Completek8s Classroomnotes 25/Aug/2023

Networking and k8s

  • Topics:
    • OSI Model
    • TCP/IP Model
    • Linux Networking
      • Bridge
      • Network Interface
      • Packet Handling in Kernel
        • netfilter
      • High-Level-Routing
        • iptables
      • Networking Troubleshooting tools
    • Container Networking
      • Container Networking (Docker) => CNM
      • Container Networking Interface
    • Kubernetes Networking Model
    • CNI
    • NetworkPolicy
    • DNS

OSI Model and TCP/IP Model

  • Overview
  • Reference of OSI Model (geek for geeks) Refer Here
  • Most of our communications are using HTTP Protocol
  • The TCP Protocol is a connection oriented, reliable protocol

CIDR Range

  • Class less interdomain routing is used for subnetting and in our cases to create network ranges
  • CIDR is used to find out the network id and host id of a 32 bit ip address (ipv4)
x.x.x.x => ip 
N = number of bits reserved for network id
n = 32-N = number of bits reserved for host id
  • Example

sm: 11111111.11111111.11111000.00000000

range => to
  • Refer Here
  • The network ranges reserved for private networks are Refer Here

  • Typical Packet

Network interface

  • Computers use a network interface to communicate with outside world, Network interfaces can be physical or virtual.
  • Ip Addresses are assigned to Network interfaces
  • Loopback interface is a special interface for same host communication is the standard IP address for loopback interface.

Bridge Interface

  • Bridge interface allows system admins to create multiple layer 2 networks on a single host

Packet Handling in the kernel

  • Linux kernel is responsible for translating between packets and stream of data for programs


  • This is framework of kernel hooks which allow userpace programs to handle packets on behalf of kernel
  • Refer Here for Wiki on Netfilter
  • Refer Here for understanding netfilter and iptables which kubernetes relies majorly on


  • They can be used to create firewalls and audit logs, mutate and re-routing the package.
  • Iptables use Netfilter which allows iptables to intercept and mutate packets
  • There are 3 key concepts in iptables
    • tables:
      • filter
      • NAT
      • Mangle
      • RAW
      • Securty
    • chains:
      • INPUT
      • NAT
      • OUTPUT
    • rules: they have match condition and action. Match contdition describes packet attribute,
      • Match types:
        • source
        • Destination
        • Protocol
        • In Interface
        • Out Interface
        • State
      • Action:
        • ACCEPT
        • DROP
        • REJECT
        • RETURN

Networking Troubleshooting Tools

Case Tools
Checking connectivity traceroute, ping, telnet, netcat
PortScanning nmap
Checking DNS Records dig, nslookup
HTTP(S) curl, telnet, netcat, openssl
checking listening programs netstat

Container Network Interface

  • This was starter at CoreOS as a part of rkt project
  • CNI is the software interface between the container runtime and network implementation.
  • CNI Project consists of specification and libraries for developing plugins to configure network interfaces in Linux Containers.
  • A CNI Plugin is responsible for associating a network interface to the container network namespace & making any necessary changes to the host


  • Understand Layer 2 and Layer 3 Network Refer Here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner