Esc
↑↓ navigate   Enter open   Esc close
Advanced Vocabulary 15 min read

Network Engineer English Vocabulary: 80 Essential Terms

The complete network engineering vocabulary guide: BGP, OSPF, VLANs, SD-WAN, firewalls, QoS, network troubleshooting, and 70 more terms with examples.

#vocabulary#networking#bgp#cisco#sd-wan#network-engineer

Network engineers configure, monitor, and troubleshoot the infrastructure that keeps everything connected. The vocabulary spans routing protocols, switching, security, cloud networking, and operational tooling — all defined in English-language RFCs, vendor documentation, and certification curricula. This guide covers the 80 terms you need to communicate confidently as a network engineer.

Networking Fundamentals

OSI Model

The OSI model divides network communication into 7 layers. Common exam and troubleshooting reference:

LayerNameExamples
7ApplicationHTTP, DNS, SMTP
6PresentationTLS, encoding
5SessionNetBIOS, RPC
4TransportTCP, UDP
3NetworkIP, ICMP
2Data LinkEthernet, VLANs
1PhysicalCables, fiber, radio

“The issue is at Layer 3 — the route isn’t in the table, so packets are being dropped at the network layer.”

TCP vs. UDP

TCP provides reliable, ordered, connection-oriented delivery with retransmissions. UDP provides fast, connectionless, best-effort delivery — no retransmission. TCP for web/email; UDP for DNS/VoIP/streaming.

IP Address / Subnet

An IP address identifies a device on a network. A subnet divides an IP range into smaller networks using a subnet mask (or CIDR prefix length). 192.168.1.0/24 = 254 usable host addresses.

CIDR (Classless Inter-Domain Routing)

CIDR notation expresses IP addresses and subnet masks concisely: 10.0.0.0/16 means the first 16 bits are the network prefix. Replaced the old A/B/C class system.

Default Gateway

The default gateway is the router address that a host sends packets to when the destination is outside its subnet.

DNS (Domain Name System)

DNS resolves human-readable domain names to IP addresses. A DNS lookup queries resolvers hierarchically: recursive resolver → root → TLD → authoritative nameserver.

Routing

Routing Table

A routing table is a database in a router listing network prefixes and the next hop to reach them. The router looks up each packet’s destination address and forwards accordingly.

Static Route

A static route is manually configured — no protocol needed. Simpler but doesn’t adapt to failures. Used for small networks or specific traffic policies.

Dynamic Routing Protocol

Dynamic routing protocols automatically share route information between routers. Types:

  • IGP (Interior Gateway Protocol) — within an organisation (OSPF, EIGRP, RIP)
  • EGP (Exterior Gateway Protocol) — between organisations (BGP)

BGP (Border Gateway Protocol)

BGP is the routing protocol of the internet. It exchanges reachability information between Autonomous Systems (AS) — large networks with their own IP blocks. BGP uses TCP port 179.

  • iBGP (internal BGP) — between routers within the same AS
  • eBGP (external BGP) — between routers in different ASes

“Our upstream ISP is advertising a more specific route via eBGP, overriding our default — that explains the traffic shift.”

AS (Autonomous System) / ASN

An AS is a large network under a single administrative domain. Each AS has a unique ASN (Autonomous System Number). Assigned by IANA/RIRs.

BGP Prefix / Advertisement

A prefix is an IP range (e.g., 203.0.113.0/24) that a BGP router advertises to its peers. Route leaks and hijacks happen when prefixes are advertised incorrectly.

OSPF (Open Shortest Path First)

OSPF is a widely deployed link-state IGP. Routers exchange LSAs (Link State Advertisements) to build a complete topology map (LSDB) and calculate shortest paths using Dijkstra’s algorithm.

Route Redistribution

Route redistribution takes routes from one routing protocol and injects them into another. Requires care to avoid routing loops and metric mismatches.

Policy-Based Routing (PBR)

PBR allows routing decisions based on criteria beyond destination IP — source address, protocol, TCP port. Used for traffic engineering.

Switching

VLAN (Virtual LAN)

A VLAN logically segments a physical network into isolated broadcast domains — without separate physical switches. Configured by VLAN ID (1–4094). IEEE 802.1Q standard.

“VLAN 10 carries corporate traffic; VLAN 20 carries guest Wi-Fi — isolated at Layer 2.”

Trunk Port / Access Port

A trunk port carries traffic for multiple VLANs (tagged with 802.1Q headers). An access port belongs to a single VLAN (untagged). Server connections use access ports; switch-to-switch links use trunk ports.

STP (Spanning Tree Protocol)

STP prevents Layer 2 loops by blocking redundant paths. The root bridge is elected; ports are assigned roles (root, designated, blocked). RSTP (Rapid STP) converges faster.

MAC Address Table

A switch learns the MAC addresses of connected devices and builds a MAC address table — used to forward frames only to the correct port, not flood every port.

LAG / LACP (Link Aggregation)

Link Aggregation (IEEE 802.3ad) bundles multiple physical links into one logical link for increased bandwidth and redundancy. LACP (Link Aggregation Control Protocol) auto-negotiates the bundle.

VXLAN (Virtual Extensible LAN)

VXLAN extends Layer 2 segments across Layer 3 networks by encapsulating Ethernet frames in UDP packets. Used in data centre networks and cloud infrastructure to enable VM migration across racks.

Network Security

Firewall

A firewall filters traffic based on rules (state, IP, port, protocol). Types:

  • Stateless — matches each packet independently
  • Stateful — tracks connection state; allows return traffic automatically
  • Next-Generation Firewall (NGFW) — adds application-layer inspection, IPS, and user identity

ACL (Access Control List)

An ACL is a sequential list of permit/deny rules applied to a router or switch interface. Filters traffic by source/destination IP, protocol, and port.

“The ACL on the DMZ interface blocks all inbound traffic except HTTPS on port 443.”

NAT (Network Address Translation)

NAT rewrites the source or destination IP of packets — allowing private IP addresses to communicate via a single public IP (PAT / IP masquerade). Internet access from RFC 1918 space uses NAT.

DMZ (Demilitarized Zone)

A DMZ is a network segment between the external internet and the internal network — hosting public-facing servers (web, email, DNS) with restricted access to the internal network.

Zero-Trust Architecture

Zero trust is a security model where no device or user is trusted by default — even inside the network perimeter. Every request is verified. Replaces the implicit trust of flat corporate networks.

IDS / IPS

  • IDS (Intrusion Detection System) — monitors and alerts on suspicious traffic patterns
  • IPS (Intrusion Prevention System) — actively blocks detected threats inline

DDoS (Distributed Denial of Service)

A DDoS attack overwhelms a target with traffic from many sources. Mitigated by rate limiting, traffic scrubbing, blackholing, and CDN absorption.

WAN Technologies

MPLS (Multiprotocol Label Switching)

MPLS forwards packets using short fixed-length labels rather than IP addresses, enabling fast, quality-of-service-aware WAN routing. Widely used in carrier networks and enterprise WAN.

SD-WAN (Software-Defined WAN)

SD-WAN uses software to manage WAN connections centrally, routing traffic over multiple links (MPLS, broadband, LTE) based on policy and real-time performance. Replaces expensive MPLS-only WANs.

“We replaced our three MPLS circuits with an SD-WAN solution — traffic selects the best path dynamically based on latency and packet loss.”

VPN (Virtual Private Network)

A VPN creates an encrypted tunnel over a public network. IPsec is used for site-to-site VPNs; SSL/TLS VPN (OpenVPN, WireGuard) for remote access.

QoS (Quality of Service)

QoS prioritises traffic types to guarantee performance for latency-sensitive applications (VoIP, video conferencing) over bulk transfers (backups, updates).

DSCP (Differentiated Services Code Point)

DSCP is a 6-bit field in the IP header that marks packets with a service class. QoS-aware devices honour these markings to apply the correct queue/priority.

Network Operations

Ping / ICMP Echo

Ping sends ICMP Echo Request packets and measures round-trip time and packet loss. The basic connectivity test.

“Ping confirms the host is up and the round-trip time is 3 ms — the issue is at the application layer.”

Traceroute / Tracert

Traceroute (Linux) / tracert (Windows) shows the path a packet takes through the network by successively incrementing TTL — each router responds with an ICMP Time Exceeded message.

MTU (Maximum Transmission Unit)

MTU is the maximum payload size of a packet for a given link. Ethernet MTU is typically 1500 bytes. MTU mismatches cause fragmentation or PMTUD (Path MTU Discovery) failures.

Packet Capture / PCAP

A packet capture (pcapng) records network traffic for analysis. Wireshark is the standard GUI tool for analysing pcap files — essential for diagnosing TCP issues, protocol decoding, and security investigations.

SNMP (Simple Network Management Protocol)

SNMP is the standard protocol for monitoring and managing network devices. Agents on routers and switches respond to queries from an NMS (Network Management System). MIB defines the data structure.

NetFlow / IPFIX

NetFlow (Cisco) / IPFIX (the IETF standard) export flow records (source, destination, bytes, packets, protocol) to a collector for traffic analysis and anomaly detection.

BGP Route Table

The BGP route table (RIB — Routing Information Base) contains all routes received from peers. The best path is selected and installed in the FIB (Forwarding Information Base) for actual packet forwarding.

Cloud & Overlay Networking

VPC (Virtual Private Cloud)

A VPC is an isolated virtual network in a cloud provider (AWS, GCP, Azure). Contains subnets, route tables, and security groups — analogous to an on-premise network.

Peering

VPC peering (cloud) or BGP peering (internet) connects two networks so they can exchange routes and traffic directly. Traffic does not traverse a public gateway.

Overlay Network

An overlay network builds a virtual topology on top of an existing physical network using tunnelling (VXLAN, GRE, WireGuard). Used in SDN and container networking (Flannel, Calico, Weave).

Useful Phrases

In troubleshooting:

  • “Layer 1 is fine — the link is up. I’m seeing packet loss at Layer 3, so the issue is in the routing table.”
  • “Traceroute shows the path detouring through Frankfurt — the BGP attributes must have changed upstream.”

In change requests:

  • “The change involves adding a new VLAN and updating trunk ports on two distribution switches — impact is minimal with a maintenance window.”
  • “Risk: misconfiguring the ACL could block all HTTPS traffic to the web tier — I’ve prepared a rollback procedure.”

In incident response:

  • “We’re seeing a BGP session flap with our primary upstream — traffic shifted to the backup ISP automatically via our SD-WAN policy.”

Practice

Test your networking vocabulary with the Networking exercise sets and the Advanced Networking exercise set — covering protocols, security, and WAN terminology.

Explore the Network Engineer learning path for interview prep, writing exercises, and incident response scenarios.