAN, the final delivery of those bits is handled by Layer 1 — converting the digital data into voltages on a copper wire or light pulses through fiber.

Layer 2: Data Link Layer

The Data Link Layer, the second layer of the OSI model, provides reliable and organized communication over the physical medium, ensuring that data sent from one device on a local network is correctly received by another. It operates through several key protocols.
Ethernet defines the frame structure and media access control for wired LANs, making it the most widely used protocol at this layer.
ARP (Address Resolution Protocol), which technically spans Layers 2 and 3, resolves IP addresses to MAC addresses for local delivery.
PPP (Point-to-Point Protocol) enables direct communication between two network nodes, often used between routers.
802.11, commonly known as Wi-Fi, handles wireless LAN communication, including frame delivery and medium access control. These protocols collectively enable the Data Link Layer to manage addressing, framing, and reliable delivery across both wired and wireless networks.

1. Framing (Data Packaging)
The Data Link Layer groups raw bits from the Physical Layer into frames, which are structured units of data. Each frame typically includes:
Framing allows the receiver to identify the beginning and end of each data unit, ensuring proper data segmentation and synchronization.

2. MAC Addressing (Hardware Identification)
The Data Link Layer uses MAC (Media Access Control) addresses, which are unique hardware identifiers assigned to network interfaces:
  • These addresses are used for local delivery of frames between devices on the same LAN.
  • Switches use MAC addresses to determine the correct port to forward a frame, enabling efficient frame delivery.

3. Error Detection and Correction
This layer helps ensure data integrity by detecting transmission errors: Most commonly, it uses Frame Check Sequences (FCS) or CRC codes appended to the frame. If a receiving device detects an error, it may discard the frame. Some protocols at higher layers handle retransmission.

4. Flow Control and Access Control
In shared networks, the Data Link Layer prevents data collisions and regulates transmission timing:
  • Media Access Control protocols like CSMA/CD (used in Ethernet) allow devices to detect whether the medium is free before sending data.
  • Wireless networks use CSMA/CA (Collision Avoidance) to minimize simultaneous transmissions.

Switch and Bridge Operation

At Layer 2 of the OSI model (Data Link Layer), network switches and bridges forward Ethernet frames using MAC addresses. These devices are responsible for segmenting collision domains and making intelligent forwarding decisions without involving IP addresses.

🔌 Switch Operation
  • Device Role: Multi-port Layer 2 device.
  • MAC Address Table:
    • Maintains a dynamic table of MAC address to port mappings.
    • Learns from source addresses of incoming frames.
  • Forwarding Logic:
    • Unicast: Forwards frame to specific port if MAC is known.
    • Flooding: If destination MAC is unknown, sends to all ports (except the incoming one).
    • Broadcast/Multicast: Forwards based on frame type.
  • Use Case: Backbone of modern Ethernet LANs; connects hosts directly.

🌉 Bridge Operation
  • Device Role: Connects two or more LAN segments.
  • Forwarding Table:
    • Maintains MAC-to-interface mappings (conceptually same as switch).
  • Forwarding Logic:
    • Learns source MACs, forwards frames only to the segment needed.
    • Filters local traffic from being forwarded unnecessarily.
  • Use Case: Legacy networks; replaces or supplements hubs in small networks.

🔍 Key Differences
Feature
Switch
Bridge
Ports
Many (e.g. 24+)
Few (typically 2)
Speed
Hardware-based (faster)
Software-based (slower)
Role
Device-to-device connections
Segment-to-segment connection
Table Name
MAC Address Table
Forwarding Table
Deployment
Modern, scalable networks
Legacy or low-scale networks

🖼 Visual Example
A switch with multiple hosts:

💡 Practical Insight
  • Both devices perform Layer 2 forwarding based on MAC addresses.
  • The difference is scale and implementation: switches are modern, high-performance multi-port bridges.
  • In Linux or Cisco systems, you can view the MAC table using commands like bridge fdb show or show mac address-table.

Layer 3: Network Layer

The Network Layer enables communication between devices that are not on the same local network. It ensures that data packets are properly routed across multiple networks to reach their final destination. This layer sits above the Data Link Layer and below the Transport Layer.

1. Logical Addressing (IP Addressing)
The Network Layer uses IP addresses to identify devices across different networks:
  • Unlike MAC addresses (which are tied to hardware), IP addresses are logical and can change depending on the network.
  • Each device on a network has a unique IP address, enabling global identification.

2. Routing (Path Determination)
The Network Layer is responsible for determining the best path for data to travel across networks. This process is handled by routers, which rely on two distinct operational planes:

Control Plane vs. Data Plane


  • Control Plane:
    • Responsible for building and maintaining the routing table.
    • Runs routing protocols such as OSPF, BGP, and RIP to learn network topology and exchange reachability information.
    • Makes decisions about the best path to each destination.
    • Operates in software (CPU).
  • Data Plane (also called Forwarding Plane):
    • Responsible for the actual forwarding of packets based on the routing table.
    • Performs a simple lookup in the forwarding information base (FIB) to decide which interface to send the packet out.
    • Operates in hardware or fast-path optimized software (e.g., ASICs in routers).
This separation allows routers to make intelligent decisions (control plane) while efficiently forwarding high volumes of traffic (data plane).

Routing Protocols

Link-State Protocols

In link-state routing protocols like OSPF or IS-IS, each router advertises information about its directly connected links, including the neighbor routers and the cost (or metric) of each link. These advertisements, called LSAs (Link-State Advertisements), are flooded to all routers in the area. Each router then builds a complete map of the network topology and independently runs Dijkstra’s algorithm to compute the shortest path to each destination.
Unlike distance-vector protocols, link-state routers don't rely on their neighbors to tell them where to send traffic—they compute it themselves based on a synchronized global view of the network.
Example: Link-State Advertisement
Each router collects all such LSAs, builds the network graph, and computes paths like:
Link-state protocols offer fast convergence and accurate routing but require more memory and CPU.

Distance-Vector Protocols

In distance-vector protocols like RIP, routers do not know the full topology. Instead, they periodically share their routing tables with neighbors. Each entry says, "I can reach this destination in X hops." Routers accept this data and increment the hop count by one before passing it along. Because of this simplicity, loops can easily form, especially if a route becomes invalid and stale information keeps circulating.
Example: RIP Routing Table Entry
If the link to 192.168.4.0 breaks and A still hears from B that it’s reachable, they may start looping updates like:
This is called counting to infinity. RIP limits this to 15 hops (16 = unreachable) and uses tricks like split horizon and hold-down timers to mitigate loops.

Path-Vector Protocols

BGP (Border Gateway Protocol) is a path-vector protocol used to route data between autonomous systems (ASes) on the Internet. Instead of just hop count or cost, BGP updates include a list of all ASes a route has passed through—called the AS Path—along with various routing attributes that inform policy decisions.
BGP routers don't calculate the shortest path. Instead, they select routes based on policy, AS path length, and attributes like local preference, MED, and communities. The AS path also serves as a built-in loop prevention mechanism: if a router sees its own AS number in the path, it rejects the route.
Example: BGP Route Advertisement
This means: "To reach 8.8.8.0/24, go through 203.0.113.1. The route has passed through AS64501, AS64502, and AS64503." The router chooses the best route based on local policy, not just AS path length.
BGP scales to the entire Internet but is complex, slow to converge, and requires human-defined policies for effective routing.


3. Packet Forwarding
After determining the best path, the Network Layer forwards packets to the next hop toward the destination:
  • Each packet has a header that includes source and destination IP addresses.
  • Routers examine these headers to determine how to forward the packet.

4. Fragmentation and Reassembly
Some data packets may exceed the maximum transmission unit (MTU) of a network:
  • The Network Layer can fragment packets into smaller pieces.
  • The receiving device reassembles the fragments to reconstruct the original packet.

5. Error Reporting and Diagnostics
Protocols at this layer support network troubleshooting and reporting:
  • ICMP (Internet Control Message Protocol) is used by tools like ping and traceroute.
  • These tools help diagnose routing issues and measure connectivity between devices.

6. Common Network Layer Protocols
Key protocols at Layer 3 include:
  • IPv4/IPv6: Core protocols for assigning and routing logical addresses.
  • ICMP: Used for control messages and error reporting.
  • IGMP: Used for managing multicast group memberships.
  • IPSec: Provides secure IP communication through encryption and authentication.

Devices that operate at this layer include routers, layer-3 switches, and firewalls that inspect or manipulate IP headers.

Layer 4: Transport Layer

The Transport Layer sits between the Network Layer (Layer 3) and the Application Layer (Layer 7). Its core mission is to provide end‑to‑end communication services for applications, hiding the details of the underlying network and ensuring that data arrives intact, in order, and at an acceptable pace.

1. Segmentation and Reassembly
The Transport Layer breaks large application messages into smaller segments that fit within the network’s Maximum Transmission Unit (MTU). Each segment receives a sequence number so the receiving host can:
  • Detect lost or out‑of‑order segments.
  • Reassemble segments into the original application payload.
This process allows applications to transmit arbitrarily large data streams without worrying about lower‑layer size limits.

2. Port Addressing and Multiplexing
To let many applications share a single host, the Transport Layer uses port numbers:
  • Source Port / Destination Port fields in the header identify the sending and receiving processes.
  • Ports enable multiplexing (multiple conversations over one IP) and demultiplexing (delivering the right data to the right socket).
  • Well‑known ports (0‑1023) are reserved for common services (e.g., 80 for HTTP, 443 for HTTPS), while 1024‑65535 are used for dynamic or private allocations.

3. Connection Establishment and Termination
Some transport protocols create a virtual circuit between hosts:
  • TCP uses a three‑way handshake (SYN → SYN‑ACK → ACK) to establish state on both ends, then a four‑step FIN/ACK exchange to close gracefully.
  • UDP is connectionless—it adds minimal header overhead and sends datagrams without setup, trading reliability for speed and simplicity.

4. Reliability and Error Recovery
Reliable protocols (notably TCP) guarantee that data arrives uncorrupted and in order:
  • Acknowledgments (ACKs) confirm receipt of segments.
  • Retransmission timers trigger resends when ACKs are missing.
  • Checksums in the header detect bit errors.
If a segment is lost or damaged, the sender retransmits until an ACK is received, shielding the application from network hiccups.

5. Flow Control
Flow control protects a slower receiver from being overwhelmed by a faster sender:
  • TCP’s sliding‑window advertises how many bytes the receiver can accept (the receive window).
  • The sender may transmit only ≤ window size before pausing for ACKs, matching the data rate to the receiver’s buffer capacity.

6. Congestion Control
While flow control manages the endpoint → endpoint pace, congestion control protects the network itself:
  • Algorithms such as Slow Start, Congestion Avoidance, Fast Retransmit, and Fast Recovery probe available bandwidth and back off when packet loss suggests congestion.
  • Modern variants—CUBIC, BBR, QUIC’s congestion controller—improve throughput and fairness under diverse conditions.

7. Common Transport‑Layer Protocols
Protocol
Key Features
Typical Use Cases
TCP
Reliable, connection‑oriented, ordered delivery, congestion & flow control
Web traffic, email, file transfer
UDP
Unreliable, connectionless, minimal overhead
Streaming media, VoIP, DNS, gaming
SCTP
Multi‑streaming, multi‑homing, message boundaries
Telecom signaling, industrial control
QUIC
Runs over UDP, integrates TLS 1.3, multiplexed streams, 0‑RTT
Modern web (HTTP/3), mobile apps
These protocols give application developers a spectrum—from maximum reliability (TCP) to minimal latency (UDP/QUIC)—to match transport behavior to the needs of each service.

With segmentation, port multiplexing, connection management, reliability mechanisms, and sophisticated congestion algorithms, the Transport Layer is the workhorse that turns best‑effort IP delivery into dependable, application‑friendly communication.

Layer 7: Application Layer

The Application Layer is the top layer of the Internet protocol stack and enables direct interaction between user-facing software and the network. It includes protocols that power essential Internet services like email, web browsing, file transfer, and service-to-service communication. This layer does not manage the transport of data directly—instead, it builds on the reliability (or speed) of lower layers like TCP and UDP to support meaningful application workflows.

DNS

Video preview
The Domain Name System (DNS) translates human-friendly domain names (like www.coursera.org) into IP addresses that computers use to route packets. DNS is a hierarchical, distributed system composed of root servers, top-level domain (TLD) servers, and authoritative servers. When a user enters a URL into their browser, DNS resolution is the first step—without it, the client wouldn’t know where to send the HTTP or gRPC request.
DNS typically uses UDP on port 53 for quick lookups, but falls back to TCP for large responses (like DNSSEC). Queries can be recursive (the DNS resolver does all the work) or iterative (the client follows each step). DNS results are cached at multiple levels to reduce load and speed up response times.

SMTP

The Simple Mail Transfer Protocol (SMTP) is used for sending email messages between mail servers. It establishes a TCP connection and uses a simple command-response structure with commands like HELO, MAIL FROM, and RCPT TO. SMTP handles only message sending—retrieval is left to protocols like IMAP or POP3.
For example, when sending an email from Gmail to Outlook, Gmail’s server uses SMTP to push the message to Outlook’s mail server, which then stores it until the recipient downloads it.

HTTP

Video preview
Hypertext Transfer Protocol (HTTP) is the backbone of the World Wide Web. It enables clients (browsers) to fetch content from servers using methods like GET, POST, PUT, and DELETE. Responses include both status codes (200 OK, 404 Not Found) and data such as HTML, JSON, or images.
HTTP is stateless, meaning each request is independent. It operates over TCP (port 80) or HTTPS (port 443), where HTTPS provides encryption via TLS. Despite its simplicity, HTTP supports advanced features like headers, cookies, and caching to make web interactions robust and user-friendly.

Socket

Socket APIs allow developers to create custom networked applications by directly managing communication endpoints. A socket represents one side of a TCP or UDP connection. Common operations include socket(), bind(), listen(), accept(), connect(), send(), and recv().
For example, a basic chat application might have a server that listens on a port and accepts incoming connections, while multiple clients connect and exchange text messages using TCP sockets. Socket programming offers full control but requires careful handling of concurrency, timeouts, and data formatting.

gRPC

gRPC is a high-performance, open-source Remote Procedure Call (RPC) framework built by Google. It enables direct function calls between services across a network, using Protocol Buffers (protobuf) for efficient, binary-encoded messages and HTTP/2 for transport.
Unlike REST, where communication is based on URL endpoints and loosely structured JSON, gRPC uses strongly-typed service contracts defined in .proto files. These contracts are compiled into code in multiple languages, allowing services to communicate safely and efficiently.
Why gRPC can be better than REST
  • Performance: gRPC messages are smaller and faster to parse than JSON used in REST. This matters in low-latency or high-throughput systems, like IoT or mobile backends.
    • Example: A fleet tracking service with thousands of vehicles sending location updates every few seconds can reduce bandwidth costs significantly using gRPC.
  • Streaming: gRPC supports bidirectional streaming, where clients and servers continuously send messages without reopening connections. REST typically requires polling or workarounds like WebSockets.
    • Example: A real-time stock trading platform can push price updates to the client immediately without the user needing to refresh or re-request data.
  • Code Generation: Protobuf definitions are compiled into native code, avoiding manual parsing or error-prone boilerplate. This improves developer productivity and reduces bugs.
    • Example: A microservice ecosystem using gRPC can ensure all services adhere to the same interface definitions, with automatic updates across multiple programming languages.
  • Error Handling and Type Safety: gRPC enforces strict contracts, so clients and servers know exactly what to expect. REST APIs often require extra validation logic on both ends.

In summary, the Application Layer encompasses everything users and developers interact with directly over a network. From resolving domain names and browsing the web to sending emails and building modern distributed services, it forms the foundation of everyday Internet applications. Understanding the strengths and use cases of protocols like HTTP, DNS, and gRPC is key to designing scalable and robust systems.

Network Security

Network security is about how we protect data, secure communication channels, and prevent unauthorized access or manipulation across different layers of the network. Topics include basic security concepts, IPsec, RPKI, and TLS/HTTPS, organized by which layer of the network stack they protect.
Network security begins with three foundational goals, known as the CIA triad:
  • Confidentiality: Ensuring only authorized parties can read the transmitted data.
  • Integrity: Verifying that data has not been altered in transit.
  • Availability: Ensuring that services remain accessible and operational.
Security challenges arise from vulnerabilities in protocols, poorly configured systems, and attacks such as spoofing, man-in-the-middle, and denial-of-service. To mitigate these risks, we rely on cryptographic tools and carefully designed protocol extensions.

IPsec: Securing the Network Data Plane

IPsec (Internet Protocol Security) is a suite of protocols that operates at the network layer, securing IP packets regardless of the upper-layer protocol (e.g., TCP, UDP).
IPsec protects data in transit between two endpoints, such as routers or firewalls, by adding authentication and/or encryption. It supports two main modes:
  • Transport mode: Encrypts only the payload of the IP packet, leaving the header intact. Common for end-to-end host communication.
  • Tunnel mode: Encrypts the entire IP packet and wraps it in a new outer IP header. Widely used in VPNs.
IPsec uses protocols like Authentication Header (AH) for integrity and Encapsulating Security Payload (ESP) for confidentiality. Security associations (SAs) are established using IKE (Internet Key Exchange) to agree on keys and algorithms.

RPKI: Securing the Network Control Plane

RPKI (Resource Public Key Infrastructure) is designed to prevent BGP route hijacking by securing the control plane of the Internet. It allows IP address owners to cryptographically sign route origin authorizations (ROAs), asserting which Autonomous Systems (ASes) are authorized to originate certain IP prefixes.
Without RPKI, malicious or misconfigured BGP speakers can announce incorrect routes, leading to traffic interception or denial-of-service. RPKI makes these attacks harder by giving routers a way to verify the authenticity of route advertisements.
Deployment of RPKI is growing but still uneven globally. Its effectiveness depends on widespread adoption by ISPs and enforcement of validation policies at the network edge.

TLS/HTTPS: Securing the Transport and Application Layers

TLS (Transport Layer Security) provides encryption and authentication for communication at the transport and application layers, most famously used in HTTPS (secure HTTP).
TLS begins with a handshake where the client and server negotiate cryptographic algorithms and exchange certificates. Once established, it uses symmetric encryption for performance and message authentication codes (MACs) to ensure data integrity.
HTTPS is simply HTTP layered over TLS. It ensures that:
  • The server is authenticated via a certificate authority (CA).
  • Communication between client and server is encrypted and tamper-proof.
  • Intermediaries (like proxies or ISPs) cannot read or modify the content.
TLS has largely replaced earlier protocols like SSL and is foundational to secure web applications, APIs, and email systems.

Together, IPsec, RPKI, and TLS illustrate a multi-layered approach to network security—each protecting a different part of the communication path, from raw packet forwarding to global routing infrastructure to user-facing services. Understanding how these tools work in context is key to building and maintaining secure systems on the modern Internet.

© Qiwei Mao 2024 - 2025