Building Your Private Network Series - Concepts
When learning something new, I like to start with being introduced to the concepts in a very basic manner, so let's take some time to do that in this blog post. It can also serve as a reference.
Let's start with some concepts you're going to need to become familiar with as we begin to build our networks. We will talk about these terms in a non-technical manner and provide additional resources if you care to dive into the technical aspects of each concept
Table of Contents
- LAN vs. WAN
- Access Point
- MAC Address
- IP Address
- Trunk vs. Access
At a basic level, which is sufficient for our purposes, a network is simply the joining together of electronic devices, e.g., computers, switches, access points, and phones, to name a few. This is done typically between more than two devices using a switch or a wireless access point. We interconnect networks using a device called a router, we'll discuss that briefly below.
Everyone has undoubtedly heard the term internet. We colloquially know that as the place we go to access all the wonderful services the digital world has to offer. For our purposes, we can expand on that and think of internet as the connection to get to other networks. The (inter-net)work, or the path between networks, doesn't have to be provided just by our ISP (Internet Service Provider). We can actually create our own internets between our own networks, using our own routers.
A router is a device (can be virtual) that directs (routes) network traffic from one network to the other. It can get pretty technical, but just know that it is required when you want to go outside your local network, or the network that you are currently on.
While the router is the device that routes traffic from one network to another, think of the Gateway as the doorway on the router that data goes through to get to the other networks. This is always represented as an ip address that is assigned to the router on a particular network interface.
LAN vs. WAN
LAN (Local Area Network) is simply the network that you are on, or that is close (local) to you. The WAN (Wide Area Network) is the generic term that means, all the other networks that are not local to you. Just think of the WAN as the stuff outside your own local network.
A switch is a device that connects multiple other devices. It has any number of ports on it, e.g., 4, 6, 8, 10, 12, 16, 24, etc., that allow you to connect various network devices to one another. There are different types of switches that come with varying capabilities, for example layer 2 and layer 3 switches. The main difference between an L2 and L3 switch is that L3 switches can perform routing functions in addition to switching functions.
A wireless Access Point is a dedicated role for providing access to a network wirelessly. Think of it as a switch that allows network devices to "plug into" the network wirelessly. Some times this role is on dedicated hardware known as an Access Point Device. Sometimes, this role is merged with a router, typically in home network scenarios, where the Internet Provider provides you with a wireless router. Those devices serve two roles. In larger networks we typically try to separate out the Wireless Access Point from the Router so that we can have more capability and control over the overall infrastructure.
A MAC (Media Access Control) Address is a 12 digit hexadecimal identifier that represents the physical (or virtual) interface of a network device. For example the Wifi interface inside your phone used to communicate on the network. The MAC is used by switches to keep track of where data should be sent as it flows through the network. It does this through the use of something called a MAC Address table, which is just a list of which ip addresses belong to which MAC address and what port on the Switch that MAC address is located. For additional details, wikipedia has a very accurate description found here.
An IP Address is used by network devices to transfer data packets to and from one another. There are a couple different versions of IP Addresses, namely Version 4 and Version 6. While these versions are different in significant ways, they serve the same purpose and that is to provide a place for data to travel to and from. We will be mainly talking Version 4 in our series, and the most important thing to know at this time is that to send data between devices on the network, they need to be able to send to an IP Address. So each device on the network, needs to have at least one of these.
Dynamic Host Control Protocol (DHCP) is a process that ensures devices joining a network get assigned an ip address so they can communicate on the network. In basic terms, when a computer detects a connection on one of its network interfaces, it sends out a DHCP request on the network and a server responsible for answering those requests sends back a response. There is a negotiation that happens and the DHCP server sends back a response assigning an IP address to the device that needs one. The device will then be able to communicate with other devices on the network.
Domain Name Service (DNS) is a service that performs a translation of sorts. IP addresses can be assigned a name. Let's use a fictional example. Say the domain name www.example.com lives at the ip address of 123.456.789.3 (Not a real ip address). As humans, it's easier to remember www.example.com but your computer can only send data to the ip address 123.456.789.3, so we need a way to translate the domain name to the ip address and give that answer to your computer. That's what DNS does. You type www.example.com, your computer says, okay, let me query DNS for what IP address I should send data to for www.example.com. The DNS server answers with the ip address, if it knows the answer, if not, it forwards the request along until an answer comes back. Then, once it has the answer it gives your computer the ip address. Then your computer does the rest.
A Virtual Local Area Network, or vLan, is a method of breaking down physical networks into isolated groupings of networked devices. There are many aspects to vlans that we won't necessarily get into at this stage, but if you think of vlans as imaginary switches that group network devices together on their own network segment you should be able to get the idea. Each vlan is identified by a number between 1 and 4096, where the first (1) vlan is typically assumed to be in place without explicity defining it to exist. This is typically called the "Default vLan". When you define a vLan on a network, you tell the switches and routers that they exist and then you can assign (tag) those vlans to specific network ports on those network devices.
Trunk vs. Access
Above, we discussed how you can assign vLans to network ports on switches and routers. Technically, you can also assign vlans directly on the interface of network devices like computers and servers, but this is very atypical, with the exception of Virtual Machines. There are two common ways vLans are assigned, or tagged to ports.
The first method, which easiest to understand, is a 1 to 1 relationship. This means that a signle vlan is assigned to a single port, and anything that connects to that port is automatically on that vlan. This is what is typically called an "Access" port. The way this works is that a device, say a computer, plugs into the port and anytime data leaves the port, the switch "tags" that data on the vLan that is assigned to it. Now, that data exists on the network associated with that vLan and any other data packets from any other ports on the same vLan will be able to interact, or if destined for a different network, be routed to the default gateway of the network.
The second method we're going to discuss for assigning vlans to network ports is through what is called a "trunk". With trunk ports, instead of only assigning a single default vLan to a port, you specify to the device (the switch, for example) that any number of vLans can pass through the port. And, to look for traffic entering the port that is tagged on a vLan, then when that data leaves the port, to tag it with the same vLan so it can continue it's journey on that network to its destination. You would almost always see trunk ports anywhere you have a connection between network devices, for example, where one switch connects to another switch, or to a router. It is possible for data to come into a Trunk port and not be tagged on a particular vlan, so trunk ports also have a default vlan to handle that data.
Nate is the Founder and CEO of Stapel, LLC