What exactly is a “network boundary?”

In this context, "network" is synonymous with "LAN" or local area network. It is by definition a realm of connected machines that can communicate using the OSI Data Link layer (layer 2). A machine that is not directly connected to your LAN is outside your network boundary, and you cannot contact it.

In the OSI model the internet is an Internetwork, a system of interconnected networks, which is implemented by a common protocol which operates at OSI layer 3, and allows the use of Routers, which convey traffic from LAN to LAN as the datagrams cross the internetwork. IP is an Internetwork layer protocol, so it can use routers to relay traffic as your example sentence explains.


My understanding is that a “network boundary” is a logical construct. Meaning, I would take it to mean the “network boundary” is the difference between what a system can physically connect to versus what network resources they are logically able to access on a network.

For example, if I connect to a LAN via Wi-Fi or a physical cable, but the network is restricted via MAC address and my device’s MAC address is not granted entry, the “boundary” of that network would simply be my the literal edge of that routing device. That router sees my connection, allows my connection but then says, “Nope, no further for you…”

Similarly the network boundary between—let’s say—a WAN or a LAN could be defined as: WAN traffic begins and ends at the router for inbound traffic unless ports are opened on the router to allow further access. And on a related note, systems connected via the LAN themselves are assigned IP addresses within the range that router can handle and nothing else. Thus port forwarding on a router from the WAN to a LAN system bridges the network boundary.