Basics of Networking

As an SAP Basis consultant, it is handy and helpful to be familiar with basics of networking. It helps us to get a better understanding of the customer’s overall landscape and aids in analysis and troubleshooting. This post discusses basic terminologies involved in networking. It is for anyone who is very new to networking.

Networks and subnets?

Two or more computers or devices connected form a network. This connection can be via a cable or a wireless one.

Subnet is nothing but subset of a network or part of a network.

What is an IP address?

If a computer can be considered as a telephone, IP address is equivalent to the phone number. As we all know a telephone number has two parts – area code (AAA) and local number (LLL-LLLL) something like AAA-LLL-LLLL. Similarly, IP address also has two parts – Network id (which is the area code) and Host id (which is the local number). All the computers or devices on a network have an IP address.  Network id is the same for all the devices on a network. Host id which is also called node id is unique to each device. No two computers on a network can have the same IP just like no two local phone numbers in an area can be the same.

IPv4 and IPv6?

The two most common IP address versions available today are IPv4 and IPv6. IPv6 is a more recent version and is a successor of IPv4.

IPv4 addresses are 32-bit addresses whereas IPv6 is a 128-bit address. We are looking at IPv4 addresses in this post.

In an IPv4 address, each byte or the 8-bit segment of the address is called an octet. It is generally represented in decimal format with each octet separated by a period (like 192.168.2.104).

Classless Inter-domain routing is a method of representing a range of IP addresses.

Public network & Private network?

Public network is something that is publicly available over the internet.

Private network is the one that cannot be accessed directly over the internet. The hosts in a private network have private IP addresses and hence help in conserving addresses in the public IP address range. A private network is highly secured with firewalls and a number of other rules that are established within the subnets. This makes it the most chosen choice for all the systems that host confidential data. From an SAP perspective, most of the application servers and all database servers are usually in subnets within a private network of the organization. Federated portal or Fiori systems are exposed to the internet via web dispatcher and/or external load balancers.

A number of rules can be defined at a subnet level and a private network level on how to route a particular request and whether to allow or deny access to and from the hosts in network.

Private IP address ranges –

Class A – 10.0.0.0 to 10.255.255.255 – First octet is the network id and the remaining three octets are host id

Class B – 172.16.0.0 to 172.31.255.255 – First and second octet are network id, third and fourth constitute host id

Class C – 192.168.0 0 to 192.168.255.255 – first, second and third are network id while the fourth one is for host id

In a network with smaller number of subnets and more devices, class A provides larger address space range for hosts. In a network with large number of subnets with low number of hosts on each subnet, Class C provides more CIDR blocks for subnets.

You may notice that the private ip addresses of different components in an environment (say DEV or QAS or PROD) differ by only one or two octets. This is because of the fact that all the components are part of the same subnet and have the same network id.

De militarized Zone (DMZ)?

DMZ is a subnet in your network that exposes the external-facing systems of your IT landscape to the internet. It provides a layer of security to your network. Systems that provide services to users on external network are placed in DMZ. SAP Web dispatcher lies in the DMZ.

Firewall?

Firewall sits in the DMZ between internet and your local network. It prevents unauthorized access to internet users to a private network. All the traffic to and from the local network has to pass through firewall and is secured.

Network Address Translation (NAT)?

NAT device hides original host IP address from the outside world. It masks the IP address of the hosts on its network and exposes its own IP address or that of a firewall to the internet. In these cases, NAT devices are associated with a public IP address. All the requests to internet originating from a network are exposed with a single IP address. This way, a number of host computers or devices are able to talk to the internet with a single IP address and hence NAT helps in slowing down the rate at which address space is assigned. NAT device keeps track of all outgoing packets transferred and matches the incoming packets with the correct hosts. While you are in office and open SAP support portal, the NAT device masks your host ip and sends the request to SAP with firewall ip. The response from SAP is sent back to firewall ip which is then checked internally as to which host is awaiting response and then routed to your host.

Domain, Domain Name System (DNS) & Fully Qualified Domain Name (FQDN)?

Simply put, DNS lets us use names instead of IP addresses while connecting to a server. It is because of the existence of DNS names, we are able to call  www.google.com  or www.instagram.com instead of those servers ip addresses like 142.250.66.164 or 157.240.8.174.

DNS uses a hierarchical naming system similar to SAP folder structure. The folders are called domains and the hosts can be considered as files in the ultimate folder. Here is an example DNS domain tree. Anchor point for all domains is root which lies at the top. Millions of domains exist under root and these are called top-level domains. There can be multiple sub-levels under each domain, the DNS tree can be upto 127 levels deep. Domain under a domain is called a subdomain. The complete DNS name of the PROD fiori becomes fiori.mycompany.com and that of DEV becomes fioridev.mycompany.com. The complete DNS name fiori.mycompany.com is called a Fully Qualified Domain Name (FQDN).

DNS Domain tree

Although most of the implementations have a separate Infrastructure team, it is extremely important for an SAP Basis consultant to be aware of networking terminology to better understand the holistic architecture.

This post is an attempt to explain the commonly used networking terms in a simple way targeting beginners in this area. Thank you for reading and please leave your feedback in the comments section.