Cloud Networking & Security Made Clear

Beginner-friendly explanations, diagrams, and step-by-step notes on networking, cloud architecture, traffic flow, and security fundamentals — focused on clarity, not vendor marketing.

Beginner-friendly Diagrams first No jargon Concepts before tools

Our Mission

Free, foundational education in cloud networking and security — for anyone, anywhere. We believe clarity makes learning accessible to everyone.

Explore Topics

📦

A Packet Journey

From 0s and 1s to the cloud — follow data across every layer of the network stack.

Read article →
🛡️

DDoS Protection

Understand attack types and how modern networks defend against volumetric threats.

Read article →

What You Will Learn

  • Networking fundamentals — OSI, TCP/IP, routing
  • Traffic flow — DNS, ICMP, TCP handshakes
  • Cloud architecture — data centers, virtualization
  • Security basics — firewalls, IDS/IPS, TLS
  • DDoS fundamentals — attack types and mitigation

About Me

I bring over two decades of experience in networking and security, and I continue to expand and share my knowledge through research and blogging, with a strong focus on clarity and practical understanding.

  • Network Architecture — Private and Public cloud environments for enterprise customers
  • Cloud Infrastructure Design — AWS, Azure, and Oracle Cloud Infrastructure (OCI)
  • Network Automation & IaC — Terraform, Python Libraries, REST APIs, and Cilium

I currently lead Cloud Network & Security for a large bank, managing a large-scale multi-cloud environment. Before this, I spent 16 years with GBM, IBM's representative office in the Middle East.

I strongly believe that anyone with curiosity, consistency, and a willingness to learn can reach meaningful levels in their career. The journey matters more than speed, and clarity makes learning accessible to everyone.

Connect

A Packet Journey

From Your Computer to the Cloud

📖 Reading time: ~15 mins · Networking 101

The Binary World: 0s and 1s

Have you ever wondered how data from your computer actually moves across the internet and ends up in the cloud? Let's start from the very basics.

Computers operate using the binary number system, which has only two digits: 0 and 1. This is different from the decimal system, which has ten digits (0–9).

Example: To convert 13 into binary:
13 = 8 + 4 + 1 = 2³ + 2² + 2⁰
Binary representation: 1101

How Are 0s and 1s Created?

At the lowest level, computers use transistors. A transistor can either be On (1) or Off (0).

Imagine memory as billions of tiny switches. Each switch is called a bit, and eight bits together form a byte.

How Does the Computer Understand Them?

  • Hardware layer
  • Kernel and device driver layer
  • Operating system layer
  • Application layer

When you save a file, the application informs the OS, which uses drivers to write data to the hard drive.

Encoding of Data

Every character is encoded for efficient storage and transmission using formats like ASCII or UTF (Unicode).

Example: The word network uses 7 characters → file size is 7 bytes.

MAC vs IP Address

At the software level, systems care about IP addresses. At the local network level, devices use MAC addresses.

MAC addresses are 48-bit (6 octets) identifiers defined by IEEE 802.3 and never leave the local network.

OSI Layers and Packet Formation

  • Transport → Segment
  • Network → Packet
  • Data Link → Frame
  • Physical → Bits

Each layer adds its own header. At the destination, headers are removed in reverse order. 1️⃣ Flow A flow is a unidirectional stream of packets that share the same five key attributes: Source IP Destination IP Source Port Destination Port Protocol This is commonly referred to as the 5-tuple. If traffic travels from a client to a server, that is one flow. The return traffic from server to client is technically a separate flow because the direction changes. Key Characteristics: Unidirectional Used heavily in monitoring systems (NetFlow, IPFIX, sFlow) Often used in cloud “flow logs” (AWS, Azure) Think of a flow as one direction of traffic. 2️⃣ Connection A connection represents bidirectional communication between two endpoints. For TCP: It begins with the SYN handshake. Both directions of traffic together form a single connection. Even though UDP is technically connectionless, most firewalls still treat UDP exchanges as connections for tracking purposes. Key Characteristics: Bidirectional Represents a conversation between two devices Often used in traditional firewall terminology Think of a connection as a full conversation. 3️⃣ Session A session is the firewall’s internal state entry that tracks a connection. When traffic first matches a firewall policy: The rule is evaluated. NAT is applied (if configured). Security inspection profiles are assigned. A session entry is created in the firewall’s session table. After that, subsequent packets do not go through full policy lookup — they simply match the existing session. A session typically stores: Original and translated IPs/ports Policy ID Timeout values Security profile information Byte and packet counters Most next-generation firewalls (Fortinet, Palo Alto, etc.) use the term session as the primary tracking object. Think of a session as the firewall’s memory of a conversation. How They Relate For a single TCP interaction: 2 flows (forward and reverse) 1 connection (the conversation) 1 session (the firewall’s state record)

Network Media

  • Ethernet: electrical pulses over copper or fiber
  • Fiber: light pulses over glass
  • Wireless: radio waves (WiFi)
  • PAN: Bluetooth

Network Topologies

  • Bus
  • Ring
  • Star (most common)
  • Mesh

Speed, Bandwidth, Latency & Throughput

Bandwidth: Maximum data capacity (bps).

Latency: Time taken for a packet to travel (ms).

Throughput: Actual successful data rate.

Speed: Physical signal rate of the medium.

Real-Life Example

A 1 Gbps connection = 1024 Mbps = 128 MB/s.
A 1 GB file can be downloaded in about 8 seconds.

The Journey Ends in the Cloud ☁️

The data you're reading travelled from a VS Code editor, across multiple networks, and reached you via the cloud.

Defending Against DDoS Attacks

How modern networks protect applications from volumetric, protocol, and application-layer attacks.

TbpsVolumetric Attacks
LayersL3 / L4 / L7
How to DefendAutomated Mitigation

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

Testing & Resilience Validation

L3 / L4 Lab Tools

Use only in environments you own or are authorised to test. Focus on behaviour validation and capacity planning.

  • hping3 Protocol behaviour testing
  • iperf3 Throughput baseline
  • tcpdump Packet inspection
Measure: SYN backlog, drops, conntrack usage, edge rate-limits.

Layer 7 Load Testing

Simulate real users and APIs to validate WAF, caching, rate-limiting, and autoscaling.

  • k6 Scripted HTTP tests
  • JMeter API workflows
  • Locust User behaviour
  • Gatling High-performance load
  • ab Basic concurrency
Measure: p95 latency, error rate, WAF challenges, cache hit ratio, scale-up time.

The Goal of DDoS Protection

The objective is not just to block traffic, but to ensure legitimate users always get through while attacks are absorbed at the network edge.

Blog

Understanding Flow, Connection, and Session in Firewall.

Month Year · X min read

Flow, Connection, and SessionS in Firewall/LoadBalancer/WAF

In networking and firewall design, the terms flow, connection, and session are often used interchangeably. A flow is a unidirectional stream of packets that share the same five key attributes. A connection represents bidirectional communication between two endpoint A session is the firewall’s internal state entry that tracks a connection.

Read more →