Cloud Networking & Security Made Clear

Beginner-friendly explanations, diagrams, and step-by-step notes on networking, cloud architecture, traffic flow, and security fundamentals — focused on clarity, not vendor marketing.

Beginner-friendly Diagrams first No jargon Concepts before tools

Our Mission

Free, foundational education in cloud networking and security — for anyone, anywhere. We believe clarity makes learning accessible to everyone.

Explore Topics

📦

Cloud Network

From 0s and 1s to the cloud — follow data across every layer of the network stack.

Read article →
🛡️

Cloud Security

Understand attack types and how to defend against security threats.

Read article →

What You Will Learn

  • Networking fundamentals — OSI, TCP/IP, routing
  • Traffic flow — DNS, ICMP, TCP handshakes
  • Cloud architecture — data centers, virtualization
  • Security basics — firewalls, IDS/IPS, TLS
  • DDoS — attack types and mitigation

About Me

I bring over two decades of experience in networking and security, and I continue to expand and share my knowledge through research and blogging, with a strong focus on clarity and practical understanding.

  • Network Architecture — Private and Public cloud environments for enterprise customers
  • Cloud Infrastructure Design — AWS, Azure, and Oracle Cloud Infrastructure (OCI)
  • Network Automation & IaC — Terraform Basics, K8 Cilium

I currently lead Cloud Network & Security for a large bank, managing a large-scale multi-cloud environment. Before this, I spent 16 years with GBM, IBM's representative office in the Middle East.

I strongly believe that anyone with curiosity, consistency, and a willingness to learn can reach meaningful levels in their career. The journey matters more than speed, and clarity makes learning accessible to everyone.

Connect

Flow vs Connection vs Session – cloudnetworking.ai
← Back cloudnetworking.ai · Networking Concepts
📡 Networking Fundamentals

Flow, Connection & Session

Three terms you'll encounter constantly in networking and security — each with a distinct meaning that's easy to confuse.

📖 5 min read 🎯 Networking 101 🔥 Firewall Concepts
01

Flow

One direction of traffic. Defined by the 5-tuple. Two flows make up a full conversation.

02

Connection

Both directions combined. A full conversation between two devices.

03

Session

The firewall's internal state record tracking a connection in its session table.

01

Flow

A flow is a unidirectional stream of packets that share the same five key attributes — commonly referred to as the 5-tuple. If traffic travels from a client to a server, that is one flow. The return traffic is technically a separate flow because the direction changes.
The 5-Tuple
📍 Source IP
🎯 Destination IP
🔌 Source Port
🔌 Destination Port
⚙️ Protocol
Key Characteristics
  • Unidirectional — one direction only
  • Used heavily in monitoring systems — NetFlow, IPFIX, sFlow
  • Widely used in cloud flow logs — AWS VPC Flow Logs, Azure NSG Flow Logs
💡

Think of a flow as one direction of traffic.

02

Connection

A connection represents bidirectional communication between two endpoints. For TCP, it begins with the SYN handshake and both directions of traffic together form a single connection. Even though UDP is technically connectionless, most firewalls still treat UDP exchanges as connections for tracking purposes.
Key Characteristics
  • Bidirectional — both directions combined
  • Represents a full conversation between two devices
  • TCP connections begin with the SYN handshake
  • Often used in traditional firewall terminology
  • UDP is connectionless but firewalls still track it as a connection
💡

Think of a connection as a full conversation.

03

Session

A session is the firewall's internal state entry that tracks a connection. When traffic first matches a firewall policy, the rule is evaluated, NAT is applied, security profiles are assigned, and a session entry is created. After that, subsequent packets simply match the existing session — no full policy lookup needed.
A session typically stores
  • Original and translated IPs/ports — pre and post NAT
  • Policy ID — which rule matched
  • Timeout values — when to expire the entry
  • Security profile information — AV, IPS, URL filtering
  • Byte and packet counters — traffic statistics
Original IPs/Ports
Translated IPs/Ports
Policy ID
Timeout Values
Security Profiles
Byte Counters
Packet Counters
Used in next-gen firewalls Fortinet FortiGate Palo Alto Networks Check Point Cisco FTD
💡

Think of a session as the firewall's memory of a conversation.

How They Relate

For a single TCP interaction
Flows
Client → Server  |  Server → Client × 2
Connection
The full conversation × 1
Session
Firewall state record × 1
A single TCP interaction produces 2 flows, 1 connection, and 1 session entry in the firewall's state table.

Defending Against DDoS Attacks

How modern networks protect applications from volumetric, protocol, and application-layer attacks.

TbpsVolumetric Attacks
LayersL3 / L4 / L7
How to DefendAutomated Mitigation

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

Testing & Resilience Validation

L3 / L4 Lab Tools

Use only in environments you own or are authorised to test. Focus on behaviour validation and capacity planning.

  • hping3 Protocol behaviour testing
  • iperf3 Throughput baseline
  • tcpdump Packet inspection
Measure: SYN backlog, drops, conntrack usage, edge rate-limits.

Layer 7 Load Testing

Simulate real users and APIs to validate WAF, caching, rate-limiting, and autoscaling.

  • ab Apache BenchMark ab -n 5000 -c 200 -v 2 https:
  • k6 Scripted HTTP tests
  • JMeter API workflows
  • Locust User behaviour
  • Gatling High-performance load
Measure: p95 latency, error rate, WAF challenges, cache hit ratio, scale-up time.

The Goal of DDoS Protection

The objective is not just to block traffic, but to ensure legitimate users always get through while attacks are absorbed at the network edge.

A Packet Journey

From Your Computer to the Cloud

📖 Reading time: ~15 mins · Networking 101

The Binary World: 0s and 1s

Have you ever wondered how data from your computer actually moves across the internet and ends up in the cloud? Let's start from the very basics.

Computers operate using the binary number system, which has only two digits: 0 and 1. This is different from the decimal system, which has ten digits (0–9).

Example: To convert 13 into binary:
13 = 8 + 4 + 1 = 2³ + 2² + 2⁰
Binary representation: 1101

How Are 0s and 1s Created?

At the lowest level, computers use transistors. A transistor can either be On (1) or Off (0).

Imagine memory as billions of tiny switches. Each switch is called a bit, and eight bits together form a byte.

How Does the Computer Understand Them?

  • Hardware layer
  • Kernel and device driver layer
  • Operating system layer
  • Application layer

When you save a file, the application informs the OS, which uses drivers to write data to the hard drive.

Encoding of Data

Every character is encoded for efficient storage and transmission using formats like ASCII or UTF (Unicode).

Example: The word network uses 7 characters → file size is 7 bytes.

MAC vs IP Address

At the software level, systems care about IP addresses. At the local network level, devices use MAC addresses.

MAC addresses are 48-bit (6 octets) identifiers defined by IEEE 802.3 and never leave the local network.

OSI Layers and Packet Formation

  • Transport → Segment
  • Network → Packet
  • Data Link → Frame
  • Physical → Bits

Each layer adds its own header. At the destination, headers are removed in reverse order.

Network Media

  • Ethernet: electrical pulses over copper or fiber
  • Fiber: light pulses over glass
  • Wireless: radio waves (WiFi)
  • PAN: Bluetooth

Network Topologies

  • Bus
  • Ring
  • Star (most common)
  • Mesh

Speed, Bandwidth, Latency & Throughput

Bandwidth: Maximum data capacity (bps).

Latency: Time taken for a packet to travel (ms).

Throughput: Actual successful data rate.

Speed: Physical signal rate of the medium.

Real-Life Example

A 1 Gbps connection = 1024 Mbps = 128 MB/s.
A 1 GB file can be downloaded in about 8 seconds.

The Journey Ends in the Cloud ☁️

The data you're reading travelled from a VS Code , across multiple networks, and reached you via the page hosted in cloud.