1.8: Use Cases for Modern Network Environments

Software-defined networking (SDN)

An innovative networking paradigm that decouples the network control and forwarding functions, enabling network management through software applications.

SD-WAN

Software-defined networking (SDN) technology applied to WAN connections, which are used to connect enterprise networks—including branch offices and data centers—over large geographic distances. It enhances business efficiency by dynamically routing traffic across the optimal path using a centralized control function, ensuring high performance and reliability for critical applications. SD-WAN provides significant advantages such as cost reduction, increased network agility, improved uptime, and the ability to secure and optimize internet connectivity and cloud architecture.

Application Aware

A feature of SD-WAN technology that intelligently identifies applications and prioritizes traffic based on business requirements, ensuring critical applications have the bandwidth and path reliability they need.

Zero-Touch Provisioning

Allows for the remote deployment of network devices with minimal manual intervention. Network devices can automatically download configuration settings from a central location, simplifying branch deployments.

Transport Agnostic

A characteristic of SD-WAN that allows it to use any type of connectivity, whether MPLS, broadband, LTE, or a combination, allowing for cost-effective and reliable internet access from different service providers.

Central Policy Management

Enables network administrators to set policies that manage and configure all SD-WAN devices across the network from a single interface, enhancing security and efficiency.

Virtual Extensible Local Area Network

VXLAN, a network virtualization technology that enhances the scalability of large-scale cloud computing environments. It extends Layer 2 segments over an underlying Layer 3 network, enabling the creation of a large number of virtualized LANs.

Data Center Interconnect

VXLAN is particularly effective for DCI by enabling the stretching of Layer 2 networks across geographically dispersed data centers, allowing for seamless mobility of VMs between data centers without changing underlying network configs.

Layer 2 Encapsulation

VXLAN uses Layer 2 encapsulation to encapsulate Ethernet frames within UDP packets. This allows VXLAN to create a logical network for VMs across different physical networks, providing scalability beyond the traditional 4096 VLANs limit.

Zero Trust

A security model based on the principle of "never trust, always verify." It requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter. This minimizes potential attack vectors by treating all users as potential threats and enforcing strict access controls and not assuming trust based on network location

Policy-Based Authentication

In a Zero Trust framework, this requires all users, both internal and external, to be authenticated and continuously validated for security configuration and posture before being granted access to data and applications. Auth policies can include MFA, biometrics, and behavioral analytics to ensure that only legit users gain access

Authorization in Zero Trust Architecture

Authorization in ZTA is dynamic, strictly enforced, and context-aware, taking into account user’s identity, location, device health, service or workload, data classification, and anomalies before access to resources is allowed. Access is granted on a per-session basis, ensuring access rights of users are constantly evaluated and adjusted based on latest security intelligence and context.

Least Privilege

The principle requiring that users, systems, and programs are granted only the minimum levels of access or permissions needed to perform necessary tasks, minimizing potential damage from accidental or malicious actions.

SASE/SSE

SASE (Secure Access Service Edge) and SSE (Security Service Edge) are emerging frameworks that combine network security functions with WAN capabilities to support the dynamic secure access needs of organizations' distributed workforces and cloud-first strategies

Secure Access Service Edge

SASE integrates comprehensive WAN services and security functions directly into the network fabric. This provides secure network connectivity and access to resources regardless of location.

Security Service Edge

SSE focuses on the security aspects of SASE, centralizing various security services like secure web gateways, cloud access security brokers (CASB), and zero trust network access (ZTNA) in the cloud to ensure secure access and data protection.

Infrastructure as Code

IaC is a practice involving managing and provisioning computing infrastructure through machine-readable definition files rather than physical hardware configuration, allowing IT infrastructure to be automatically managed, monitored, and provisioned through code. It improves consistency, efficiency, and reduces manual errors.

Automation in IaC

Enables rapid and consistent environment setups, reducing human errors and increasing efficiency in deploying infrastructure.

Playbooks, Templates, and Reusable Tasks

Utilized in IaC to define and orchestrate the steps needed for infrastructure setup, modification, and management, ensuring deployment is repeatable and scalable, being critical for ensuring that infrastructure deployment is repeatable and scalable

Configuration Drift

Occurs when an environment's current state deviates from its intended state due to manual changes or updates. IaC helps prevent this by automating configurations.

Compliance

IaC aids in maintaining compliance with defined standards and policies by automating configs and deployments

Upgrades

Upgrades to infrastructure are managed systematically via code revisions. This ensures upgrades are less disruptive and that all changes are version controlled and reversible

Dynamic Inventories

In IaC, infrastructure resources are automatically discovered and managed based on real-time data, allowing environments to adjust quickly to changing demands. This is essential for managing environs that need to adjust quickly to changing demands or configs

Source Control in IaC

Provides an integral system to IaC paradigm for tracking changes, collaborating, and maintaining the integrity of code that defines infrastructure.

Version Control

Systems that keep track of every modification to the code in a database. If a mistake is made, developers can compare earlier versions to help fix the mistake while minimizing disruption to all team members.

Central Repository

Acts as the single source of truth for all code changes in source control systems, allowing team members to collaborate effectively.

Conflict Identification

Source control systems automatically detect conflicts when multiple team members make changes to the same part of the code, preventing overwrites and ensuring all changes are reconciled before code is merged.

Branching

Allows developers to diverge from the main line of development and work independently without affecting others' work, useful for developing new features or fixing bugs.

IPv6 Addressing

The most recent version of the Internet Protocol designed to replace IPv4. It uses 128-bit addresses to support a virtually unlimited number of devices, addressing the exhaustion of IPv4 addresses. It also introduces several new concepts and functionalities to improve routing efficiency, simplify network config, and enhance security

Tunneling

A method used to transmit IPv6 packets over an existing IPv4 network infrastructure by encapsulating IPv6 packets within IPv4 packets.

Dual Stack

A network configuration where devices run both IPv4 and IPv6 protocols simultaneously, allowing communication over both types of networks.

NAT64

A network address translation technology that facilitates communication between IPv6 and IPv4 devices by translating IPv6 addresses into IPv4 addresses and vice versa.