Chapter 1 - section 1.8 - Summarize evolving use cases for modern network environments.

section 1.8

Objective – SDN, Security Architecture, IaC, and IPv6

• Software-Defined Network (SDN)
• Software-Defined WAN (SD-WAN)
▸ Application aware
▸ Zero-touch provisioning
▸ Transport agnostic
▸ Central policy management
• Virtual Extensible LAN (VXLAN)
▸ Data center interconnect (DCI)
▸ Layer 2 encapsulation
• Zero Trust Architecture (ZTA)
▸ Policy-based authentication
▸ Authorization
▸ Least privilege access
• Secure Access Service Edge (SASE)
• Security Service Edge (SSE)
• Infrastructure as Code (IaC)
▸ Automation
▸ Source control
• IPv6 Addressing
▸ Mitigating address exhaustion
▸ Compatibility requirements
▸ Tunneling
▸ Dual stack
▸ NAT64

Networking Architecture – Software-Defined Network (SDN)

• Separates control plane from data plane
• Centralized controller
• Improves automation and scalability
• Enables rapid network changes (N10-009)

WAN Architecture – Software-Defined WAN (SD-WAN)

• Centralized WAN management
• Software-based traffic control
• Optimizes application performance
• Common in modern enterprise WANs

SD-WAN Feature – Application Aware

• Identifies applications at Layer 7
• Routes traffic based on application priority
• Improves performance for critical apps

SD-WAN Feature – Zero-Touch Provisioning

• Devices auto-configure when powered on
• Minimal manual setup
• Ideal for remote branch deployments

SD-WAN Feature – Transport Agnostic

• Works over MPLS, broadband, LTE/5G
• Not tied to a single carrier
• Improves flexibility and cost efficiency

SD-WAN Feature – Central Policy Management

• Policies configured from a single controller
• Consistent security and routing rules
• Simplified administration (exam critical)

Overlay Networking – VXLAN

• Virtual Extensible Local Area Network
• Layer 2 over Layer 3 encapsulation
• Uses UDP port 4789
• Scales beyond VLAN limit (4096)

VXLAN Use Case – Data Center Interconnect (DCI)

• Connects multiple data centers
• Extends Layer 2 networks
• Supports VM mobility
• Common in cloud and enterprise DCs

VXLAN Feature – Layer 2 Encapsulation

• Encapsulates Ethernet frames
• Allows Layer 2 networks over IP
• Enables flexible network design

Security Architecture – Zero Trust Architecture (ZTA)

• Never trust, always verify
• No implicit trust based on location
• Continuous validation of users and devices
• Identity-centric security model

ZTA Control – Policy-Based Authentication

• Access based on defined security policies
• Uses identity, device posture, context
• Often combined with MFA

ZTA Control – Authorization

• Determines allowed actions after authentication
• Role-based or attribute-based
• Limits resource access

ZTA Principle – Least Privilege Access

• Users get minimum required access
• Reduces attack surface
• Limits lateral movement (exam critical)

Cloud Security Model – Secure Access Service Edge (SASE)

• Combines networking and security
• Cloud-delivered architecture
• Includes SD-WAN and security services
• Designed for remote users

Cloud Security Model – Security Service Edge (SSE)

• Security-only subset of SASE
• Includes ZTNA, CASB, SWG
• No WAN transport component

Infrastructure Management – Infrastructure as Code (IaC)

• Infrastructure managed using code
• Ensures consistency and repeatability
• Enables automation and scalability
• Common in cloud environments

IaC Feature – Automation

• Automated provisioning and configuration
• Reduces human error
• Speeds up deployments

IaC Automation – Playbooks / Templates

• Predefined configuration instructions
• Reusable deployment tasks
• Used by tools like Ansible and Terraform

IaC Automation – Configuration Drift / Compliance

• Detects changes from desired state
• Ensures systems remain compliant
• Auto-corrects deviations

IaC Automation – Upgrades

• Automated patching and updates
• Improves reliability
• Reduces downtime

IaC Automation – Dynamic Inventories

• Automatically discovers infrastructure
• Common in cloud environments
• Keeps asset lists current

IaC Feature – Source Control

• Tracks infrastructure code changes
• Enables collaboration
• Improves auditability

IaC Source Control – Version Control

• Tracks configuration history
• Enables rollback
• Git commonly used

IaC Source Control – Central Repository

• Single source of truth
• Shared access for teams
• Improves consistency

IaC Source Control – Conflict Identification

• Detects overlapping changes
• Prevents configuration errors
• Ensures stability

IaC Source Control – Branching

• Separate dev, test, prod environments
• Enables safe testing
• Merges after validation

IPv6 Addressing

• 128-bit hexadecimal addressing
• Vast address space
• Designed to replace IPv4
• Eliminates address exhaustion

IPv6 Feature – Mitigating Address Exhaustion

• Extremely large address pool
• Removes need for NAT
• Supports end-to-end connectivity

IPv6 Compatibility – Dual Stack

• Runs IPv4 and IPv6 simultaneously
• Most common migration method
• Used in enterprise networks

IPv6 Compatibility – Tunneling

• Encapsulates IPv6 in IPv4
• Used when IPv6-only path unavailable
• Temporary transition method

IPv6 Compatibility – NAT64

• IPv6-only hosts access IPv4 servers
• Translates IPv6 to IPv4
• Used during IPv6 migration

N10-009 Sample Questions – SDN, Security, IPv6

• Q: Which technology separates control and data planes?
▸ A: SDN
• Q: Which SD-WAN feature routes traffic by application?
▸ A: Application aware
• Q: Which security model follows least privilege?
▸ A: Zero Trust Architecture
• Q: Which VXLAN feature enables Layer 2 over Layer 3?
▸ A: Layer 2 encapsulation
• Q: Which IPv6 method runs IPv4 and IPv6 together?
▸ A: Dual stack