Networking

• Introduction to Networks
• The Basics and Benefits of IPv6
• Networking Implementation Runbook

Introduction to Networks

Requirements

• Some basic networking knowledge
• Some basic subnetting knowledge
• Around 20 minutes of your time

Introduction to Networking

Networking is the process of connecting devices to share data and resources. It allows communication between users over local or global distances. Networks can range from small home setups to large corporate infrastructures. Key components include routers, switches, and protocols that manage data traffic. Effective networking ensures reliable, secure, and efficient information exchange. As technology advances, networking plays a critical role in enabling digital communication worldwide.

Logically this means that every device will have an IP address and this can be used to communicate with other devices. This can look like the diagram below:

This shows a simple network with 8 devices, all connected to each other. In practice, the circle will represent the infrastructure; the Routers and Switches.

Routers

In every network, we have a device that plays the “Router” role. This is basically connecting different networks to each other. In most bigger networks, this can be the firewall.

On Azure, the routing and switching part is done with creating a virtual network. This means that this is all managed and you only select the network you want to connect with.

Switches

Switches are the distribution part of a network. These are literally like power strips but then for networks. One cable goes in (called the “Uplink)”, and all other cables are going out of the switch (called “Downlinks)”. Connecting a device to a downlink of a switch gives access to the network.

Routers and Switches can seem the same as terms but they are different in a particular way. Routers connects our devices to different networks, and Switches redistribute those networks.

IP addressing

IP addresses are needed on a network for every device to know where to deliver a package. You can compare this like in a real world city, where every street has a name and every house has a house number. IP addressing works kind of the same way, but translated in a way so computers can also work with it.

We have two types/versions of IP addresses:

• IPv4, where we will focus on in this guide
• IPv6, for more information about IPv6 I recommend first understand IPv4 and then read this guide: https://justinverstijnen.nl/basic-ipv6-explaination/

IP address are built in this way:

The first part represents the “Network ID”, which is a static part and will remain till configured different. The last part represents the “Host ID” which is a number that is different for every host. The Network ID can be compared to a real life Street and the Host ID is the house number.

Class A, Class B and Class C networks

Now this is a basic explaination of a Class C address, where we only use the last number. We have 3 classes that we use in networking:

• Class A (255.0.0.0 to 255.254.0.0)
• Class B (255.255.0.0 to 255.255.254.0)
• Class C (255.255.255.0 to 255.255.255.255)

Now this tells us how many devices we can use in our network:

• In Class A, we can connect millions of devices because there are many available addresses
• In Class B, we can connect up to 65.000 devices
• In Class C, we can connect up to 254 devices

The most important here is the Subnet mask which tells devices on what part of the IP addressing scheme they are.

Introduction to Subnet masks

You must have seen them in your daily life of being an IT guy, Subnet masks. This is a number like:

• 255.255.255.0 or /24
• 255.255.0.0 or /16

This number decides how many hosts we can use in our network. The more zeros in the subnet mask, the more host addresses are available. For example, /24 (255.255.255.0) allows 254 usable hosts, while /16 (255.255.0.0) allows 65.534 usable hosts. Subnet masks help divide networks into smaller parts, making management and security easier. A best practice is always to have your subnets as small as possible for networks or VLANs, but the bottom line is mostly /24.

A smaller subnet is basically a higher performance. Because some requests, like broadcasts are sent to every address. This process is faster to 254 addresses than to 65.000 addresses.

Deep dive into IP addresses

IPv4 addresses, like 172.16.254.1, are decimal representations of four 8-bit binary blocks, known as octets. Each octet ranges from 0 to 255, making every IPv4 address 32 bits in total.

The IP address 172.16.254.1 can be represented in binary format like shown in the picture below:

So an IP address is basically a human readable way of how the devices work under the hood. All based on 0’s and 1’s.

Subnets, Segmentation and VLANs

Subnetting is a technique used in networking to divide a larger IP network into smaller, more manageable subnetworks (subnets). It helps optimize IP address allocation, improve network performance, and enhance security by segmenting traffic.

Each subnet operates as an independent network while still being part of the larger network. By using subnetting, organizations can efficiently manage IP address space, reduce network congestion, and implement better access control.

Subnetting is achieved by modifying the subnet mask, which determines how many bits are used for the network and how many for the host portion of an IP address. Understanding subnetting is essential for network engineers and administrators to design scalable and efficient network infrastructures.

In Azure, we do this by creating a virtual network which has an address space (for example: 10.0.0.0/16) and we can build our subnets in that space (10.0.0.0/24, 10.0.1.0/24, 10.0.2.0/24 etc.). I have done this for demonstration in the picture below:

When using routers and switches, we can segment our network in different, Virtual networks which are called VLANs. This can help us by dividing devices into different isolated networks without the need of having seperate physical networks.

For designing VLANs you have to calculate the subnet sizes and ip address schemes. I have a tool available for doing this:

Use Subnet Calculator

Tips for understandable network addressing

So when designing networks, you will never know how long you are gonna use it. My advice is to always have a good networking plan and document your plan for future use and expansion.

I have some tips for designing networks that work well:

• Always use as small as possible networks, with /24 as bottom line
• Segment devices with good logic (Servers to servers, Guest to guest etc.)
• Link your VLAN IDs to your Network IDs
  • For example;
    • VLAN ID 10 to 10.0.10.0/24
    • VLAN ID 20 to 10.0.20.0/24
    • VLAN ID 99 to 10.0.99.0/24

Complete overview of Subnet masks and usable addresses

To have a cheat sheet of subnet masks, I have created a complete table of all usable Subnet masks including how much addresses you can assign in those networks:

Comma’s used in Usable addresses to not be confused with IP addresses ;)

Knowledge check

Summary

I hope I gave you a great basic understanding of how networks work and the fundamentals to use networking in Azure. Its part of our jobs and not very easy to start out with.

Thank you for reading my guide and i hope it was helpful.

End of the page 🎉

You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.

If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/

Go back to Blog homepage

If you find this page and blog very useful and you want to leave a donation, you can use the button below to buy me a beer. Hosting and maintaining a website takes a lot of time and money. Thank you in advance and cheers :)

The terms and conditions apply to this post.

The Basics and Benefits of IPv6

Requirements

• Around 15 minutes of your time
• Basic networking knowledge is great

IP addressing with IPv4 and IPv6

When we speak of a network, we speak of a set connected devices (we call them clients/nodes) where each device has its own use. Also there are some fundamental components every network has:

• Router (this device connects your network to other networks like the internet)
• Client

Like i said, your network contains several devices and each devices has to know how to connect to an other device. This will be done using an IP address. Using IP addresses enables you to have a very efficient network in terms of cabling. In the past there some coaxial based networks where every device was physically connected to each other.

You can pretty much compare IP addresses to sending a post card in real life. Your postal company has to know where your postcard must be delivered, but then in terms of finding the right device in your network.

IP addresses examples

An IP address looks like the addresses below:

• 192.168.1.25 or 172.16.4.75 for IPv4
• fd00::1or fd85:28a1:f4fa::1 for IPv6

IPv4 addressing

In the early ages of computers, a digital manner of adressing network devices was needed. After some research IPv4 was born. A very efficient addressing manner which is easily understandable by computers but also for humans. We humans like easy dont we?

The whole IPv4 addresses space contains 32 bits which means there are 4,3 billion (232) different addresses possible. In the early 80’s when IPv4 was founded this was more than enough.

With the rapid increase in devices worldwide, the shortage of IPv4 addresses became increasingly apparent. This is not surprising, considering that the global number of people is nearly twice the number of available IPv4 addresses.

IPv6 addressing

To fulfill the shortage of IP addresses, IPv6 was born in 1998 which has as primary goal to fulfill the requirement of having enough addresses available for everyone. Fortunately, they did not go way over the top and instead used a 128 bits (2128) address space. In this space, the total usable addresses in IPv6 are 340.282.366.920.938.463.463.374.607.431.768.211.456 (340 undecillion).

Addressing scheme

Both IPv4 and IPv6 use a similar addressing scheme which is similar to your physical home address and number:

A great way to better understand this:

• Network ID represents the street, which is the same for all buildings in that street.

• Host ID represents the unique number of your building/house, which is different for each building in the same street.

Differences between IPv4 and IPv6 and benefits

Most of the time in our job, a higher number means faster. Unfortunately this is not the case with IPv6. IPv6’s main job is to create more possible addresses. It does have some great advantages because at the time of founding there was more knowledge, like real world scenario’s where IPv4 weak points were.

Common IPv4 addresses in IPv6

When it comes to compare generic terms in networking, you can use the table below:

Knowledge check

Summary

This page greatly explains how IPv4 and IPv6 addresses and their basics and benefits work, and there is a lot to also tell about. Obviously too much to include on a single page. Also i want the content to be readable and to stay within the best attention span of humans :).

End of the page 🎉

You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.

If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/

Go back to Blog homepage

If you find this page and blog very useful and you want to leave a donation, you can use the button below to buy me a beer. Hosting and maintaining a website takes a lot of time and money. Thank you in advance and cheers :)

The terms and conditions apply to this post.

Networking Implementation Runbook

When do you use this implementation guide?

With network implementations, I mean the implementation, migration, or replacement of one or more of the following components:

• DHCP server, IP address ranges, and/or VLANs
• Firewall
• Modem / internet-facing router
• Switch or switches (managed and unmanaged)

Implementation guide overview

To keep the process as simple as possible, this implementation guide consists of three phases:

The phases of a network migration are:

1. Preparation and configuration
2. Implementation
3. Post-check and completion

Phase 1: Preparation and configuration

In the preparation and configuration phase, all equipment is configured and prepared for implementation. This means I mostly connect all new devices, configure the firmware, updating all firmware to the latest available versions and register the devices into your asset management solution (CMDB).

Before configuring any equipment, the current situation must first be inventoried because you need to know what hardware to order.

1.1 Inventory of the current network

Perform the steps below to gather all required information:

Networks and address spaces

• Perform an IP scan on all networks
• Identify static IP addresses and DHCP reservations

Other systems

• Inventory any camera surveillance system
• Inventory any alarm system

1.2 Configuration of new equipment

The configuration may consist of:

• Replicating the current situation (from step 1.1), or
• A completely new implementation

For a fully new implementation, the list below can be used as a guideline.

Configuration tasks

The following components must be configured on the new network equipment:

• Update firmware and software to the latest available versions
• Configure networks and VLANs
• Configure the DHCP server and address pools
• Configure DHCP reservations
• Configure DNS servers
• Configure required firewall rules
• Open required TCP/UDP ports (DNAT)
• Preconfigure required Site-to-Site VPN connections

Phase 2: Implementation

The implementation phase is the shortest phase. It consists solely of switching the network to use the new equipment and/or a new IP range, DHCP server, or VLAN.

Follow:

• 2.1 when deploying new network equipment
• 2.2 when implementing a new IP range, DHCP server, and/or VLAN

2.1 Deployment of new network equipment

At the start of Phase 2, we assume that the new equipment:

• Is already installed in the customer’s network cabinet
• Is ready for cutover

Preferably, perform these activities outside of the customer’s business hours to minimize outage.

Implementation steps

1. Ensure it is clearly known which cables must be switched
2. To avoid DHCP and ARP issues, power off all switches completely and save their configurations prior
3. Switch the cable(s) identified in step 1
4. Verify that the connection is working
5. Power on all switches that were turned off
6. Verify network connectivity
7. Enable any VPN connections (Point-to-Site and Site-to-Site)

Before proceeding to Phase 3, verify whether the following scenario applies.

2.1.1 Firewall – ISP modem → Bridge mode or DMZ

ISPs often provide their own modem. This modem should not be removed, as doing so may result in no support from the provider during outages.

To prevent double NAT, one of the following 2 options must be configured:

Bridge mode (preferred)

• The modem forwards all traffic 1:1
• Effectively functions like an unmanaged switch
• WAN configuration is applied to the deployed firewall:
  • IP address
  • Subnet mask
  • Gateway
  • DNS servers

Note: Bridge mode may sometimes only be enabled by the ISP themselves. Take this into account when performing implementations outside of office hours.

DMZ (Demilitarized Zone)

• The modem forwards all traffic to the deployed firewall
• The WAN IP address of the firewall must be known to the modem
• DMZ / Exposed Host must be configured on the modem

With either option correctly configured:

• Internet access should function
• External access to TCP/UDP ports should work

Phase 3: Post-check and completion

The final phase focuses on verifying whether the network implementation was successful.
All implemented components must be tested before leaving the customer — including evenings, weekends, or other special periods.

Work through the checklist from top to the bottom.
If an issue arises it must be resolved before continuing, due to component dependencies.

This ensures the implementation does not cause issues in the (near) future.

3.1 Extended testing list

3.2 Short test list

• Firewall
• Switches
• DHCP
• DNS
• Network connectivity
• Internet
• DHCP reservations
• VPN – Site-to-Site
• Printers
• Scanners
• Camera surveillance system
• Alarm system
• Open ports / DNAT
• VPN – Point-to-Site

Summary

This page describes how I have done network implementations in the past and use it as a checklist to perform future implementations. Sometimes in the heat of the moment you forget some things here and there. To address this problem, I created this checklist for myself.

End of the page 🎉

You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.

If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/

Go back to Blog homepage

If you find this page and blog very useful and you want to leave a donation, you can use the button below to buy me a beer. Hosting and maintaining a website takes a lot of time and money. Thank you in advance and cheers :)

The terms and conditions apply to this post.