Alternate sources of information about these layers can be found at
Layer 3 is the communication protocol that is used to create and define packets. With Apple for example, they defined a protocol called Appletalk so that you could talk between Apple computers and devices. This protocol did not really take off. Digital Computers did something similar with VAX/VMS and DecNET. This allowed their computers to talk to each other very efficiently and consume a network without regard for other computers on the network. Over the years the IP protocol has dominated. The protocol is currently in transition from IPv4 to IPv6 because the number of devices attached to the internet have exceeded the available addresses with the protocol. The IPv4 protocol consists of a dotted-quad or dotted-decimal notation with four fields that denote networks. For example, 188.8.131.52 is a valid ip address. All of the four fields can range from 0 to 255 with some of the values reserved. For example, 0.0.0.0 is not considered to be a valid address and neither is 255.255.255.255 because they are reserved for special functions. IPv6 uses a similar notation but addresses are denoted as eight blocks of 16 bit values. An example of this would be 5f05:2000:80ad:5800:58:800:2023:1d71. Note that this give us 128 bits rather than 32 bits to represent an address. IPv4 has 4,294,967,296 possible addresses in its address space, and IPv6 has 340,282,366,920,938,463,463,374,607,431,768,211,456.
With IPv4 addressing there is something called classes of networks. A class A network consists of a leading zero followed by seven bits to define a network and 24 bits to define a specific host. This is typically not used when talking about cloud services. A class B network consists of a leading 1 and 0 followed by 14 bits to define a network and 16 bits to define a host. Data centers typically use something like this because they could have thousands of servers in a data center. A class C network consists of a leading 110 followed by 21 bits to define the network and 8 bits to define a host. This allows 256 computers to be on one network which could be a department or office building. A class D network starts with 1110 and is considered to be a multicast broadcast. If something is written with this sequence, the packets are written to all hosts on the network. All hosts should but are not mandated to pick up this packet and look at the data element. A class E network starts with 1111 and is considered to be reserved and not to be used. The image from Chapter 2 of TCP/IP Illustrated Volume I shows the above visually.
This comes into play when someone talks about netmasks. If you are talking about a 0.0.0.0/16 it means that you are ignoring the leading 16 bits and looking at the remaining 16 bits to use for routing. You might also see 0.0.0.0/24 which means that you use the last 24 bits to route the data. If you set your netmask to be 255.255.255.0 it means that you are using a class B network with the first 16 bits defining the corporate network, the next 8 bits defining the subnet in the company, and the last 8 bits to define the specific host. This means that you can have 255 subnets in the company and 255 computers on each network. A netmask of 255.255.255.0 suggests that you are not going to route outside of your subnet if the first three octets are the same. What this means is that a router either passes the packets through or does not pass the data through based on the netmask and ip address of the destination.
You might hear the term CIDR (Classless inter-domain routing). This term refers to how to get to and from a host if there are multiple ways of traversing the network. We will not get into this but netmasks are good ways of limiting routing tables and spanning trees across networks. This is typically a phrase that you need to know about if you are looking at limiting communication and flow of addresses across a data center.
Earlier we talked about reserved networks and subnets. Some of the network definitions for IPv4 are defined as private and non-routable networks. A list of these addresses include
Multicast addressing is supported by IPv4 and IPv6. An IP multicast address (also called group or group address) identifies a group of host interfaces, rather than a single one. Most cloud vendors don't allow for multicast and restrict use of communications to unicast from one server to another.
Some of the additional terms that come up are network address translation (NAT), border gateway router (BGP), and firewalls come up around networking discussions. We will defer these conversations to higher layer protocols because they involve more than just the ip address. BGP can be a simple definition that just drops ip addresses and does not pass them outside the corporate network independent of the netmask that the source host uses. If, for example, we want to stop someone from connecting to an ip address outside of our network and force it to go through a firewall or packet filter device a BGP can redirect all traffic through these devices or drop the packets.
In summary, we skimmed over routing. This is a complex subject. We mainly talked about layers 2 and 3 to introduce the terms MAC address, IP address, IPv4, and IPv6. We touched on CIDR and routing tables as well as reserved addresses and BGP and NAT. This is not a complete discussion on these subjects but an introduction of terms. Most cloud vendors do not support multicast or anycast broadcasts inside or outside of their cloud services. Most cloud vendors support IPv4 and IPv6 as well as subnet masking and multiple networks for servers and services. It is important to understand what a router is, how to configure a routing table, and the dangers of creating routing loops. We did not touch on hop count and hop cost because for most cloud implementations the topology is simple and servers inside a cloud implementation is rarely a hop or two away unless you are trying to create a highly available service in another data center, zone, or region. Up next, the data layer and the IP datagram.