Networking Study Topics

1. Foundational Concepts

VLANs (Virtual Local Area Networks): The basic method of logically segmenting a physical network into isolated broadcast domains using 802.1Q tagging.
East-West vs North-South Traffic: The two fundamental traffic patterns in a data center — East-West flows between servers internally, North-South flows between servers and the outside world.
MTU / Jumbo Frames: The Maximum Transmission Unit defines the largest packet a link can carry; Jumbo Frames (9000 bytes) reduce overhead for storage and overlay traffic.
Bonding Modes: The different strategies (active-backup, balance-rr, 802.3ad/LACP, etc.) for combining multiple NICs into a single logical interface for redundancy or throughput.
DNS / DHCP in Virtualized Environments: How name resolution and IP address assignment work when thousands of VMs and containers are created and destroyed dynamically.
SDN (Software-Defined Networking): The paradigm of separating the control plane (decisions about where traffic goes) from the data plane (the actual forwarding of packets), managed centrally through software.
BGP (Border Gateway Protocol): The routing protocol that glues the internet together, increasingly used inside data centers for spine-leaf fabrics and multi-cluster routing.
IPv4 / IPv6 Dual-Stack: Running both protocol versions simultaneously on the same infrastructure to support legacy and modern workloads side by side.

NSX-T (VMware NSX): VMware's SDN platform providing distributed switching, routing, firewalling, and micro-segmentation — the networking layer being migrated away from.

LACP (Link Aggregation Control Protocol): A way for a server and a switch to "agree" on grouping multiple physical cables into one fast, redundant link.
LLDP (Link Layer Discovery Protocol): A "neighbor greeting" protocol where devices tell each other their name and which port they are plugged into.
SMLT (Split Multi-Link Trunking): A method to split a redundant connection across two different physical switches so that if one switch fails, the other keeps the server online.
ECMP (Equal-Cost Multi-Path): A routing strategy that lets data take multiple "equally good" paths at the same time to increase total speed.

Spine-Leaf Architecture: A physical layout named after the parts of a plant — Leaf switches (where servers plug in) connect to every Spine switch (the backbone) to ensure every server is exactly the same distance away from every other server.
DCIM (Data Center Infrastructure Management): Software used to track the "physical world" of the data center — power, cooling, rack space, and cable paths.

CNI (Container Network Interface): The standard "plug" that allows Kubernetes (OpenShift) to connect containers to different types of networking software.
Multus (Multi-Network CNI): A meta-CNI plugin that allows a single Pod or VM in Kubernetes to attach to multiple networks simultaneously — critical for OVE where VMs need access to both the cluster network and external VLANs.
OVS / OVN (Open vSwitch / Open Virtual Network): OVS is the switch made of software; OVN is the brain that controls many virtual switches across many servers.
VXLAN (Virtual Extensible Local Area Network): A way to create a "Virtual LAN" that can stretch across different physical buildings by hiding it inside standard IP packets.
GENEVE (Generic Network Virtualization Encapsulation): A "next-generation" version of VXLAN that has a flexible header (like a whiteboard) where the system can write extra notes about security or routing.

SR-IOV (Single Root I/O Virtualization): A hardware feature that lets a single physical network card "slice" itself into many virtual ones that plug directly into VMs for maximum speed.
IOMMU (Input-Output Memory Management Unit): A security chip feature that makes sure a VM only touches its own assigned piece of hardware and can't "spy" on other parts of the server's memory.
DPDK (Data Plane Development Kit): A set of software libraries that lets a program grab network data directly from the card, bypassing the slow parts of the operating system.

DVR (Distributed Virtual Routing): Instead of one central "router" in the data center, every single server has its own "virtual router" built-in to handle traffic locally.
VRF (Virtual Routing and Forwarding): Like a "Virtual Router" inside a physical one, allowing you to have multiple separate routing tables that don't talk to each other.
eBPF (Extended Berkeley Packet Filter): A tiny, ultra-fast "computer inside the computer" that lets you run security and networking programs directly in the core of the Linux system.
Micro-segmentation: The practice of applying firewall rules at the individual VM or Pod level rather than at the network perimeter — every workload gets its own security boundary.
Network Policies (Kubernetes): The Kubernetes-native mechanism for defining which Pods/VMs can talk to which other Pods/VMs — the OVE equivalent of NSX firewall rules.
QoS (Quality of Service): Mechanisms to prioritize certain types of traffic (e.g. storage replication, live migration) over others to guarantee performance under load.
VPN / IPsec Tunneling: Encrypted tunnels between sites or clusters for secure communication over untrusted networks.

Kubernetes Networking Model: The fundamental rules — every Pod gets a real IP, every Pod can reach every other Pod without NAT, and Services provide stable endpoints.
OpenShift Routes / Ingress Controllers: How external traffic enters the cluster and reaches the correct workload — the North-South entry point in OVE.
MetalLB / Load Balancing: Load balancer implementations for bare-metal Kubernetes clusters that assign real IPs to Services — replaces cloud provider LBs.

Network Flow Monitoring: Tools and techniques for capturing, analyzing, and visualizing traffic flows across the data center to detect anomalies and plan capacity.