chris - Fotolia
The developer's crash course to the application network
Developers, we get it; you don't want to deal with the network. But hear us out, as a basic understanding of subnets, VPNs and IP addresses boost app stability and performance.
Application developers see the network as a nuisance. But, ultimately, applications live on networks.
End users reach apps using network addresses and networks frame the way in which those apps scale and maintain availability. So, while developers don't need to know all the protocols or how to set up routers, they do need a foundation of application network knowledge.
Networking, for developers, falls into two main topical areas. The first, public versus private addresses, frames the network environment in which the applications deploy and how they connect with users. The second, application networks versus corporate virtual private networks (VPNs), defines the relationship between an application's network consumption and the way users communicate with the application.
Network addresses
Every network user and every connected application must have an address in order to send or receive messages. IP networks are typically made up of subnetworks (subnets), which are local communities of users or application components. Subnets can have public or private IP addresses.
Everything that will be published on the internet for anyone must use a public IP address. Public addresses can be referenced directly on the internet and, therefore, must be unique globally. Various authorities manage address spaces and assign public addresses to companies.
Private addresses live only within a proprietary network; they can neither be referenced from the internet nor anywhere outside the subnet. Everyone can use private IP addresses assigned by the Internet Engineering Task Force at the same time because they have a purely local scope.
Private address spaces underpin the discussion of application networks versus corporate VPNs.
Application networking
An application network is a subnet where an application's components are deployed. IT abstraction technologies, such as OpenStack cloud and Docker containerization, typically deploy applications within a private IP subnet.
Developers need to use the private subnet approach to identify the component APIs used to connect with a component outside the subnet. Each component API inside the subnet that engages in a connection will get explicitly exposed or translated to either a public address or within the corporate VPN.
As an application infrastructure or workflow changes, it will subsequently change the exposed APIs. Developers must coordinate with the application managers and IT operations pros responsible for app deployment so that only the necessary APIs get exposed. Security pros and developers also need to know whether to deploy the app in a public ops team address space instead of a private subnet, as publicly exposed components are more susceptible to intrusion.
Corporate networks typically use a VPN, which is hosted by a network operator and built using a specific range of IP addresses. An IT team can build a VPN from public or private IP addresses, the latter of which typically starts with the number 10. The VPN connects to the internet through a gateway, usually a router.
Also, the VPN can connect to application subnets with a router or router software built into the container or other virtualization software. If the setup includes a private IP address for the VPN and privately hosted internet servers, developers will need to expose them via a public IP address.
Workflows define the virtual connections over which information travels between users and applications or within and among applications; they rely on a correct and secure application network setup. Users connect to a corporate VPN directly or via user private subnets.
Applications typically connect via public or private application subnets. Workflows move from a subnet -- user or application, public or private -- through the corporate VPN to another subnet.
External users, usually from the internet, connect in a similar way. These users connect via the VPN's internet gateway and travel through to the application or web server's subnet. Users within the company can access the internet from their own subnet via the VPN to the gateway. If the user is on a private subnet, their address will be translated to a public IP address using Network Address Translation.
There's much more to networking, but application developers should focus on these key points. Networking is all about addresses, and networks are actually connected subnetworks. When you write an application, consider where its components will reside on the network, where the users are and how scaling -- plus resiliency demands -- affect workflows across the network.
Developers should collaborate with network and IT operations experts for deployment and connectivity decisions; open that communication channel early in the development process. If developers understand networking concepts enough to have a useful dialog, they'll be able to boost both the stability and performance of applications.