Networking Fundamentals —
Protocols, Routing & VLANs
TCP/IP stack, TCP vs UDP, ports, ARP, NAT, routing, VLANs, and the complete end-to-end journey of a packet to Google and back.
The Big Picture
Parts 1 and 2 covered the first two layers of networking: the Data Link Layer (NICs, Ethernet, Switches, Bridges) and the Network Layer (IP Addresses, Subnet Masks, Gateways, DHCP). Together they allow devices to communicate locally and across different networks.
Part 3 goes deeper — into the protocols that enable reliable communication (TCP/IP), address resolution (ARP), address translation (NAT), intelligent routing, logical network segmentation (VLANs), and finally the full end-to-end journey a packet takes when you visit google.com.
The TCP/IP Stack
TCP/IP (Transmission Control Protocol / Internet Protocol) is the set of rules that allows devices anywhere in the world to communicate. Think of it as a delivery company — four layers, each with a specific job, working together to move data from an application on your device to a server on the other side of the world.
| # | Layer | Job | Key Protocols |
|---|---|---|---|
| 1 | Application Layer | What information to send | HTTP, HTTPS, FTP, DNS, SMTP, SSH |
| 2 | Transport Layer | Reliability & port numbers | TCP, UDP |
| 3 | Internet Layer | IP addressing & routing | IP, ICMP, ARP |
| 4 | Network Access Layer | Physical transmission | Ethernet, Wi-Fi |
Application Layer
This is where applications live — Chrome, Firefox, WhatsApp, email clients, file transfer tools. The Application Layer decides what information should be sent. When you open google.com, your browser creates an HTTP request (GET / HTTP/1.1) and hands it to the layer below.
Transport Layer
The Transport Layer is responsible for reliability, port numbers, data segmentation, and error recovery. It breaks application data into smaller segments (or datagrams for UDP), adds port numbers so the receiving OS knows which application to deliver to, and handles retransmission of lost data (TCP only).
TCP — Transmission Control Protocol
TCP is reliable. It guarantees delivery, correct order, error checking, and retransmission of lost data. Before any data transfers, TCP establishes a connection using the Three-Way Handshake:
| Step | Message | Meaning |
|---|---|---|
| 1 | SYN | Client to Server: "Can we talk?" |
| 2 | SYN-ACK | Server to Client: "Yes, I can hear you." |
| 3 | ACK | Client to Server: "Connection established." |
Use TCP when: reliability is critical, data accuracy matters. Examples: web browsing, email, file transfer.
UDP — User Datagram Protocol
UDP is faster than TCP but provides no guarantees — no delivery confirmation, no ordering, no retransmission. Think of it as throwing a message over a wall: fast, but no confirmation it arrived. Use UDP when: speed and low latency are critical and some data loss is acceptable. Examples: online gaming, voice/video calls, live streaming, DNS queries.
Ports
Many applications share one IP address. The OS needs a way to know which application should receive incoming data. Ports solve this — they identify specific applications or services on a device. Think of an IP address as an apartment building and a port as the apartment number.
Example: 192.168.1.10:443 — building = IP, apartment = port 443 (HTTPS). Ports live at the Transport Layer and are used by both TCP and UDP.
Common Ports
| Port | Protocol | Used For |
|---|---|---|
20/21 | FTP | File Transfer Protocol |
22 | SSH | Secure Shell (Remote Login) |
25 | SMTP | Simple Mail Transfer Protocol |
53 | DNS | Domain Name System |
80 | HTTP | HyperText Transfer Protocol |
443 | HTTPS | HTTP Secure (SSL/TLS) |
3389 | RDP | Remote Desktop Protocol |
3306 | MySQL | MySQL Database |
ARP — Address Resolution Protocol
ARP is one of the most important protocols inside LANs. The problem it solves: you know the destination’s IP address, but Ethernet requires a MAC address to actually deliver the frame. ARP answers the question: “Who owns this IP address?”
The ARP process has three steps: (1) PC broadcasts “Who has 192.168.1.20?” to everyone, (2) the target replies with its MAC address via unicast, (3) communication begins. The result is stored in the ARP cache to avoid repeating the broadcast for every packet.
NAT — Network Address Translation
Your home devices use private IP addresses (192.168.x.x) that cannot travel across the Internet. NAT, running on your router, translates private addresses to the router’s public IP when traffic leaves your network — and translates incoming replies back to the correct private device.
Routing
Routing means determining the best path for packets to travel from source to destination. When you access google.com, your packet hops through multiple routers: Home Router → ISP Router → Regional Router → Backbone Router → Google. At each step, the router asks: “Where should this packet go next?”
What is a Router?
A router connects different networks. Unlike switches that ask “Which port?” (based on MAC), routers ask “Which network?” (based on IP). Routers make forwarding decisions using IP addresses and routing tables and perform four key functions: connect different networks, determine the best path, forward packets based on IP, and reduce broadcast domains.
Switching vs Routing
| Feature | Switching (Layer 2) | Routing (Layer 3) |
|---|---|---|
| Uses | MAC Address | IP Address |
| Works at | Data Link Layer (L2) | Network Layer (L3) |
| Purpose | Move frames within same network | Move packets between networks |
| Simple rule | Switch = Inside City | Router = Between Cities |
VLAN — Virtual Local Area Network
One of the most important enterprise networking concepts. VLANs allow one physical switch to behave like multiple logical switches. Without VLANs on a switch with HR, Finance, and Engineering departments: everyone is on the same Layer 2 network, broadcasts reach everyone, ARP reaches everyone, and traffic is less isolated.
With VLANs: assign VLAN 10 = HR, VLAN 20 = Finance, VLAN 30 = Engineering. Each VLAN is a separate broadcast domain. Frames are forwarded only within the same VLAN. Traffic between VLANs requires a router (Layer 3 device). Result: logical segmentation on one physical switch.
Better Isolation
HR cannot see Finance traffic even on the same switch.
Better Performance
Reduces unnecessary broadcast traffic across all ports.
Manageability
Organize network logically regardless of physical location.
Enterprise Standard
Essential in any production network with multiple departments.
Access Ports, Trunk Ports & VLAN Tagging
Access Ports
An access port belongs to exactly one VLAN. It connects end devices (PCs, printers, phones) to the switch. Frames leaving an access port are untagged — the device has no idea it’s part of a VLAN.
Trunk Ports
A trunk port carries multiple VLANs over a single physical cable — used to connect switches together. Traffic on a trunk contains VLAN tags so the receiving switch knows which VLAN each frame belongs to.
VLAN Tagging — IEEE 802.1Q
VLANs use the IEEE 802.1Q standard. When traffic leaves an access port and enters a trunk, the switch inserts a 4-byte tag into the Ethernet frame containing the VLAN ID. This tag tells other switches which VLAN owns the frame. When the frame reaches its destination access port, the tag is removed.
Broadcast Domain
A broadcast domain is a group of devices that receive each other’s broadcasts. Without VLANs, an entire switch is one broadcast domain — every device receives every broadcast. With VLANs, each VLAN becomes its own separate broadcast domain, reducing unnecessary traffic and improving security.
How a Packet Travels to Google
This is the complete end-to-end journey that combines everything from Parts 1, 2, and 3:
| Step | What happens | Layer/Protocol |
|---|---|---|
| 1 | User types google.com in browser | Application Layer |
| 2 | DNS resolves google.com → 142.250.72.14 | DNS (Port 53) |
| 3 | Browser creates HTTPS request | HTTP/HTTPS (Port 443) |
| 4 | TCP creates connection (Three-Way Handshake) | TCP, Transport Layer |
| 5 | IP layer creates packet (adds Source & Destination IP) | IP, Network Layer |
| 6 | ARP finds gateway’s MAC address | ARP, Data Link Layer |
| 7 | Ethernet frame created (Source & Destination MAC added) | Ethernet, Data Link Layer |
| 8 | NIC transmits data as bits onto the wire | Physical Layer |
| 9 | Switch forwards frame based on MAC address table | Layer 2 Switching |
| 10 | Router receives packet, checks destination IP | Layer 3 Routing |
| 11 | NAT converts private IP → public IP (203.0.113.5) | NAT |
| 12 | Internet routers forward packet to Google | Internet Routing |
| 13 | Google server processes request | Application Layer |
| 14 | Response follows reverse path back to your device | All layers reversed |
Part 3 Summary
- TCP/IP Stack — 4 layers: Application (what to send), Transport (reliability+ports), Internet (IP routing), Network Access (physical).
- Application Layer — where apps live; creates HTTP/HTTPS/FTP/SSH/DNS/SMTP requests.
- Transport Layer — breaks data into segments; uses port numbers; TCP (reliable) or UDP (fast).
- TCP — Transmission Control Protocol; Three-Way Handshake (SYN/SYN-ACK/ACK); guarantees delivery, order, error checking, retransmission.
- UDP — User Datagram Protocol; no guarantees, lower latency; for gaming, voice, video, DNS.
- Ports — identify applications (not devices); live at Transport Layer; IP = building, Port = apartment. Key ports: SSH 22, HTTP 80, HTTPS 443, DNS 53.
- ARP — Address Resolution Protocol; resolves IP → MAC via broadcast; result stored in ARP cache.
- NAT — Network Address Translation; translates private IPs → public IP at router; conserves IPv4 addresses.
- Routing — determining best path for packets across networks; each router decides "where next?"
- Router — Layer 3 device using IP addresses; connects different networks; uses routing tables.
- Switching vs Routing — Switching (L2, MAC, within network). Routing (L3, IP, between networks).
- VLAN — Virtual LAN; one switch = multiple logical networks; better security, performance, isolation.
- Access Port — belongs to one VLAN; untagged frames; connects end devices.
- Trunk Port — carries multiple VLANs; tagged frames; connects switches.
- 802.1Q — VLAN tagging standard; switch inserts 4-byte VLAN ID tag into Ethernet frame on trunks.
- Broadcast Domain — group receiving broadcasts; each VLAN = one broadcast domain.
- Packet to Google — 14 steps: DNS → TCP → IP → ARP → Ethernet → Switch → Router → NAT → Internet → Google → reverse path.
Networking Fundamentals — Part 3: Protocols, Routing & VLANs