Gateways – Connecting On-Premises Networks – ANS-C01 Study Guide

Gateways

A gateway is a device or software that interconnects dissimilar systems. A gateway translates between two networks with different protocols, as shown in Figure 7.5. Routers and gateways are terms that are often used interchangeably, and while there is a lot of overlap in functionality, there are also differences that distinguish the roles they are used for. Routers interconnect networks using the same communications protocol, usually TCP/IP. Gateways translate between different protocols and act as a “gate” from one network to another. Both devices forward traffic between different networks. The difference is that routers forward traffic between networks of the same communications protocol, whereas a gateway translates between two or more protocols. Since gateways operate with more than one protocol, they tend to be more complex than a basic router operating at layer 3 of the OSI model. Gateways do not run routing protocols like routers do. In basic TCP/IP host configurations, the IP address of the local router is often called the default gateway, which can be confusing as it’s actually the default router.

FIGURE 7.5 Gateways

Software-Defined Networking

Networking equipment designs include a control plane and the forwarding plane. The control plane is the operational hardware and software that manages all the switch or router management functions, including configuration, monitoring, running the routing protocols, building the route, forwarding tables, and responding to network activity directed to it such as processing network management requests, routing updates, running spanning tree processes, SSH connections, and many other operations. The forwarding plane is the silicon and interfaces that forward the actual data through the device from the time it enters the ingress interface and performs the forwarding out the egress interface. This approach results in every networking device having its own control plane, which does not scale to hundreds or thousands of devices. Each switch or router needs to be individually configured, and the possibility of mistakes or out-of-synchronization configurations is very high. Software-defined networking removes the control plane from each device and abstracts all control functions to separate controllers that push configuration and updates to the network devices that are now functioning strictly as forwarding devices.

All configurations are implemented in an abstracted centralized control console or use API interfaces from a central controller without having to touch each individual switch or router.

Software-defined networking (SDN) is the physical separation of the network control plane from the forwarding plane and where a control plane controls all networking devices. The decoupling of the network control and forwarding functions enables the network control to become programmable from a central location and the underlying infrastructure to be abstracted from the applications and network services. SDN uses software-based controllers and application programming interfaces (APIs) to communicate with underlying hardware infrastructure that directs the traffic through the network.

The common representation of SDN architecture comprises three layers: the application, the control layer, and the infrastructure layer, as shown in Figure 7.6.

FIGURE 7.6 Software-defined networking

A typical SDN architecture consists of the controller, which is the core element of an SDN architecture; it enables centralized management and control, automation, and policy enforcement across the underlying physical and virtual network environments. Communications for the controller to the forwarding plane use southbound APIs that relay information to the individual network devices, such as switches, routers, and firewalls. Northbound APIs are used to exchange configuration and management information between the controller and application and policy engines, to which an SDN looks like a single logical network device.

Network control is directly programmable and is decoupled from forwarding functions. SDN provides for a centrally managed architecture that utilizes software- or hardware-based SDN controllers to maintain a global view of the network, which appears to applications and policy engines as a single, logical switch.

SDN allows for the configuration, management, security, and all other network operations to deploy quickly via dynamic, automated SDN programs and scripts.