1.8 Software Defined Networking, Virtual Extensible LAN, Zero Trust, Infrastructure as a Code, IPv6

What is Software Defined Networking?

Breaking down networking devices into logical unites:

Infrastructure layer / Data plane

Control layer / Control plane

Application layer / Management plane

What is the Infrastructure layer for? Another name for it?

Process and forwarding traffic

aka Data plane

What is the Control layer for? Another name for it?

Routing and tables

aka Control plane

What is the Application layer for? Another name for it?

Management and configuration

aka Management plane

What is SD-WAN?

Software Defined WAN

Changing from physical data center to cloud based applications, no central point needed

What are the characteristics of a SD-WAN?

Application aware - knows which app is in use and makes routing decisions based on application data

Zero-touch provisioning - remote equipment is automatically configured

Transport agnostic - usable with any connection type

Central policy management - needs one device to configure then pushes changes to SD-WAN routers

What is Data Center Interconnect? What are the benefits?

Connect multiple data centers together, tunnels the data

Benefit is workload can be moved to best location, applications can work regardless of the physical location

How can data centers be connected?

MPLS, high speed optical, Metro Ethernet etc

What are Virtual Extensible LAN (VXLAN)?

Larger VLAN that Supports over 16 million possible virtual networks, tunnel frames across a layer 3 network

How to tunnel?

Encapsulated via:

Takes original frame →VXLAN Header → UDP Header →IP Header →Ethernet Header

Decapsulated on other end of tunnel

What is Zero Trust?

Network always on guard, everything must be verified

ex. multifactor authentication, encryption, system permissions, additional firewalls, monitoring and analytics, etc.

Difference between Adaptive identity and Policy-driven access control?

Adaptive identity- adapts based on situation

Policy-driven access control - adapts based on predefined set of rules

What are the factor that go into play of how much access someone gets after getting authenticated? Why?

Location, device certificate validation, time of day, etc.

Set to the bare minimum to prevent malicious behavior

What is Secure Access Service Edge (SASE)?

Security is built into the cloud so secure connections are automatic regardless of location

What is Infrastructure as code (IaC)?

Describe infrastructure in code by defining servers, network, and applications then tell the cloud to make the code or the changes

What are playbooks?

Set by step set of processes and procedures often integrated with Security Orchestration, Automation, and Response (SPAR)

How does Infrastructure as code use automation?

Configuration drift/compliance - identical deployment

Upgrades

Dynamic inventories - querys devices and makes changed based on results

What is Source Control?

Changes are tracked and merged together; everyone can participate without causing issues with the code

If multiple people change same code at same time the code can be chosen automatically or manually

ex. GIT

What is branching?

If multiple people change same code at same time it can create a testing version that does not affect the main code

What is a work around or alternative to Ipv4 address exhaustion?

IPv4 and NAT

IPv6

How many bits are the addresses for IPv4 and IPv6?

IPv4 - 64 bit (4 sections)

IPv6-128 bit (8 sections)

How to compress IPv6 address?

groups of 0 can be abbreviated as :: (only one of these per address)

Leading 0s are optional

IPv4 and IPv6 cant communicate to each other on their own, what are alternate forms of communication?

Tunnel- encapsulate one protocol within another

Dual-stack - option to use both IPv4 and IPv6

Translate- convert between IPv4 and IPv6

What is tunneling? What does it need?

encapsulates one protocol within another

Requires relay routers and has no support for NAT

IPv4in6 is more common that IPv6to4

What is Dual-stacking?

Option to run both IPv4 and 6 at the same time and independently of each other, application uses preferred ip

What is IPv4 to 6 translating?

Uses NAT64 capable router to go from 4-.6 Translate