Implementing Cisco Networking Solutions
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Internet edge

The internet is probably the biggest network that one can imagine today. It shouldn't be a surprise then that most IT networks are connected to the internet. There are exceptions to this in case of military networks, and networks that are totally isolated, but this is true in general for organizational IT networks. Even if organizations do not allow internet browsing, connectivity to the internet is required for connectivity of the mail servers.

We are living in an age where the internet is full of security threats to the IT infrastructure. These threats range from infecting machines with viruses and worms to more sophisticated attacks such as ransomware attacks to extort money from organizations. Hence, it is critical that the organizations protect themselves from the internet to prevent any loss to business continuity.

Most organizations centralize the internet access for their employees at a limited number of locations, to provide better control over the traffic and provide better security from the internet. This also helps the organization to manage costs in a more effective manner and gain more visibility into the utilization of the internet bandwidth.

The main functions performed at the internet edge are as follows:

  • Providing connectivity to the internet for services such as email and web browsing
  • Managing redundant links from internet service providers and ensuring the optimal utilization of the links
  • Securing the network infrastructure from any attacks from the internet
  • Providing an infrastructure for remote access to the corporate network infrastructure in line with the organization's policies
  • Hiding the internal IP addresses from the internet and doing Network Address Translation (NAT) for connecting to the public internet
  • Providing information about the internet bandwidth utilization and the type of traffic being carried in the internet links
  • Implementing any security controls to block certain types of traffic or websites aligned to the organization's security policy

Most of these functions are performed as a separate segmented zone within the data center. We will discuss the implementation of the aforementioned functions on the internet edge in Chapter 7, Understanding and configuring DC technologies.

上一章目录下一章