Skip to content

Portal | Level: L1: Foundations | Topics: TCP/IP, DNS, VLANs, Routing | Domain: Networking

Networking & Cisco - Primer

Why This Matters

Networking is the connective tissue of every infrastructure. Misconfigured VLANs, MTU mismatches, missing routes, and DNS failures cause more outages than most people realize. Understanding networking fundamentals makes you dramatically more effective at debugging distributed systems.

The OSI Model (Practical Version)

Forget memorizing all 7 layers. Focus on these 4 for daily troubleshooting:

Remember: The classic 7-layer mnemonic: "Please Do Not Throw Sausage Pizza Away" (Physical, Data Link, Network, Transport, Session, Presentation, Application). In practice, the internet uses the TCP/IP 4-layer model — the OSI model is primarily a teaching and troubleshooting framework.

Layer What it does Key protocols What breaks
L2 (Data Link) MAC addressing, switching, VLANs Ethernet, ARP, STP VLAN misconfig, STP loops, ARP storms
L3 (Network) IP addressing, routing IP, ICMP, OSPF, BGP Wrong subnet, missing route, asymmetric routing
L4 (Transport) Port-based connections TCP, UDP Firewall rules, connection timeouts, port exhaustion
L7 (Application) App protocols HTTP, DNS, TLS DNS resolution, certificate errors, proxy misconfig

Switching Fundamentals

VLANs

A VLAN (Virtual LAN) segments a physical switch into multiple logical networks. Traffic between VLANs requires a router (inter-VLAN routing).

Under the hood: VLANs work by inserting a 4-byte 802.1Q tag into the Ethernet frame header. The tag contains a 12-bit VLAN ID (range 1-4094) and a 3-bit priority field (for QoS). Switches use the tag to decide which ports receive each frame.

  • Access port: carries one VLAN, connects to end devices
  • Trunk port: carries multiple VLANs (tagged with 802.1Q), connects switches together
  • Native VLAN: untagged traffic on a trunk (default: VLAN 1; change it for security)

Default trap: VLAN 1 is the default native VLAN on every Cisco switch. Leaving it unchanged means management traffic, CDP, STP BPDUs, and user traffic all share the same VLAN. VLAN hopping attacks exploit this. Best practice: change the native VLAN to an unused VLAN ID and prune VLAN 1 from all trunks.

Spanning Tree Protocol (STP)

Prevents loops in redundant L2 topologies. When two switches have multiple paths between them, STP blocks one path to prevent broadcast storms.

  • Root bridge: elected switch that all others calculate paths toward
  • Port states: blocking -> listening -> learning -> forwarding
  • RSTP (Rapid STP): converges in seconds instead of 30-50 seconds

What to know for interviews: STP prevents loops. If you see a broadcast storm, check for rogue connections that bypass STP (e.g., someone plugged both ends of a cable into the same switch).

Routing Fundamentals

Static vs Dynamic

  • Static routes: manually configured, simple, doesn't adapt. Good for stub networks.
  • Dynamic routing: protocols exchange route information automatically.

Analogy: Static routing is like giving someone written turn-by-turn directions — fast, simple, but useless if a road is closed. Dynamic routing is GPS navigation — it learns the map, detects closures, and reroutes automatically. The cost: more CPU and bandwidth for the routing protocol itself.

OSPF (Open Shortest Path First)

Fun fact: OSPF was standardized in RFC 2328 (1998), replacing older distance-vector protocols like RIP. The name "Open" distinguishes it from proprietary alternatives like Cisco's EIGRP. OSPF uses Dijkstra's shortest path algorithm — the same algorithm Google Maps uses to find driving routes.

  • Link-state protocol (each router knows the full topology)
  • Uses cost (based on bandwidth) to pick best path
  • Areas reduce the size of the routing table (Area 0 is the backbone)
  • You'll see this in enterprise campus and datacenter networks

BGP (Border Gateway Protocol)

  • Path-vector protocol; the protocol of the internet
  • eBGP: between different organizations (AS numbers)
  • iBGP: within an organization
  • You'll see this at the edge of enterprise networks and in cloud (AWS VPC peering uses BGP)
  • Key concept: BGP is policy-based, not just shortest path

Interview level: Know what OSPF and BGP are and when they're used. You don't need to configure them unless you're a network engineer.

Remember: "OSPF inside, BGP outside." OSPF handles routing within an organization (interior gateway protocol). BGP handles routing between organizations (exterior gateway protocol). When someone says "the internet runs on BGP," they mean every ISP uses BGP to exchange routes with every other ISP.

Under the hood: BGP uses TCP port 179. It exchanges full routing tables on session establishment, then sends only incremental updates. A full internet routing table is ~950,000 prefixes (as of 2025). BGP route selection considers path length, but also local preference, weight, MED, and community attributes — this is why BGP is called "policy-based routing."

Troubleshooting: Layer by Layer

Layer 1: Is the cable plugged in? Is the link LED on?
         -> ethtool eth0 | grep "Link detected"

Layer 2: Can I see the MAC? Is ARP working?
         -> ip neigh show
         -> arping -I eth0 <gateway-IP>

Layer 3: Can I ping the gateway? Can I ping the destination?
         -> ping -c 3 <gateway>
         -> ping -c 3 <destination>
         -> ip route show (is there a route?)

Layer 4: Can I reach the port?
         -> ss -tlnp (what's listening?)
         -> curl -v http://destination:port

DNS:     Can I resolve the name?
         -> dig <hostname>
         -> dig @8.8.8.8 <hostname> (bypass local resolver)

Linux Networking Tools

Tool Purpose Replaces
ip Interface config, routes, neighbors ifconfig, route, arp
ss Socket statistics netstat
dig DNS queries nslookup
mtr Continuous traceroute + ping traceroute
tcpdump Packet capture (nothing; essential tool)
ethtool NIC settings, stats, diagnostics mii-tool
nmcli NetworkManager CLI editing files in /etc/sysconfig/
nftables/iptables Firewall rules iptables (legacy)

Remember: The modern Linux networking toolkit mnemonic: "I Saw Diggers Making Tunnels Everywhere Near" — Ip, Ss, Dig, Mtr, Tcpdump, Ethtool, Nmcli. These seven tools replace everything from the legacy net-tools package.

Gotcha: ifconfig, netstat, route, and arp are from the deprecated net-tools package. They are missing from many modern distros by default (including minimal container images). Always use the iproute2 equivalents (ip, ss). If you are writing scripts that use ifconfig, they will break on any minimal installation.

Cisco CLI Familiarity

Even if you don't manage Cisco gear, you'll encounter it. Key show commands:

Interview tip: You will not be expected to configure Cisco switches in a DevOps interview, but you will be expected to read show output. Being able to interpret show ip route, show vlan brief, and show interfaces status sets you apart from candidates who only know cloud networking.

show interfaces status          # All ports: up/down, speed, VLAN
show vlan brief                 # VLAN list and port assignments
show ip route                   # Routing table
show ip interface brief         # Interface IP summary
show mac address-table          # MAC to port mappings
show spanning-tree              # STP status
show port-channel summary       # Link aggregation status
show run interface Gi1/0/1      # Config for a specific port
show log                        # Recent log messages

See Also

Wiki Navigation

Prerequisites

Next Steps

Related Content