Listen to this Post
Introduction
Networking is the silent backbone of every DevOps workflow—from the moment a developer pushes code to a CI/CD pipeline, to the instant a Kubernetes pod communicates with a database, to the final delivery of a service to an end-user. Yet networking problems rarely announce themselves clearly; a deployment fails, a pod cannot reach its database, or a service responds intermittently, while logs remain frustratingly clean. This quick revision guide consolidates the essential networking concepts, commands, and troubleshooting techniques every DevOps engineer must master to diagnose issues efficiently and design resilient, secure systems.
Learning Objectives
- Master the core Linux and Windows networking commands used daily in production troubleshooting
- Understand DNS resolution, routing tables, and firewall configurations across cloud and on-premise environments
- Apply systematic troubleshooting methodologies to identify and resolve network issues in CI/CD pipelines, containerized workloads, and cloud infrastructures
1. Linux Networking Commands: Your Daily Diagnostic Arsenal
Every DevOps engineer spends a significant portion of their troubleshooting time at the Linux command line. Mastering these commands transforms a frustrating debugging session into a systematic diagnosis.
Connectivity Testing – The Baseline
Start every investigation by proving connectivity works at every layer. The simplest yet most powerful test sequence is:
ping -c 4 8.8.8.8 ping -c 4 example.com
If the first command succeeds but the second fails, DNS is the culprit. If both fail, it is a routing or firewall issue. Then verify whether the local host can reach its gateway:
ip route show traceroute 8.8.8.8
Network Interface and Routing Inspection
Display all IP addresses and network interfaces with the modern `ip` command (replacing the deprecated ifconfig):
ip addr show
View the current routing table to understand how packets are being directed:
ip route show
For detailed analysis in multi-interface or container setups, check which route a particular destination would take:
ip route get 1.1.1.1
Linux supports multiple routing tables with policy routing. Check the rules to identify misconfigurations that can cause asymmetric routing:
ip rule show
Misconfigured rules can cause packets to leave through one interface but return on another, with firewalls often dropping these replies.
Port and Service Analysis
Knowing what is listening on which port is critical for debugging service connectivity:
ss -tulnp
This lists all TCP and UDP listening ports with the associated process names. The older `netstat -tuln` provides similar information but `ss` is faster and preferred in modern systems.
To check if a remote server’s port is open:
nc -zv google.com 443
DNS Diagnostics
DNS issues are among the most frequent culprits in DevOps incidents. Use `dig` for detailed DNS queries:
dig example.com +short
The `nslookup` command remains useful for quick record checks:
nslookup example.com
Packet Capture and Analysis
When all else fails, capture the actual packets:
tcpdump -i eth0 port 80 -1n
For deeper analysis, save to a file for later inspection in Wireshark:
tcpdump -i eth0 -w capture.pcap
Security Scanning
Identify open ports and potential vulnerabilities with `nmap`:
nmap -sP 192.168.1.0/24
To check specific ports:
nmap -p 22,80,443 <target-ip>
Firewall Management with UFW
UFW (Uncomplicated Firewall) provides simplified firewall management at the server level, acting as a second layer of security beyond cloud security groups:
sudo ufw enable sudo ufw allow 22/tcp sudo ufw allow 80/tcp sudo ufw status verbose
2. Windows Networking Commands for Hybrid Environments
Many DevOps environments include Windows servers, and knowing the equivalent Windows commands ensures you can troubleshoot across the entire infrastructure.
IP Configuration and DNS
Display comprehensive network interface information:
ipconfig /all
Test connectivity with continuous ping:
ping -t 8.8.8.8
Trace the route packets take:
tracert example.com
Network Shell (Netsh)
The `netsh` utility is the Windows equivalent of Linux’s `ip` and iptables—a versatile command-line tool for configuring, managing, and monitoring network components:
netsh interface ip show config netsh advfirewall show allprofiles netsh advfirewall firewall add rule name="Allow HTTP" protocol=TCP localport=80 action=allow
PowerShell Networking Commands
Modern Windows administration leverages PowerShell for network management:
Get-1etIPAddress Get-1etRoute Test-1etConnection google.com -Port 443 Resolve-DnsName example.com
3. DNS Troubleshooting: The Eternal Suspect
DNS gets blamed more frequently than any other component. A systematic approach to DNS troubleshooting saves hours of frustration.
Understanding DNS Resolution Flow
When a domain name fails to resolve, work through these layers:
- Local cache: `ipconfig /displaydns` (Windows) or `systemd-resolve –statistics` (Linux)
2. Local resolver configuration: Check `/etc/resolv.conf` on Linux
- Authoritative DNS servers: Use `dig +trace example.com` to follow the resolution path
Common DNS Issues in DevOps
Service discovery failures in Kubernetes often stem from DNS misconfigurations. Verify that cluster DNS is working:
kubectl run test-pod --rm -it --image=busybox -- nslookup kubernetes.default.svc.cluster.local
DNS propagation delays after Route53 or Cloudflare updates can be verified with:
dig example.com @8.8.8.8 dig example.com @1.1.1.1
Split-brain DNS scenarios require checking both internal and external resolvers:
dig internal-service.internal @<internal-dns> dig internal-service.internal @8.8.8.8
4. Firewall and Security Group Configuration
Modern cloud infrastructures rely on multiple layers of network security: cloud security groups (AWS, Azure, GCP), host-level firewalls (iptables, UFW, Windows Firewall), and application-level security.
AWS Security Group Troubleshooting
When an EC2 instance becomes unreachable, systematically check:
- Security Group inbound rules: Verify the correct ports are open to the appropriate CIDR ranges
- Network ACLs: These stateless rules can block traffic even when security groups allow it
- VPC routing tables: Ensure subnets have routes to internet gateways or NAT gateways
Linux Firewall with iptables
For granular control, `iptables` remains the underlying firewall technology:
sudo iptables -L -1 -v sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
Windows Firewall Management
New-1etFirewallRule -DisplayName "Allow HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
Get-1etFirewallRule | Where-Object {$_.Enabled -eq "True"}
5. Container and Kubernetes Networking
Container networking introduces unique challenges with overlays, network policies, and service meshes.
Docker Networking Basics
List available networks and inspect container connectivity:
docker network ls docker network inspect bridge docker exec <container-id> ip addr show docker exec <container-id> ping <target-ip>
Kubernetes Network Troubleshooting
When pods cannot communicate:
kubectl get pods -1 <namespace> -o wide kubectl describe pod <pod-1ame> kubectl exec -it <pod-1ame> -- /bin/sh Inside the pod: ip addr show curl -v http://<service-1ame>:<port>
Verify network policies are not blocking traffic:
kubectl get networkpolicies -1 <namespace> kubectl describe networkpolicy <policy-1ame>
Service Mesh and Ingress
For services exposed via Ingress, verify the Ingress controller is correctly routing traffic:
kubectl get ingress -1 <namespace> kubectl describe ingress <ingress-1ame>
6. Cloud Networking: VPC, Subnets, and Connectivity
Cloud networking introduces concepts like VPCs, subnets, route tables, and internet gateways that every DevOps engineer must understand.
Subnetting and CIDR Calculations
DevOps engineers work with subnets constantly when designing VPCs or Kubernetes networks. Understanding CIDR notation is essential:
– `/24` → 24 bits for network, 8 bits for hosts → 256 total IPs (254 usable)
– `/26` → 64 IPs (62 usable) – common for subdividing networks
Use the `ipcalc` tool to verify subnet calculations:
ipcalc 10.0.0.0/24 ipcalc 192.168.10.0/26
Cross-Cloud Connectivity
When connecting across cloud providers, implement encrypted VPN tunnels or cloud interconnects, enforce firewall rules on both sides, use mutually authenticated service endpoints, and centralize monitoring.
Zero Trust Networking
Modern security best practices emphasize Zero Trust principles:
- Service-to-service allowlists: Applications should only communicate with explicitly authorized resources
- No flat networks: Never use “all subnets in VPC” as a default
- Identity-centric security: Emphasize least-privilege access controls
7. Systematic Troubleshooting Workflow
When a network issue arises, follow this proven methodology:
Step 1: Establish the Baseline
ping -c 4 8.8.8.8 ping -c 4 <target-domain>
Step 2: Verify Local Configuration
ip addr show ip route show cat /etc/resolv.conf
Step 3: Test Service-Specific Connectivity
nc -zv <target-ip> <port> curl -v http://<service>:<port>
Step 4: Capture and Analyze Traffic
tcpdump -i any host <target-ip> -1n
Step 5: Check Security Layers
- Cloud security group rules
- Host firewall (iptables/ufw/Windows Firewall)
- Network policies (Kubernetes)
- Application-level authentication
Step 6: Verify DNS Resolution
dig <domain> +trace nslookup <domain>
What Undercode Say
- Networking is the foundation of everything in DevOps – from connecting CI/CD runners to Kubernetes pods, network issues are the most common source of “unexplained” failures. Mastering networking fundamentals saves countless hours of debugging and accelerates your learning curve.
-
A systematic approach beats random guessing – Start with the baseline connectivity test (ping), verify routing and DNS, check firewalls, then capture packets if needed. This structured methodology transforms chaotic troubleshooting into predictable diagnosis.
-
The cloud changes everything, but fundamentals remain – While cloud platforms abstract much of the underlying networking, understanding IP addressing, subnetting, DNS, routing, and security groups remains essential for designing scalable, resilient systems.
Prediction
+1 DevOps engineers who invest in mastering networking fundamentals will see accelerated career growth as organizations increasingly prioritize infrastructure resilience and security. The demand for professionals who can bridge the gap between application development and network infrastructure continues to rise.
+1 The integration of AI-powered network monitoring and automated remediation tools will reduce mean-time-to-resolution (MTTR) by up to 60% by 2027, making network troubleshooting faster and more predictable than ever before.
-1 Organizations that neglect network security fundamentals risk significant breaches, as evidenced by the McDonald’s AI hiring bot vulnerability that exposed millions of job candidates’ data through a weak administrator password.
+1 The convergence of DevOps and network engineering (NetOps) will create new roles and specializations, with network-aware DevOps engineers commanding premium salaries in the competitive tech market.
-1 Increasing cloud complexity across multi-cloud environments introduces new networking challenges—misconfigured VPC peering, overlapping CIDR blocks, and complex routing tables will continue to cause production incidents for teams without strong networking expertise.
+1 Infrastructure-as-Code (IaC) tools like Terraform and AWS CDK will increasingly incorporate network validation and security scanning, enabling teams to prevent misconfigurations before they reach production.
▶️ Related Video (82% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Adityajaiswal7 Devops – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
