How IPv6 mandates influence enterprise network strategy

Copyright TechTarget - All rights reserved https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Sat, 13 Jun 2026 16:50:11 GMT https://www.techtarget.com/searchnetworking editor@techtarget.com <p>IPv4 has been the foundation of enterprise networking for decades, but its limited address space has been exhausted, and its lack of inherent security poses a significant risk. IPv6 fixes these issues with a vast address pool, efficient routing, simplified network architectures and improved security.</p> <p>IPv6 reduces reliance on complex workarounds like Network Address Translation (<a href="https://www.techtarget.com/searchnetworking/definition/Network-Address-Translation-NAT">NAT</a>), supports massive device growth and aligns with cloud- and edge-driven operating models. As digital ecosystems expand, IPv6 is critical for scalability, interoperability and long-term infrastructure resilience.</p> <p>IPv6 is both a risk-management issue and a long-term investment decision that affects costs and competitiveness. This article explains the issues, outlines the risk of delaying a migration and offers a transition roadmap.</p> <section class="section main-article-chapter" data-menu-title="IPv6 mandates and their expanding influence"> <h2 class="section-title"><i class="icon" data-icon="1"></i>IPv6 mandates and their expanding influence</h2> <p>Multiple factors underscore the importance of IPv6, including compliance requirements. Government and regulatory mandates are important catalysts, but they aren't the sole drivers of IPv6 transitions.</p> <p>The private sector encounters these mandates when working on government and enterprise contracts that require IPv6. Cloud and service providers are aligning roadmaps accordingly. Higher <a target="_blank" href="https://stats.labs.apnic.net/ipv6/" rel="noopener">IPv6 adoption in parts of Asia and Europe</a> influences multinational organizations.</p> <p>These IPv6 mandates establish new business entry standards, reshaping executive priorities around compliance and ecosystem participation.</p> </section> <section class="section main-article-chapter" data-menu-title="Risks of delayed IPv6 adoption"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Risks of delayed IPv6 adoption</h2> <p>Although private enterprises aren't directly affected by government mandates, they still face concrete risks from failing to adopt or delaying IPv6 adoption. These risks include the following:</p> <ul class="default-list"> <li><b>Strategic risk.</b> Failing to support IoT, 5G and edge initiatives.</li> <li><b>Financial risk.</b> Rising costs of IPv4 address acquisition and NAT's operational overhead.</li> <li><b>Operational complexity.</b> Fragile workarounds, interoperability issues and hidden dependencies.</li> <li><b>Service risk.</b> Application incompatibility and degraded UX when using IPv4 in IPv6-preferred environments.</li> </ul> <p>IPv4 security concerns pose significant risks, many of which IPv6 mitigates. Adopting IPv6 requires a significant shift in governance and management. Consider the following implications:</p> <ul class="default-list"> <li><b>Reduction of implicit protections.</b> IPv4 environments often rely on NAT as a <a href="https://www.techtarget.com/iotagenda/tip/6-IoT-security-layers-to-shape-the-ultimate-defense-strategy">network security layer</a>. IPv6 eliminates that use, requiring a deliberate shift to identity-based controls, segmentation and zero-trust architectures.</li> <li><b>Visibility gaps.</b> Many legacy security tools lack IPv6 inspection capabilities, creating blind spots in dual-stack environments.</li> <li><b>Policy inconsistency.</b> Security policies are defined for IPv4 but not uniformly applied to IPv6, increasing the risk of misconfigurations and unmonitored exposure.</li> <li><b>Expanded attack surface.</b> Features like auto-configuration and multiple address assignments per device can introduce new attack vectors.</li> <li><b>Operational readiness risk.</b> Security teams could lack experience with IPv6-specific threats, delaying detection and response.</li> </ul> <p>IPv6 adoption requires more than <a href="https://www.techtarget.com/searchnetworking/tip/How-to-plan-and-start-a-network-upgrade">infrastructure updates</a>; it needs a parallel evolution in security strategy and governance to avoid introducing unmanaged risk.</p> </section> <section class="section main-article-chapter" data-menu-title="Enterprise implications of IPv6 mandates"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Enterprise implications of IPv6 mandates</h2> <p>IPv6 represents a strategic architectural and investment decision spanning multiple technology and business domains. Enterprise implications executives must consider for IPv6 adoption include the following:</p> <ul class="default-list"> <li><b>Financial and planning. </b>Align adoption with refresh cycles for cloud migration and network modernization. Balance the initial investment with long-term savings.</li> <li><b>Governance and accountability. </b>Ensure executive sponsorship and cross-functional ownership across network, security, architecture and procurement. Update procurement standards to require IPv6 compatibility.</li> <li><b>Cloud and vendor ecosystem. </b>Dependence on cloud platforms such as AWS, Azure and Google Cloud platforms requires IPv6. Ensure SaaS, partners and APIs support IPv6 natively.</li> <li><b>Application consequences. </b>Test and validate business-critical services.</li> <li><b>Technical debt. </b>Delaying adoption increases future migration cost and complexity.<b> </b><a href="https://www.techtarget.com/searchITOperations/feature/IT-skills-development-strategies-to-close-gaps-in-IT-ops">Delayed skills development</a> and training slow migrations and introduce security and operational risks.</li> </ul> <p>Early executive alignment minimizes friction across technology, vendors and operations -- critical for complex hybrid and multi-cloud environments.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">IPv6 transition roadmap</h3> <p>Use <a href="https://cdn.ttgtmedia.com/rms/onlineimages/ipv6_transition_roadmap.pdf.pdf" target="_blank" rel="noopener noreferrer">this checklist</a> to follow a phased, multi-year approach toward IPv6 adoption.</p> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="How to measure IPv6 adoption success"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to measure IPv6 adoption success</h2> <p>The following metrics and KPIs can help organizations track IPv6 readiness and measure implementation progress:</p> <ul class="default-list"> <li>IPv6-enabled traffic and assets percentage.</li> <li>IPv4 dependency reduction.</li> <li>IPv6 security coverage parity of firewalls, intrusion detection systems/intrusion prevention systems, logging, SIEM and more.</li> <li>Application and OS readiness rate.</li> <li>External dependency compliance, such as the percentage of vendors, partners and SaaS providers that support IPv6 natively.</li> <li>IPv6 incident and misconfiguration rate.</li> </ul> <p>These KPIs show progress from basic IPv6 enablement to operational readiness, demonstrating that this is a measurable transformational journey, not a one-time project.</p> <p>Treat the IPv6 transition as a strategic enabler that delivers scalability, security modernization and ecosystem alignment in addition to compliance. IPv6 readiness is increasingly tied to future growth, market access and innovation capacity.</p> <p><em>Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to TechTarget Editorial, The New Stack and CompTIA Blogs.</em></p> </section> Although aimed at government agencies, IPv6 mandates are pushing private enterprises to modernize networks to increased costs, security risks and collaboration barriers. https://cdn.ttgtmedia.com/rms/onlineimages/check_g1252809597.jpg https://www.techtarget.com/searchnetworking/tip/How-IPv6-mandates-influence-enterprise-network-strategy Thu, 21 May 2026 00:00:00 GMT How IPv6 mandates influence enterprise network strategy <p>Cisco is working to extend its networking leadership into the age of quantum computing.</p> <p>The company revealed a prototype Thursday of what it calls a "universal quantum switch," one that understands the encoding modalities of different types of quantum computers so they can be networked in the same way classical computers are today.</p> <p>The switch works at room temperature and can hook into existing fiber optic networks. Unlike today's commercial <a href="https://www.techtarget.com/searchnetworking/news/252454768/Cisco-sees-the-future-of-switching-in-Luxtera-silicon-photonics">photonic switches</a>, these switches preserve the quantum entanglement of photons, allowing them to convey complex quantum states.</p> <p>"Cisco's quantum network greatly expands the possibilities of quantum computing by allowing the networking of several smaller quantum computers into an effectively larger one, even if the underlying physics of the quantum computers are substantially different," said Mark Horvath, a Gartner analyst, in an email.</p> <p>In February, Cisco, in partnership with Qunnect, <a target="_blank" href="https://outshift.cisco.com/blog/quantum/scalable-quantum-entanglement-networking" rel="noopener">set up</a> a quantum network over a noisy commercial fiber optic conduit from Brooklyn to the 60 Hudson Street telecommunication carrier hotel in Manhattan. They were able to convey 5,400 qubit pairs per hour over the 17.6-kilometer route, about 10,000 times faster than any previous experiments, Cisco researchers asserted.</p> <p>"Cisco Quantum's recent validation results from working with Qunnect in NYC were fascinating and good evidence of solid advancements, proving quantum networking can work over distances and without supercooling," said Jim Frey, Omdia principal analyst for networking, in an email.</p> <section class="section main-article-chapter" data-menu-title="A need for quantum networking"> <h2 class="section-title"><i class="icon" data-icon="1"></i>A need for quantum networking</h2> <p>Quantum computing promises to solve complex problems too difficult for today's classical computers, in areas such as financial modeling, drug discovery, weather exploration and logistics planning.</p> <p>Even after decades of research, however, quantum computers are still far from where they need to be to run these complex workloads, which would require hundreds of thousands or even millions of quantum bits -- or <a href="https://www.techtarget.com/whatis/definition/qubit">qubits</a> -- to model.</p> <p>Today's most powerful quantum computers, however, can juggle at most only a few thousand qubits at once, and with vigorous research in the next few years, that number might only jump to the low tens of thousands.</p> <p>"There's a big gap between the number of qubits we need and the number of qubits we have," said Vijoy Pandey, senior vice president and general manager of Outshift, Cisco's emerging technologies and incubation group, during a press conference this week.</p> <p>So, it would be natural to borrow a technique from the high-performance computing community and lash quantum computers together to get the required power needed to tackle these jobs in a distributed manner.</p> <p>A network of computers would scale faster than trying to vertically build up a single computer, Pandey argued.</p> <p>"In order to reach the total compute capacity needed for quantum computing to be broadly viable, and to make the system secure, it will be necessary to chain quantum computers together via quantum networking," Frey agreed.</p> </section> <section class="section main-article-chapter" data-menu-title="Cisco doing what it does best"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Cisco doing what it does best</h2> <p>Cisco's universal quantum switch works just like a typical data center switch but adjusted for quantum traffic. It accepts the incoming quantum signal, internally converts it to a neutral common modality for routing, and sends it out in the correct modality for the receiving system -- preserving the quantum state all the while.</p> <p>Classical internet routing differs from what would be required for the quantum realm. The internet operates on a store-and-forward approach, but a quantum network must establish an open path between the source and destination first to share the entanglement state.</p> <p>"For now, we think of quantum networking as completely different from classical networking. Distributing quantum states is a completely separate way of doing things," said Ramana Kompella, Cisco fellow and head of Cisco research, during the press conference.</p> <p>Quantum computing states are fragile, Kompella said. A pair of photons can be entangled to produce a qubit, and the more photons you can entangle, the more information you can convey. Moving a quantum state from one processor to another, called <i>teleportation</i>, requires preserving each qubit's entanglement properties. But electromechanical noise can easily destroy a qubit. The more devices a state of qubits passes through, the more a potential loss of fidelity compounds.</p> <p>Different quantum systems have different encoding modalities, much like early classical computers were incompatible with one another. <a href="https://www.techtarget.com/searchdatacenter/feature/Companies-building-quantum-computers">IBM quantum systems</a> have a different modality, for instance, from those built by Atom Computing. This is not vendor lock-in for its own sake, Kompella said. Different applications favor different modalities.</p> <p>Cisco partnered with both IBM and Atom for this switch, which will support four modalities:</p> <ul class="default-list"> <li>Polarization, where the orientation of light waves carries information.</li> <li>Time-bin, where the timing of light pulses carries information.</li> <li>Frequency-bin, where the color or frequency of light is used to carry information.</li> <li>Path, where the physical or spatial path carries information.</li> </ul> <p>"We don't know which of these technologies will be dominant," said Reza Nejabati, head of Cisco quantum research and quantum labs, during the press conference. "So the network can support any of them."</p> <p>Fast switching was also imperative. The Cisco switch can reconfigure connection in as little as a nanosecond, while consuming less than a milliwatt of power.</p> <p>Key to the switching process is a silicon-based quantum state converter, which, using quantum tomography, converts qubits into an internal encoding format for routing. They are then converted back, without being measured or destroyed, to their original encoding, or to one of the other encoding formats, at their destination.</p> <p>Unlike other qubit management approaches, the switch can operate at room temperature, thanks to the frequency of telecommunications fiber optic channels and the internal encoding format.</p> <p>The work builds on previous Cisco research as part of its Outshift quantum incubation program, including a quantum network entanglement chip to link the quantum computers to the network, and a network-aware quantum compiler that orchestrates quantum algorithms across multiple quantum processors -- handy for error correction.</p> </section> <section class="section main-article-chapter" data-menu-title="The next steps for quantum networking"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The next steps for quantum networking</h2> <p>The Cisco universal switch is still in the prototype phase. It will be several years before it is released commercially, as the supporting stack for end-to-end operation needs to be finalized. For instance, the company will need to build a repeater of some sort because quantum signals can only travel about 100 kilometers or so.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> This is a seismic breakthrough that will bring solutions into reach for many problems that were years beyond today's existing generation of quantum computers. </figure> <figcaption> <strong>Mark Horvath</strong>Gartner analyst </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>In the more immediate term, researchers will post a paper explaining the technology on ArXiv.</p> <p>"This is a seismic breakthrough that will bring solutions into reach for many problems that were years beyond today's existing generation of quantum computers," Horvath said.</p> <p>In addition to putting quantum computing on a more solid commercial footing, quantum networking may open up new uses on its own, Kompella said.</p> <p>For instance, a quantum network could give high-frequency trading (HFT) firms a competitive edge. An HFT firm might run across multiple data centers, and when it makes a purchasing decision in one data center, it should replicate as quickly as possible in the other locations.</p> <p>Today, the network is the bottleneck for HFT, in that it limits the speed at which that information can be moved to near the speed of light. <a href="https://www.techtarget.com/searchnetworking/tip/An-introduction-to-quantum-networks-and-how-they-work">Quantum communications</a> could beat what was previously thought to be the physical upper limit by coordinating the decision-making process ahead of time through entanglement, according to Pandey.</p> <p>"Coordinated decisions [that run] faster than the speed of light actually give you a substantial advantage compared to any classical strategy," Kompella said.</p> <p><i>Freelance news writer Joab Jackson has been writing about back-end IT technologies for the past three decades. His grandfather programmed mainframes, and his father wrote computer games for hobbyist programming magazines in the 1980s.</i></p> </section> Cisco's quantum switch prototype operates like a data center switch and supports four encoding modalities. It marks a step forward in making quantum computing 'broadly viable.' https://cdn.ttgtmedia.com/rms/onlineimages/arvr_g1273484747.jpg https://www.techtarget.com/searchnetworking/news/366642172/Cisco-unveils-quantum-network-advancements Thu, 23 Apr 2026 09:00:00 GMT Cisco unveils quantum network advancements <p>Edge and physical AI are still uncommon in enterprises, but emerging AI inference capabilities at the far reaches of corporate networks portend sweeping changes across industries, experts say.</p> <p>Updates across chip hardware, robotics and even observability tools over the past two months are paving the way for a world of edge and physical AI within the next three to five years. Nvidia and its partners, including enterprise server and networking vendors, made significant updates to edge and physical AI hardware at this year's <a href="https://www.techtarget.com/searchitoperations/news/366640420/Nvidia-NemoClaw-JFrog-shore-up-OpenClaw-security">Nvidia GTC conference</a>, introducing more compute power to edge locations such as cell phone towers. This will lay the groundwork for the next generation of the internet and mobile computing infrastructure, and the next generation of enterprise applications that run on them, according to industry watchers.</p> <p>"Inference at the edge is the long-tail battle for AI," said Rob Strechay, an analyst at TheCube Research and Smuget Consulting. "Use cases could range from things like fraud detection, cybersecurity and customer experience using AI as the interface to applications, similar to how 'talking to your data' has really changed business intelligence. There is also a big sovereignty play with inference at the edge, models developed centrally and customer data kept in-region for specific customers."</p> <p>Enterprise software vendors are also taking notice. This month, Dynatrace acquired data pipeline startup Bindplane, partly in anticipation of changes that edge AI workloads will bring to how data is managed and routed across enterprise networks, along with a further explosion in <a href="https://www.techtarget.com/searchitoperations/feature/Industry-tackles-observabilitys-data-management-problems">observability data volume</a>.</p> <p>"The most important reason [for the acquisition] was very large customers who wanted ... an acceleration of our telemetry pipeline processing capabilities [to] standardize how they do telemetry processing all the way [from] the edge to any destination," said Bob Wambach, vice president of portfolio and strategy at Dynatrace. "It's [about] this combination of the volume of data that they have, especially with the acceleration of agentic AI initiatives, and then the number of source points for it, being able to scale to millions of connection points."</p> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/onlineimages/wambach_bob.jpg" alt="Bob Wambach, vice president of portfolio and strategy, Dynatrace">Bob Wambach </div> <p>Bindplane's architecture separates its <a href="https://www.techtarget.com/searchitoperations/podcast/OpenTelemetry-adapts-to-AI-observability">OpenTelemetry-based</a> data collection and routing from its centralized control plane for data management, creating a scalable framework for data-center-to-edge observability that will serve as necessary scaffolding for edge AI, Wambach said.</p> <p>"When you think about retail, with people that want not just their aggregated store [data], but maybe they want [data] down to each point of sale terminal, or vehicle fleet management, where every single truck in a fleet is throwing off data, there's just a whole other area of value that you can provide being able to show and analyze data that [enterprises] never had before at this granular level," he said.</p> <section class="section main-article-chapter" data-menu-title="Nvidia's edge and physical AI bonanza"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Nvidia's edge and physical AI bonanza</h2> <p>Edge computing and IoT aren't new, but what is new is the availability of more powerful, more compact GPU processors and <a href="https://www.techtarget.com/searchenterpriseai/tip/Why-small-language-models-are-on-the-rise">small language models</a> suitable for remote regions of the network, from cell phone network towers to mobile devices to sensors on factory-floor robots.</p> <p>Among the many big splashes for Nvidia at its GTC conference in March was the release of its RTX Pro 4500 chip, designed for light data center inferencing and edge inferencing, with half the power draw of the higher-end RTX 6000 released in 2025. The RTX Pro 4500 chip was unveiled with pledges of support from most of the major enterprise IT vendors, including Cisco, Dell and HPE.</p> <p>"As you get deeper in the network, we want to be able to put potentially more cost-effective, power-effective GPUs into servers," said Kevin Wollenweber, senior vice president and general manager of data center and internet infrastructure at Cisco, during an interview with Informa TechTarget in March.</p> <p>Late last year, Cisco launched a set of unified edge devices that have compute, storage and networking built in for more remote deployments, and the RTX Pro 4500 will be slotted into some of those devices, Wollenweber said.</p> <p>"For some of these localized use cases, video transcoding or video analysis, we can actually put GPUs inside of a warehouse or in remote sites to do localized processing using AI with smaller language models, versus pulling those back to a data center with LLMs," he said.</p> </section> <section class="section main-article-chapter" data-menu-title="Edge AI's implications for enterprise"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Edge AI's implications for enterprise</h2> <p>Enterprises already have their hands full <a href="https://www.techtarget.com/searchcloudcomputing/news/366638851/Cloud-infrastructure-suffers-AI-growing-pains">scaling AI in data centers</a>, and few have run AI inference at scale in large edge and IoT environments so far, but edge AI still became the subject of growing buzz in the industry this year following GTC.</p> <p>"At KubeCon in Amsterdam, we were talking a lot about cloud factories reaching edge locations reliably and economically," said Torsten Volk, an analyst at Omdia, a division of Informa TechTarget. "That opens up a whole range of AI use cases that need low-latency responses to actually work, [such as] visual inspection of items during a production process, direct customer interaction in retail, controlling medical equipment in hospitals, etc."</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Once organizations start running inference locally and see what's possible, the use cases multiply way beyond what anyone planned for initially. </figure> <figcaption> <strong>Mike Leone</strong>Analyst </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Systems developed for <a href="https://www.techtarget.com/searchitoperations/news/366637049/Enterprise-IT-awaits-ripple-effect-from-Nvidia-Vera-Rubin">AI inference efficiency</a> also potentially have a unique appeal to enterprises with less rigorous demands -- and smaller budgets -- than frontier model developers, said Mike Leone, an analyst at Moor Insights & Strategy, who was an analyst at Omdia at the time of his March interview with Informa TechTarget.</p> <p>"Most enterprises are never going to build massive GPU clusters, and they don't need to," he said. "The RTX Pro 4500 changes the equation because it puts cost-effective AI inference into standard workstations and edge servers without specialized cooling or a facility retrofit. Think manufacturing floors, hospital imaging labs, retail back offices. Once organizations start running inference locally and see what's possible, the use cases multiply way beyond what anyone planned for initially."</p> </section> <section class="section main-article-chapter" data-menu-title="Physical AI edges toward reality"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Physical AI edges toward reality</h2> <p>During the first quarter of 2026, Cisco, Dell, HPE and Nvidia also launched updates for AI inference in radio area networks (RAN), including partnerships with telcos such as AT&T and T-Mobile to push more processing power into edge networks, with the goal of enabling physical AI.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> We're starting to see early but meaningful signals, especially in manufacturing, robotics and environments where decisions directly interact with the physical world. </figure> <figcaption> <strong>Varun Raj, </strong>Head of platforms, global consulting firm </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Physical AI integrates with systems such as robots, drones and autonomous vehicles, using sensors and generative AI models to perform autonomous operations. Alongside hardware updates at GTC, Nvidia showcased its Omniverse collection of libraries, blueprints and microservices for <a href="https://blogs.nvidia.com/blog/gtc-2026-virtual-worlds-physical-ai/">developing physical AI applications</a> . Omniverse includes tools such as the open source Isaac AI robot development program and the Newton Physics Engine, along with Cosmos world models and Groot robotics foundation models.</p> <p>This is an even more nascent area than edge AI for enterprises, where significant reliability challenges remain, said Varun Raj, head of private cloud platforms, AI platforms, infrastructure and enterprise workloads for a global consulting firm.</p> <p>"We're starting to see early but meaningful signals, especially in manufacturing, robotics and environments where decisions directly interact with the physical world," Raj said. "What's notable is that these systems amplify the same failure modes, but with far less tolerance for correction. That's likely to drive a convergence between AI systems and traditional control systems engineering, where bounded behavior and predictable failure modes matter more than raw capability."</p> <p>In the meantime, companies such as Booz Allen Hamilton are already working with telcos on <a href="https://www.computerweekly.com/news/366633732/NVIDIA-Nokia-pioneer-AI-platform-for-6G-comms">6G cellular technology</a>, which will combine with edge and physical AI to transform mobile computing within the next three to five years, with potentially industry-shifting results, according to Bill Vass, CTO at Booz Allen.</p> <p>"In some ways, AI RAN is a component of 6G, and it is transformational for the way the cell phone towers will work in the future," Vass said. "Trees affect them, buildings affect them. … By putting AI at the edge, the cell phone tower can effectively learn its environment by measuring reflections and attenuation to its users, and it can increase its coverage – it's an important part of the next generation of cell service."</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/jensen_olaf-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/jensen_olaf-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/jensen_olaf-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/jensen_olaf-f.jpg 1280w" alt="Jensen Huang, Nvidia, and robot Olaf, Nvidia GTC 2026" data-credit="Livestream screenshot" height="315" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Nvidia CEO Jensen Huang shares the stage with a robot version of the Disney character Olaf during a keynote presentation about physical AI at Nvidia GTC 2026. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="6G, AI and the next generation of the internet"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6G, AI and the next generation of the internet</h2> <p>With more computing power in cell phone towers, the <a href="https://www.techtarget.com/searchsoftwarequality/news/366628314/NimbleEdge-proposes-cure-for-on-device-AI-development-pain">processing power of edge devices,</a> from mobile phones to robots, will not be limited by local hardware resources, raising heady possibilities for the future of software and applications from consumers to enterprises, Vass said.</p> <p>"You can imagine adding all sorts of different types of sensors to the cell phone tower to let it do more than just AI RAN and cellular communications and processing, now that you've got GPUs there," he said. "If you're deploying a remote application as part of your business for your customers, you might be able to say, 'My customers' cell phones don't have enough GPUs to run this entrance app, but I can run it on the tower,' and it'll feel just like it's on their phone because it's so low latency between the phone and the tower."</p> <p>Other companies are already developing such applications, such as Personal AI, which is working with Comcast's AI Grid, first targeting consumers and small businesses, but ultimately enterprises as well, according to its CEO, Suman Kanuganti.</p> <p>"For example, a small business owner who has three or four phone lines, who doesn't have enough staff to pick up 80% of calls, has $100,000 lost income on a yearly basis," Kanuganti said. "If you put AI in their existing phone, that is private to them, with data that is specific to them, about their prices, their listings, that grows and evolves with them and also establishes the [customer] relationships."</p> <p>Larger companies could create similar personalized AI for employees and use physical AI to boost what virtual workers can do, Kanuganti said. Edge AI delivered via telecom networks could also avoid some of the <a href="https://www.techtarget.com/searchitoperations/news/366638794/AI-security-worries-stall-enterprise-production-deployments">cybersecurity headaches</a> enterprises have encountered with AI in data centers.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The AI grid becomes … a necessity for providing this next generation of internet in the form of AI, democratized to everybody. </figure> <figcaption> <strong>Suman Kanuganti, </strong>CEO, Personal AI </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>"Telecom is a highly regulated industry -- every phone call that goes in is governed by federal regulations, so there are zero chances for that data to be going to any cloud whatsoever," he said.</p> <p>Moreover, telecom networks have already built the infrastructure to absorb AI workloads, according to Kanuganti.</p> <p>"Telcos also already have distributed power. They already have distributed real estate. They have distributed compute, and more importantly, they have the data layer, the pipes that actually move the data from place to place," he said. "[As] we start creating the next generation of workflows, we anticipate going from whatever internet traffic today is to five times that with AI. That's where the AI grid becomes not a fancy toy, as much as it becomes a necessity for providing this next generation of internet in the form of AI, democratized to everybody."</p> <p>From there, the implications for individuals and enterprises alike are, in some ways, still unimaginable right now, according to Vass, who has previously held leadership roles at AWS and the Department of Defense.</p> <p>"When I was at the Pentagon, we commercialized GPS, and I remember telling people that everyone will have a laptop screen in their car," Vass said. "They thought I was crazy, but I never thought about Lyft and Uber and DoorDash -- it's very hard to know, when you enable a capability, how people will use it."</p> <p><em>Beth Pariseau, senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism. Have a tip? </em><a target="_blank" href="mailto:bpariseau@techtarget.com?subject=News%20tip" rel="noopener"><em>Email her</em></a><em> or connect on </em><a target="_blank" href="https://www.linkedin.com/in/bethpariseau" rel="noopener"><em>LinkedIn</em></a><em>.</em></p> </section> Just as the enterprise is wrapping its mind around scaling AI in data centers, another seismic shift is emerging on the outskirts of corporate networks. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a205627811.jpg https://www.techtarget.com/searchitoperations/news/366641741/Edge-and-physical-AI-poised-to-upend-enterprise-networks Wed, 15 Apr 2026 17:30:00 GMT Edge and physical AI poised to upend enterprise networks <p>Nvidia GTC 2026 was bigger and broader than ever, reflecting the continued, relentless growth of demand and rapid pace of change and innovation in the AI sector. Nvidia has placed itself at the center of it all, as the key supplier of a growing number and variety of xPUs and the related systems that underpin the most advanced AI factories.</p> <p>Equally important is the size of the ecosystem that Nvidia has cultivated across the full AI stack, as reflected by the 400+ exhibitors on the exposition floor. </p> <section class="section main-article-chapter" data-menu-title="Nvidia GTC highlights"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Nvidia GTC highlights</h2> <p>Nvidia CEO Jensen Huang highlighted several important developments from the Nvidia mainstage keynote, including the following:</p> <ul class="default-list"> <li><b>NemoClaw overview.</b> NemoClaw, a safe environment for OpenClaw built on OpenShell, offers enterprises a path to safely use the approach to <a href="https://www.techtarget.com/searchenterpriseai/tip/How-to-build-your-first-agentic-AI-system">building and running AI agents</a>.</li> <li><b>Token production efficiency. </b>Incorporating Nvidia Groq 3 LPX into the AI factory substantially extends token production velocity at the high end of the range, overcoming the inherent limitations of NVL72.</li> <li><b>Storage and performance optimization. </b>STX, the new storage reference architecture enabled by BlueField-4, reinforced data storage as an essential part of the mix that must be optimized -- along with compute and networking -- to continue <a href="https://www.techtarget.com/searchstorage/opinion/Strap-in-for-the-next-wave-of-AI">driving capacity up and incremental cost down</a>.</li> <li><b>Revenue growth. </b>Nvidia predicts<b> </b>it could generate $1T in visible revenue potential by the end of 2027. Growth will partly be due to more AI Gigafactory builds, but increasingly it will be driven by the rapid expansion in infrastructure demand for distributed inferencing. Nvidia believes the long-anticipated pivot point has been reached, and training will continue to drive revenue; AI inferencing will drive them faster from this point forward.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Tokenomics as a driver for AI business cases and ROI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Tokenomics as a driver for AI business cases and ROI</h2> <p>The AI sector is focused on <a target="_blank" href="https://medium.com/@nconleth/understanding-tokenomics-1ae2e2c2fb05" rel="noopener"><i>tokenomics</i></a>, a term with roots in blockchain and cryptocurrency but applicable to AI as well. In the world of AI, tokens are the unit of production. The capacity and performance of AI systems are measured in terms of time to first token (TTFT) and tokens per second.</p> <p>Contextual data management is measured by token retention rate. There are even efforts underway to track value per token to understand and balance quality. And, increasingly, AI services are being metered and licensed in tokens. </p> <p>According to Huang, every chief experience officer should be thinking about how much token capacity to grant each employee, and employees should be measured by how well they use their token budgets. This concept represents a means by which <a href="https://www.techtarget.com/searchenterpriseai/feature/10-AI-business-use-cases-that-produce-measurable-ROI">AI technology usage can be measured, managed and translated into business value</a>.</p> <p>Proper management and review of tokens, as with any other scarce resource, separate good use from bad. The bottom line is that everyone needs to start thinking in terms of tokenomics for business cases, KPIs and ROI across the ecosystem, from both supplier and user perspectives.</p> </section> <section class="section main-article-chapter" data-menu-title="Ecosystem highlights"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Ecosystem highlights</h2> <p>The conference featured many press releases and announcements from vendors in Nvidia's ecosystem. Findings from discussions related to enterprise networking infrastructure include the following:</p> <h3>Akamai</h3> <p>Akamai announced support for the Nvidia AI Grid reference architecture through its Akamai Inference Cloud, based on the deployment of thousands of Nvidia Blackwell GPUs and BlueField DPUs across its 4,400 global edge locations. </p> <h3>Arrcus</h3> <p>Arrcus promoted its recently announced Arrcus Inference Network Fabric, a purpose-built networking approach for optimizing the delivery of inferencing workloads across distributed environments, now integrated with Nvidia Dynamo, Nvidia BlueField-3 DPUs and Nvidia Spectrum-X Ethernet.</p> <h3>Cisco</h3> <p>Cisco announced several new products related to its Secure AI Factory initiative to simplify network design, deployment and operations. Products include the following:</p> <ul class="default-list"> <li>UCS and Unified Edge support for Nvidia RTX Pro Blackwell GPUs.</li> <li>Reference architecture support for AI Grid.</li> <li>A new N9100 switch powered by Nvidia Spectrum-6 silicon.</li> <li>Integrated support of that same N9100 switch series within Cisco Nexus Hyperfabric.</li> </ul> <p>On the security side, Cisco announced the extension of its Hybrid Mesh Firewall for policy enforcement on Nvidia BlueField DPUs connected to Cisco Nexus ONE fabrics, as well as new purpose-built guardrails for AI agents within Cisco AI Defense, including support for Nvidia OpenShell for safer <a href="https://www.techtarget.com/searchcio/feature/OpenClaw-and-Moltbook-explained-The-latest-AI-agent-craze">OpenClaw deployments</a>.</p> <h3>Cloudflare</h3> <p>Cloudflare was highlighting its offerings to directly support the development of stateful serverless AI agents, using its global Connectivity Cloud network reach and Agent Developer Platform, which includes a deep model repository, durable objects, and egress-free R2 storage for optimizing both cost and performance.</p> <h3>Dell</h3> <p>Dell continued to advance its AI Factory, with over 4,000 customers now in deployment and early adopters seeing ROI increases of nearly three times in the first year. The product uses Dell's ability to bring together compute, storage and networking, including PowerEdge servers that use both Nvidia HGX Rubin NVL8 and Vera Rubin NVL72 GPUs for high-end training, as well as RTX Pro 4500 Blackwell GPUs and the new Vera CPU for enterprise workloads in the data center. </p> <h3>Equinix</h3> <p>Equinix highlighted its recently launched Distributed AI Hub, part of the Equinix Fabric Intelligence initiative, and its first direct partnership with Palo Alto Networks to simplify and secure agentic AI deployments.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The bottom line is that everyone needs to start thinking in terms of tokenomics for business cases, KPIs and ROI across the ecosystem. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <h3>F5</h3> <p>F5 has turned its focus onto improving tokenomics outcomes -- such as TTFT, token throughput and cost per token -- by integrating its BIG-IP Next for Kubernetes with Nvidia BlueField-3 DPUs. Given that most AI applications are built using cloud-native architectures, this approach acts as a control plane that optimizes results in a manner closely aligned with where workloads reside and execute.</p> <h3>HPE</h3> <p>HPE announced new Nvidia-related capabilities across compute, networking and software realms, set to be available in 2027. Examples include integration of Nvidia Vera CPU blades and Nvidia Quantum-X800 InfiniBand networking into the HPE Cray Supercomputing GX5000 platform.</p> <p>HPE also updated its turnkey HPE Private Cloud AI offerings to expand network capacity and introduced ProLiant servers with Nvidia RTX Pro 6000 Blackwell GPU support. Additionally, the company also integrated Nvidia AI-Q and Omniverse into its design blueprints, offering self-contained options for sovereign AI factory deployments.</p> <h3>IBM</h3> <p>IBM relayed results of using Nvidia cuDF to accelerate its watsonx.data's SQL engine Presto to dramatically accelerate terabyte-scale data refresh cycles for a global foods supplier. This yields a remarkable 30x improvement in price-to-performance over prior processes. IBM also promoted its certification of IBM Storage Scale 6000 with Nvidia DGX platforms to address ongoing challenges with AI data management and storage.</p> <h3>Lenovo</h3> <p>Lenovo has been working to deliver AI infrastructure in multiple forms, from Gigafactory architectures to laptops and workstations powered by Nvidia RTX Pro Blackwell GPUs for local inferencing. It also launched an industry-vertical platform focused on improving fan experience, revenue growth, business performance and operational efficiency for global sports organizations.</p> <h3>Nokia</h3> <p>Nokia announced a slew of new optical components and amplifiers for use within and between data centers, coming available later this year and into 2027. </p> <h3>Nutanix</h3> <p>Nutanix focused on addressing challenges with <a href="https://www.techtarget.com/searchenterpriseai/tip/Optimizing-hybrid-cloud-architecture-for-AI-workloads">deploying AI workloads in mixed environments</a>, where both cloud-native and virtual compute components will be present. The company also announced its Nutanix Agentic AI platform, a full software stack designed to help accelerate agent development, security and operational deployment.</p> <h3>WEKA</h3> <p>WEKA announced the general availability of the NeuralMesh AI Data Platform, which aims to make scaling high-performance data pipelines seamless as AI workloads move from PoC to production. WEKA also announced the Augmented Memory Grid, which provides accelerated data pipelining for existing Nvidia-based AI factories, similar to how the new Nvidia STX architecture will work with future reference architectures.</p> </section> <section class="section main-article-chapter" data-menu-title="The AI wave continues"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The AI wave continues</h2> <p>When attending an event built around an individual technology vendor, it's usually easy to see through even the most carefully constructed frameworks of stories and promises. But when those stories come from a chorus of surrounding voices, it's much more convincing.</p> <p>Getting the market timing right is one thing, and it has a lot to do with Nvidia's success, following years of tireless devotion to PC GPU cards. But one must also credit Nvidia's vision and execution in building and nurturing an ecosystem that can sustain and compound opportunities, sharing both the risks and the rewards.</p> <p>Lingering questions about whether the massive AI buildout is a bubble or a wave remain. <a href="https://www.techtarget.com/whatis/feature/Explaining-an-AI-bubble-burst-and-what-it-could-mean">Bubbles can grow very large but fail to deliver and pop</a> when overhyped based on hype rather than measurable value. Waves also start large but carry on due to a successful translation into outcomes.</p> <p>AI is a big technology wave, and it's not showing any signs of slowing. In fact, quite the opposite is happening -- it's still building. The positive value outcomes are already being documented, and we now stand on the threshold of the era of AI inferencing, where the real and measurable values start rolling in, in ever-increasing volume.  </p> <p><em>Jim Frey covers networking as principal analyst at Omdia.</em></p> <p> <em>Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.</em></p> </section> Nvidia GTC 2026 underscored surging AI infrastructure demand and ecosystem growth. Tokenomics and inferencing are emerging as key drivers of future value. https://cdn.ttgtmedia.com/rms/onlineimages/security_a244600171.jpg https://www.techtarget.com/searchnetworking/opinion/Infrastructure-highlights-from-Nvidia-GTC-2026 Thu, 26 Mar 2026 14:00:00 GMT Infrastructure highlights from Nvidia GTC 2026 <p>Environmental, social and governance principles shape how companies intend to achieve sustainability and ethical goals.</p> <p>For IT companies, one of the key ways to reach ESG goals is to minimize their energy consumption even as they reduce the overall environmental footprint of their operations. By ensuring their networks are as environmentally efficient as possible, companies can reduce operational costs, <a href="https://www.techtarget.com/searchsecurity/tip/Top-10-enterprise-data-security-best-practices">strengthen data security</a> and gain stakeholder trust.</p> <p>The road to network-efficient ESG isn't easy, however. Networking is complex, encompassing data centers, infrastructure, fixed and mobile networks, a myriad of end-user devices and low-power IoT products. Investing in energy-efficient networks can be expensive. Compatibility with existing enterprise hardware is another challenge.</p> <section class="section main-article-chapter" data-menu-title="Improving network efficiency"> <h2 class="section-title"><i class="icon" data-icon="1"></i><a name="_jw5jptjdh6ox"></a>Improving network efficiency</h2> <p>The world generated more than 175 zettabytes of data in 2025, according to an IDC study. The data centers processing all that information consumed more than 400 terawatt hours (TWh) of electricity -- 1.5% of the world's total -- in 2024, according to a <a href="https://www.iea.org/reports/energy-and-ai/energy-demand-from-ai">report</a> from the International Energy Agency. Energy consumption by data centers is projected to grow to 500 TWh in 2026, the agency said.</p> <p>Cooling and environmental control account for more than 30% of electricity bills. Storage and networking equipment account for roughly 5% of data center electricity consumption. Power-hungry networking equipment, including routers, switches and access points, add significant totals to the carbon footprint.</p> <p>Legacy, outdated or underutilized networking equipment contributes to operational waste through frequent upgrades and shorter lifecycles. Hardware and software significantly contribute to greenhouse emissions.</p> </section> <section class="section main-article-chapter" data-menu-title="ESG's influence on network operations"> <h2 class="section-title"><i class="icon" data-icon="1"></i><a name="_hm989slvhyq6"></a>ESG's influence on network operations</h2> <p>Enterprises consider the efficiency and recyclability of networking equipment in setting ESG targets. But that's only one piece of the puzzle. They also evaluate the role <a href="https://www.techtarget.com/searchnetworking/opinion/The-top-5-predictions-for-networking-technology-trends-in-2020">innovative technologies</a> can play to help them reach their goals without compromising their existing network operations.</p> <p>Below are some approaches companies use to meet their network efficiency and ESG targets.</p> <h3>Software-defined networking</h3> <p>SDN separates the network's hardware plane from its control plane; as a result, the network is centrally managed through software rather than manual configuration. SDN <a href="https://www.techtarget.com/searchdatacenter/feature/How-to-realize-the-benefits-of-software-defined-infrastructure">improves data center network</a> provisioning, traffic and routing efficiency, flexibility and security. SDN can also be used to identify and manage idle machines, thereby enforcing energy-efficient policies across enterprise networks. Cloud-based SDN can further reduce operational waste and associated costs. </p> <h3>Network topology selection</h3> <p>Fewer hops and shorter routing paths result in lower energy consumption throughout the operation. Consider a centralized star or tree with SDN to optimize the network. The same applies to high-performance computing within hyperscale data centers. Other topologies, such as torus and dragonfly, tend to consume less power and perform more efficiently under various loads.</p> <h3>Virtualization</h3> <p>Network functions virtualization (NFV) lets companies use software and off-the-shelf servers to replace firewalls, routers, load balancers and other dedicated hardware. SDN-based network virtualization can run <a href="https://www.techtarget.com/searchdatacenter/feature/NFV-systems-converge-virtual-network-services-at-the-edge">multiple virtual networks</a> over the same set of devices, optimizing energy and costs.</p> <h3>NaaS</h3> <p>NaaS allows enterprises to rent networking equipment, software, frequency band allocations, Wi-Fi and other parts of network infrastructure, even as it shifts CapEx costs to OpEx. Companies pay only for what they use, helping them reduce their energy consumption and carbon footprint.</p> </section> <section class="section main-article-chapter" data-menu-title="Network strategies for ESG"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Network strategies for ESG</h2> <p>Some networking strategies, such as <a href="https://www.techtarget.com/searchnetworking/infographic/What-is-intent-based-networking-and-how-does-it-work">intent-based networking</a> and zero-trust network access, are inherently primed for ESG.</p> <ul class="default-list"> <li><b>IBN.</b> Uses AI and machine learning to optimize the network and implement policies that align with business goals. The approach -- with its centralized policy-driven control -- meets regulatory compliance and transparency goals even as it helps build trust among employees, leaders and stakeholders. IBN can serve as an energy-conscious tactic that meshes efficiency and governance.</li> <li><b>ZTNA.</b> An enterprise standard in reducing risk exposure of critical data. ZTNA can improve accountability and strengthen governance by enforcing strict policies.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Best practices for aligning networks with ESG goals"> <h2 class="section-title"><i class="icon" data-icon="1"></i><a name="_a21qhitzwjmc"></a><a name="_pje365dooydd"></a>Best practices for aligning networks with ESG goals</h2> <p>The first step for aligning a network with ESG is to invest in energy-efficient hardware and protocols. Reduce the power consumption of Ethernet devices by complying with IEEE 802.3az. Low power idle mode, rapid wake-up and adaptive power usage help optimize the network for sustainability. Deploy dynamic power scaling and adopt adaptive link rate technologies. Cloud-based services, such as SDN, NFV, and NaaS, are integral to energy-efficient networking.</p> <p>Below are some other considerations for optimizing a network for ESG.</p> <h3>Content-centric networking</h3> <p>Implementing CCN -- even if it's only in a portion of the existing enterprise network -- can help companies <a href="https://www.techtarget.com/searchnetworking/tip/Explore-the-business-benefits-of-content-centric-networking">optimize bandwidth and reduce redundant traffic</a>.</p> <h3>Edge computing</h3> <p>Edge computing and IoT integration are methods to fulfill network efficiency ESG goals. Low-power devices that operate offline avoid round-trip requests and keep data close to the generation point. Data transfer is fast and less energy-intensive.</p> <h3>Choose green electricity</h3> <p>According to a <a target="_blank" href="https://www.ericsson.com/en/reports-and-papers/mobility-report/dataforecasts/ict-carbon-footprint-decreasing" rel="noopener">report</a> from Ericsson, the information and communications technology sector -- which encompasses data centers, networks and IoT devices -- reduced its greenhouse gas emissions by 3.8% from 2020 to 2024, in significant part due to the integration of solar- and wind-based renewable energy in data centers.</p> <h3>Social initiatives</h3> <p>Networking-related innovations enable enterprises to improve social outcomes even as more of the world's population gains access to digital services and essential resources. Big telecoms, network operators, SIM card companies, and various other enterprises target <a href="https://www.techtarget.com/searchnetworking/feature/Broadband-equity-initiatives-bridge-digital-divide-in-K-12">economically challenged or remote and underserved areas</a>.</p> </section> <section class="section main-article-chapter" data-menu-title="Strengthening ESG through the network"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Strengthening ESG through the network</h2> <p><a name="_x84gdph7qdw6"></a>ESG reporting is critical to success. Gathering and maintaining reliable network data, in the form of audit logs and records, enables tracking of sustainability metrics and regulatory compliance. Enterprises must hold themselves accountable for ESG performance and continuously optimize ESG strategies for the future.</p> <p><em>Venus Kohli is an engineer turned technical content writer, having completed a degree in electronics and telecommunication at Mumbai University in 2019. Kohli writes for various tech and media companies on topics related to semiconductors, electronics, networking, programming, quantum physics and more.</em></p> </section> From SDN to green electricity, network optimization plays a critical role in helping enterprises reduce emissions, cut costs and align IT operations with ESG goals. https://cdn.ttgtmedia.com/rms/onlineimages/esg_a488313427.jpg https://www.techtarget.com/searchnetworking/tip/How-network-efficiency-advances-ESG-goals Thu, 26 Feb 2026 18:15:00 GMT How network efficiency advances ESG goals <p><a href="https://www.techtarget.com/searchnetworking/definition/5G">5G</a> marketing initially focused on the tremendous speed, latency and bandwidth improvements as well as leading-edge features that it offers mobile consumers. But the technology's potential for serious business use has become a major part of the story, including how <a href="https://www.techtarget.com/searchnetworking/definition/private-5G">private 5G</a> networks might reshape organizational wireless connectivity in the years to come.</p> <section class="section main-article-chapter" data-menu-title="What is private 5G?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is private 5G?</h2> <p>As the name implies, private 5G is a wireless network that uses the latest generation of cellular technology and is implemented for an organization's exclusive use. Private 5G is one of many wireless options beyond Wi-Fi that help tech-savvy enterprises use the right technology for their specific wireless needs. IoT applications are a prominent use case.</p> <p>The <a href="https://www.infosys.com/iki/techcompass/private-5g-network-deployments.html" target="_blank" rel="noopener">building blocks</a> of private 5G include cloud management, radio access hardware -- often referred to as a radio access network (RAN) -- and the private 5G core, also known as the <i>packet core</i>. Without end nodes, private 5G would have no purpose, so client devices are another essential part of any private 5G system.</p> <p>Types of private 5G deployment include the following:</p> <ul class="default-list"> <li><b>Standalone.</b> In this model, all the needed components form a system inside the organization's logical and operational boundaries, with dedicated hardware throughout. It's usually supported in-house by staff who have been trained on it.</li> <li><b>Hybrid. </b>While there can be a range of subtle variations, the primary hallmark of a hybrid private 5G network is the use of both private RAN hardware and public cellular carriers for broader connectivity.</li> <li><b>As a service.</b> As with any as-a-service model, this approach makes the private 5G environment someone else's responsibility to implement and support. Private 5G as a service might use aspects of the standalone or hybrid models, but in every case it is run by a third party.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="How to build a private 5G network"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to build a private 5G network</h2> <p>Building a private 5G network follows the same critical-path steps for building any sort of wireless network. It starts with defining requirements: What does the network specifically need to do, and for what end devices? Then qualified staff must design both the radio coverage layer and the core environment based on those requirements.</p> <p>The design might be as simple as one virtual LAN and one private slice network (PSN) -- loosely, the cellular equivalent to the <a href="https://www.techtarget.com/searchmobilecomputing/definition/service-set-identifier">SSID</a> that identifies a Wi-Fi network -- or as complicated as many VLANs and PSNs for different use cases. Then comes product selection, installation and design verification testing.</p> <p>Finally, everything is scrutinized against the beginning requirements to make sure the network does what it's supposed to at the most granular operational levels. I've made it sound easy here, but, in reality, building a private 5G network increases in complexity based on the size of the environment being covered as well as the sophistication of the requirements.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/networking-private_5g_network_architecture-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/networking-private_5g_network_architecture-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/networking-private_5g_network_architecture-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/networking-private_5g_network_architecture-f.png 1280w" alt="diagram of private 5G network architecture" height="364" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Take a closer look at the components and connections of private 5G networks. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Private 5G vs. Wi-Fi"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Private 5G vs. Wi-Fi</h2> <p>Wi-Fi can be considered both the dominant and incumbent wireless network access method for enterprises, given its long history and frequent evolution. Nevertheless, private 5G is gaining market share alongside <a href="https://www.techtarget.com/whatis/definition/Wi-Fi6">Wi-Fi 6</a> because its unique characteristics make it better suited for certain uses.</p> <p>Here's <a href="https://www.techtarget.com/searchnetworking/feature/A-deep-dive-into-the-differences-between-5G-and-Wi-Fi-6">how 5G and Wi-Fi 6 compare</a> in key areas:</p> <ul class="default-list"> <li><b>Coverage.</b> This is an important characteristic of any wireless network, but context matters. Often, Wi-Fi cells are purposely kept very small for better client density, given how popular the 802.11 Wi-Fi standard is, as measured in client count and variety. But as a general rule, a single private 5G access point can cover the same area as a few strong Wi-Fi access points or as many as 15-20 small Wi-Fi cells. Higher power, cellular-type antenna placements and spectrum that has fewer line-of-sight requirements than Wi-Fi all contribute to private 5G's wider coverage.</li> <li><b>Robustness.</b> Private 5G works in protected spectrum, using cellular protocols for more efficient client roaming and traffic flow. Private 5G is also subject to far less interference than the unlicensed bands where Wi-Fi operates.</li> <li><b>Security.</b> Wi-Fi has the flexibility to be quite wide open or extremely locked down from a network security perspective. With private 5G, all clients need to be "subscribers" at the SIM level, and strong encryption is a requirement. Is one technology better than the other for security? It all comes down to your operational goals.</li> <li><b>Throughput.</b> In theory, both Wi-Fi and private 5G have the potential to deliver fantastic throughput that exceeds that of many wired options. In reality, both technologies tend to be over-hyped compared with their real-world throughput. What users actually get for throughput depends on factors like overall client count, specific client capabilities and distance from access points.</li> <li><b>Client market.</b> There is an order of magnitude more client device types and myriad client capabilities in the decades-old Wi-Fi world. But the private 5G client market is growing. At the same time, private 5G is still largely a specialty technology, with perhaps its biggest initial advantage being in newer IoT devices.</li> </ul> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/UCLtahIJfYY?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Private 5G deployment considerations"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Private 5G deployment considerations</h2> <p>While each organization's requirements and deployment model of choice will drive the final topology of the private 5G setup, there are several topics and questions to keep in mind when considering private 5G. They include the following:</p> <ul class="default-list"> <li><b>Difficult locations.</b> Are there areas needing coverage in which it will be challenging to locate access points and antennas? Port operations and some large industrial sites are examples of scenarios that can require creative approaches to providing service with any wireless technology, including private 5G.</li> <li><b>Client onboarding.</b> Client devices must subscribe to a private 5G network the same way a new cell phone has to be onboarded to a public carrier. Who will do that work, and how will they keep up with it as devices are added and removed?</li> <li><b>End-to-end monitoring and troubleshooting.</b> The new private 5G network will likely be an extension of your existing LAN in some fashion. How will the whole thing be monitored and supported when trouble strikes? Will in-house staff get training on the private 5G side, and can you use your existing monitoring and logging tools?</li> <li><b>Expandability. </b>It's easy to design a network for today's needs, only to realize a year later that you painted yourself into a corner for expandability. Any private 5G implementation should satisfy current requirements but also easily accommodate new uses that might develop.</li> </ul> <p>Private 5G might seem exotic because it brings its own language and characteristics. At the same time, it's just another way of networking. For those who understand its advantages and limits, private 5G has a <a href="https://www.techtarget.com/searchnetworking/Enterprise-5G-Guide-to-planning-architecture-and-benefits">place in the enterprise</a>.</p> <p><i>Lee Badman is a network architect specializing in wireless and cloud technologies for a large private university. He's also an author and frequent presenter at industry events.</i></p> </section> A private 5G network can provide organizations with a powerful new option for their wireless environments. Here are the major requirements to consider before building one. https://cdn.ttgtmedia.com/rms/onlineimages/mobile_g871133984.jpg https://www.techtarget.com/searchnetworking/tip/How-to-build-a-private-5G-network-architecture Wed, 25 Feb 2026 09:00:00 GMT How to build a private 5G network architecture <p>Content-centric networking -- sometimes called named data networking -- is an information-based network architecture alternative to traditional IP networking. Content-centric networking shifts focus from where the content is stored to what the content is by decoupling information from its location and redefining where it resides.</p> <p>Eliminating location-based host-to-host communication yields business benefits for enterprises, especially those that transmit in-demand content such as high-quality videos, audio and images.</p> <p>CCN isn't new; the Palo Alto Research Center first introduced the concept in 2006 and issued the first release two years later. Today, it's <a target="_blank" href="https://www.cisco.com/c/dam/en_us/solutions/industries/docs/education/information-centric-networking-education.pdf" rel="noopener">an open source interoperable technology</a> and remains the focus of research, development and testing in many enterprises and other institutions.</p> <section class="section main-article-chapter" data-menu-title="Content-centric networking architecture"> <h2 class="section-title"><i class="icon" data-icon="1"></i><a name="_jw5jptjdh6ox"></a>Content-centric networking architecture</h2> <p>Traditional data packets carry source IP, destination IP and payload. Each IP address is tied to a device on the network. Routers use algorithms and tables to <a href="https://www.techtarget.com/searchnetworking/answer/Static-and-dynamic-routing">forward packets</a> toward a physical location. Neither the network nor the router knows about the actual content.</p> <p>In contrast, content-centric networks route information based on the name of the content -- called the named data object. CCN relies on two different packet types:</p> <ul class="default-list"> <li><b>Interest packet.</b> An interest packet is a type of request message with a name prefix and all the necessary information about the requested content packet. The job of the interest packet is to move through the network and request the content packet until the user request has been processed.</li> <li><b>Content packet.</b> A content packet carries content data, but with a cryptographic signature. This is analogous to data packets in traditional IP, but because none of the data packets in a content-centric network has an IP address. Each packet exhibits a unique label that specifies its type.</li> </ul> <p>CCN relies on the following three components:</p> <ul class="default-list"> <li>A content store.</li> <li>A pending interest table (PIT).</li> <li>A forwarding information base (FIB).</li> </ul> <p>All function at each node -- a server or a router.</p> <h3>Content store</h3> <p>The content store is <a href="https://www.techtarget.com/whatis/definition/caching">a router-level cache</a> that holds numerous content packets not by their addresses but by their names. In traditional IP, cache is optional at endpoints.</p> <p>When an information packet arrives at a node, the forwarding engine checks its content store for the content packet. If found, the node sends the content packet to the user through the gateway, the path the interest packet came from.</p> <h3>PIT</h3> <p>The forwarding engine uses PIT if the content store does not have the content packet it is searching for. PIT is a log of records of all forwarded interest packets that have not yet been satisfied.</p> <p>PIT checks for similar interest packets in the network. The forward engine diverts the content packet to the same route as previous interest packets. If the content store and PIT do not contain any information about the interest packet, the forwarding engine uses the FIB.</p> <h3>FIB</h3> <p>The FIB uses protocols and algorithms to perform routing at each node. It is a name-based routing table that provides general information about the current location of the content package. FIB maps content name prefixes on the longest prefix match, somewhat similar to IP routing.</p> <p>CCN uses a different set of protocols to retrieve content packets from the network. The same protocols perform additional tasks that make the network faster and secure.</p> </section> <section class="section main-article-chapter" data-menu-title="Content-centric networking implementation"> <h2 class="section-title"><i class="icon" data-icon="1"></i><a name="_shhey5pbihog"></a>Content-centric networking implementation</h2> <p>In content-centric networking, endpoints communicate through the content name data rather than IP addresses. Nodes forward interest packets based on name prefixes and return content messages. Data becomes independent of the location.</p> <p>Content-centric routing protocols fetch content packets and arrange them in the correct order for the user. Each node in a content-centric network must copy the information about every packet that travels through the network for future use.</p> <p>An interest packet arrives at every node in the network until it finds the respective content packet. A CCN forwarder runs a specialized program known as a forwarding engine. It is analogous to a traditional router that relies upon a microprocessor and storage.</p> <p>Content-centric networking supports native in-network content caching, hop-by-hop at each node. It is a major business benefit for IT leaders because native caching is not present in traditional IP networks. Teams are needed to set up an external cache system.</p> </section> <section class="section main-article-chapter" data-menu-title="ROI considerations of content-centric networking"> <h2 class="section-title"><i class="icon" data-icon="1"></i><a name="_opzaxetwx9hu"></a>ROI considerations of content-centric networking</h2> <p>Before deploying CCN, ensure it will offer a significant ROI. Otherwise, CCN implementation and maintenance can burn cash and yield results inferior to those of traditional networks.</p> <p>Enterprises should evaluate the following factors to ensure a CCN investment is worthwhile.</p> <h3>Business-case development</h3> <p>Enterprises must have a justification model for a content-centric network. Once they know why they want to implement CCN, the next steps are to assess operational costs, overhead and efficiency issues. Some enterprises choose to deploy CCN for small research projects, IoT clusters, edge computing environments and smart factories. CCN can be a good choice for startups as well.</p> <h3>Resource allocation</h3> <p>Estimate and allocate resources for phased CCN deployment. IT budgets include hardware upgrades, caching infrastructure, software deployment and staff training. Don't ignore testing and maintenance costs.</p> <h3>Risk assessment</h3> <p>Traditional IP is supported by a huge and diverse vendor community. That's not the case for CCN, however. Enterprises interested in CCN should consider a risk assessment framework. Identify, evaluate and document potential risks to help IT teams prepare mitigation strategies and avoid management complexity.</p> <h3>Budget implications</h3> <p>Cache -- a key ingredient in CCN -- is a major contributor to increased IT budgets. A large cache size can accommodate more content, but deployment costs skyrocket. On the other hand, a smaller cache results in less content volume. A tradeoff exists between the cache size and deployment costs. PIT and FIB track many moving content objects in the network. Despite offering various advantages, PIT and FIB tables pose problems for computational power, memory allocation and costs. PIT and FIB maintenance is another issue.</p> <h3>Cost-benefit analysis</h3> <p>CCN offers a variety of benefits -- such as network caching, reduced latency and increased security -- but these upsides must be balanced against the costs of deploying the technology. One way around this is to evaluate recent experiments that achieve scalability by using smaller tables that list anonymous interests rather than heavy tables.</p> </section> <section class="section main-article-chapter" data-menu-title="Advantages of content-centric networking"> <h2 class="section-title"><i class="icon" data-icon="1"></i><a name="_5tp0h6bf5i4d"></a>Advantages of content-centric networking</h2> <p>IT leaders are interested in CCN because its unique features can optimize network performance, particularly for enterprises whose customers and users view large-content video and audio files. In these cases, copied content files speed up the users' experience. Caching handles temporary spikes in demand and keeps a door open for future requests.</p> <p>CCN offers several benefits that improve network performance.</p> <h3>Reduced latency</h3> <p><a name="_2jm6c3tzhvx"></a>In a traditional IP network, the source address is key. Content-centric networks, on the other hand, make content available and accessible at multiple nodes in the network, not just the server. Intermediate caching <a href="https://www.techtarget.com/searchnetworking/definition/Routing-Information-Protocol">reduces hop count</a>. Multiple users can access the same nearby node to obtain the content rather than having their requests routed to servers that might not be nearby.</p> <h3>Traffic management<a name="_x2m033brwmbp"></a></h3> <p>In the wake of increased demand, traditional networks juggle multiple repetitive requests from packets, <a href="https://www.techtarget.com/searchnetworking/answer/What-are-the-3-most-common-network-issues-to-troubleshoot">resulting in congestion</a>. CCN uses interest aggregation -- where only a single interest packet is forwarded for the same request. The rest are collapsed into a single request. Forwarding single requests eliminates duplicate traffic over long-distance links. The result is reduced bandwidth consumption and a lower likelihood of congestion.</p> <h3>Load distribution</h3> <p>Content-centric networks distribute loads more efficiently than traditional networks, where the original server bears most of the load. <a name="_duepj7ka3tla"></a>Content stores and intermediate nodes function as mini-servers, managing multiple requests, especially for popular content.</p> <h3>Improved network performance</h3> <p><a name="_8mzh0zq8ace4"></a>FIB shares the current location of the content on the internet rather than the original host address. Content can be cached at multiple nodes, and interests can be aggregated.</p> <h3>Low redundancy</h3> <p><a name="_xo3s1l42kk8s"></a>PIT consists of unsatisfied entries of interest packets. Once content is returned, the entry is deleted to avoid redundancy within the network. In addition, interest satisfaction rate must be tracked. A high interest satisfaction rate indicates better network performance.<a name="_qjavasg6ix6t"></a></p> <h3>Data encryption</h3> <p>In addition to content data, each content packet is returned with its <a href="https://www.techtarget.com/searchsecurity/definition/digital-signature">cryptographic signature.</a> In traditional IP networks, another protocol encrypts routing paths. CCN safeguards individual data packets, independent of its routing path.</p> <h3>Reduced loss<a name="_9im7mttf4xli"></a></h3> <p>Traditional IP wireless networks can lose information. If a packet is lost in a content-centric network, nearby nodes do not need to request the source. Instead, they can use copies of the packet -- retained in their content store database -- for retransmission.</p> <h3>Accessibility</h3> <p>Because content can be stored throughout a content-centric network -- each node holds a copy of the content, reducing error rates -- information is more accessible.</p> <h3>Bandwidth optimization<a name="_yezuy3mwzm9"></a><a name="_vmdaf2aduqfz"></a></h3> <p>PITs group interest packets with similar features. A single node can route all the traffic for a given interest, thereby reducing the bandwidth required to satisfy each content request. Keeping track of the bytes that no longer have to be transmitted using longer paths helps organizations understand the real-time benefits of CCN.</p> <h3><a name="_8waoilosaxra"></a>Best practices for content-centric networking migration</h3> <p>CCN was developed to support IP networks; the best adoption practice isn't to replace the existing IP network, but to integrate CCN where it makes sense. Before implementation, however, enterprises should evaluate some essential principles for successful CCN migration.</p> <h3>Organization readiness</h3> <p>Assess if the enterprise is ready for CCN. Storage capacity must be expanded to support widespread caching, PIT and FIB. Network teams must learn to build a hierarchical naming schema, configure PIT and FIB, and perform interest forwarding. Data-level encryption and the need for verification make network security knowledge mandatory. Because CCN is relatively new, senior staff might lack expertise. Targeted training is a must.</p> <h3>Hybrid network infrastructure</h3> <p>Traditional IP and content-centric networking is interoperable; CCN's functionalities overlap with IP layers and run on existing hardware. For example, some enterprises run name-based networking over Ethernet, Wi-Fi and cellular links. Interest and content packets can be encapsulated into TCP/IP and the User Datagram Protocol.</p> <h3>High-redundancy applications</h3> <p>Content-heavy sites use content delivery networks -- networks of geographically dispersed servers -- to speed up the transmission of information to users. CCN can establish CDNs for enterprises using the <a href="https://www.techtarget.com/searchnetworking/definition/Network-layer">networking layer of the OSI.</a></p> </section> <section class="section main-article-chapter" data-menu-title="Content-centric networking security"> <h2 class="section-title"><i class="icon" data-icon="1"></i><a name="_cptvfqdbqbz9"></a><a name="_6lpi5bmmzeyh"></a>Content-centric networking security</h2> <p>Content-centric networks are prone to attacks unseen in traditional networking. Enterprises must be aware of the potential security threats of CCN and ways to mitigate them.</p> <h3>Mandatory data signing</h3> <p>CCN professionals must verify cryptographic signatures against a third-party record to confirm the content's origin. Hackers use forged keys to sign. Continuous certification programs are required to mitigate such attacks.</p> <h3>Cache security</h3> <p>Content-centric networks have unique <a href="https://www.techtarget.com/searchsecurity/definition/cache-poisoning">cache poisoning</a> and spoofing specific to them. Hackers produce misleading content and use malicious nodes in the network to distribute corrupted content. To combat these attacks, institute a strategy of encrypted name components, content authentication systems and strict naming schemes.</p> <h3>Flooding detection</h3> <p>Interest flooding attacks, where hackers send large numbers of interest packets with unsatisfiable requests, mimic classic DoS attacks. Hackers trick the cache, exhaust PIT entries and manipulate FIB-based prefixes to increase upstream traffic and reduce bandwidth. Set threshold limits for PIT and FIB. Enable automatic alert generation for abnormal values. Other options include satisfaction-based suppression and access control strategies.</p> </section> <section class="section main-article-chapter" data-menu-title="Content-centric networking optimization"> <h2 class="section-title"><i class="icon" data-icon="1"></i><a name="_3voi39ghfi76"></a>Content-centric networking optimization</h2> <p>There are no universal optimization guidelines for content-centric networks. However, enterprises can focus on improving the performance of the content store, PIT and FIB to ensure overall network performance.</p> <h3>PIT and FIB management</h3> <p>Overflow in PITs and FIBs physically manifests as network congestion, high latency, dropped interest packets and memory stress. Use timeouts on interest packets and aggregate them more. Another manual fix is to monitor memory and storage for PIT and FIB.</p> <h3>Caching strategies</h3> <p>Caching impacts content-centric networking costs. Based on high-redundancy workflows, algorithms cache content based on interest frequency and recency. Maintain a high cache hit ratio in content-centric networks.</p> <h3>Latency reduction</h3> <p>Modern algorithms reduce latency in IoT-based content-centric networks by strategically storing the content in a node that lies nearest to the IoT device.</p> <h3>SDN</h3> <p>Integrating SDN with CCN enables dynamic and optimized control in forwarding interests and content object storage.</p> <p><i>Venus Kohli is an engineer turned technical content writer, having completed a degree in electronics and telecommunication at Mumbai University in 2019. Kohli writes for various tech and media companies on topics related to semiconductors, electronics, networking, programming, quantum physics and more.</i></p> </section> Content-centric networking gives enterprises an alternative to traditional IP networking, introducing new ways to enhance performance and improve overall efficiency. https://cdn.ttgtmedia.com/rms/onlineimages/mobile_g1267081443.jpg https://www.techtarget.com/searchnetworking/tip/Explore-the-business-benefits-of-content-centric-networking Mon, 26 Jan 2026 17:00:00 GMT Explore the business benefits of content-centric networking <p>Now that 2026 is here, many networking professionals will look back at what transpired over the past year. How can the industry better support organizations with enterprise networking, particularly with the overwhelming pressure to deliver AI and ROI? How can network teams address these challenges?</p> <p>I have a few ideas based on research I've conducted, as well as feedback from both practitioners and the vendor community. These are not presented in any particular order, so network professionals should pick the ones that are most relevant for them.</p> <section class="section main-article-chapter" data-menu-title="Focus on networking for AI inference"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Focus on networking for AI inference</h2> <p>AI will continue its <a href="https://www.techtarget.com/searchenterpriseai/tip/AI-topics-that-enterprise-leaders-need-to-know">rapid evolution in 2026</a>. A year ago, it was hard to tell how much effort and energy might be spent on building specialized networks to support GPU training clusters versus the widespread use of AI across the enterprise. </p> <p>The past year has provided some clarity, however, with the bulk of training happening in the cloud and the plan for distributed inference now taking center stage. That means preparing networks for increased <a href="https://www.techtarget.com/searchdatamanagement/opinion/AIs-appetite-for-data-is-changing-data-requirements">data collection to feed the AI engines</a> and decreased latency to tighten analysis and action loops. For many, this will be a key reason to take refreshes and upgrades seriously this year, from the data center to the campus and branch.</p> <p>Wi-Fi 7 and private 5G are poised to optimize the access layer, and core networking capacities continue to improve, augmented by a growing number of network devices that embed data processing units to facilitate distributed inference. </p> </section> <section class="section main-article-chapter" data-menu-title="Proactive networking might be real"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Proactive networking might be real</h2> <p>Networking teams have long desired proactive networking, but it has been impractical for many. Machine learning operations and AIOps promised to fix this, but NetOps teams are still stuck in break-and-fix reactive modes, largely because of the unique <i><a target="_blank" href="https://lostintransit.se/2018/07/12/snowflake-networks/" rel="noopener">snowflake </a></i><a target="_blank" href="https://lostintransit.se/2018/07/12/snowflake-networks/" rel="noopener">nature</a> of each enterprise network. </p> <p>That might change with the arrival and early successes of agentic AI, which can spend time recognizing anomalies and tracking them to determine if they are worthy of action. Even better, AI agents can look up and recommend potential corrective actions because AI can navigate knowledge bases.</p> <p>In 2026, network professionals should watch what vendors plan to do with generative and agentic AI. The potential is there, and 2026 might be the time to see if these technologies can make a difference in the network.</p> </section> <section class="section main-article-chapter" data-menu-title="Gauge progress on network automation"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Gauge progress on network automation</h2> <p>The quest to automate networks has been picking up steam over the past few years, driven by infrastructure as code and DevOps initiatives that are transforming the application development landscape. Efforts of organizations like the Network Automation Forum are helping, bringing together like-minded networking professionals to share best practices and build consensus on how to make progress.</p> <p><a href="https://www.techtarget.com/searchnetworking/tip/How-to-use-network-automation-to-ease-cloud-integration">Cloud networking is already largely automated</a>, as are most virtual networks for supporting virtual compute and container environments. But traditional campus, branch and data center networks have been less compliant, in part due to the lack of standard network OSes and well-formed APIs.</p> <p>Two evolutionary changes offer hope of overcoming the barriers:</p> <ol class="default-list"> <li>Agentic AI's Model Context Protocol as a facilitated alternative to APIs.</li> <li>The nascent migration of SONiC out of the cloud-scale operator environments and into the enterprise.</li> </ol> <p>Networking professionals without that understanding or who consider the programming skills gap too big to cross should check out the many well-established, proven network automation platforms that commercial vendors have been steadily modernizing to fit into today's dynamic environments.</p> </section> <section class="section main-article-chapter" data-menu-title="Stick your nose into Kubernetes"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Stick your nose into Kubernetes</h2> <p>The latest iteration of virtual networking is growing fast within container orchestration environments, namely Kubernetes. This is not a new topic, however. Kubernetes-based environments are now being deployed in production and at scale.</p> <p>That progression leads to the typical challenges of scaling networks, including load balancing, DNS, IP address management, security and more. The cloud-native community has made progress on addressing these challenges, but we are now seeing mainstream networking and infrastructure vendors taking notice and entering the mix.</p> <p>For example, we saw the likes of Cloudflare, Fastly and HAProxy showing up at KubeCon, and Nutanix and Avi Networks -- part of VMware, owned by Broadcom -- announcing specific Kubernetes adaptations. It might be worth exploring Kubernetes and lending a hand with adaptations, as network teams might be expected to support it in the production environment.</p> </section> <section class="section main-article-chapter" data-menu-title="Take another look at enterprise 5G"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Take another look at enterprise 5G</h2> <p>Much of the historical market focus around 5G has been on the consumer side. However, the advent of complete 5G service architectures, known as <a href="https://www.techtarget.com/searchnetworking/definition/5G-standalone-5G-SA">standalone 5G</a>, brings more advanced capabilities that make this a viable alternative to enterprise access networking.</p> <p>For example, the private networking options now available that use network slicing along with significant improvements in bandwidth and performance, as well as a growing array of embedded security features, should make 5G SA interesting.</p> <p>Many mobile network operators are making steady progress in this area. Mobile network coverage and signal strength can be a limiting factor, so this makes the most sense where 5G coverage is well established, although integrated non-terrestrial (satellite-based) options are now joining the mix to extend 5G connectivity to just about every corner of the globe.</p> </section> <section class="section main-article-chapter" data-menu-title="Get serious about NetSecOps"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Get serious about NetSecOps</h2> <p>There have always been close parallels between the operational monitoring and management technologies used by NetOps and those used on the network side of SecOps. </p> <p>The first time I studied this topic, almost 15 years ago, I found high degrees of ad hoc collaboration between NetOps and SecOps were the rule rather than the exception, even back then. Such collaboration has deepened and looks to continue doing so going forward. </p> <p>A September 2025 Omdia <a target="_blank" href="https://omdia.tech.informa.com/om139251/research-report-networking-and-security-convergence" rel="noopener">study</a> on networking and security convergence by myself and a colleague revealed that a third of organizations have already established a single unified team for procuring, deploying and managing networking and security tools and technologies. Another 40% were in the process of unification. In the same study, 95% of participants said converging network and security technologies and processes was a top IT priority.</p> <p>Both sides of the house agree that striking an important balance between network security and network performance is necessary, and the best way to get there is to sit at the same table. If you aren't looking at this already, it's time. In fact, it's past time.</p> <p><em>Jim Frey covers networking as principal analyst at Omdia.</em></p> <p><em>Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.</em></p> </section> As 2026 begins, leaders must rethink enterprise networking to meet AI and ROI demands. Focus areas include AI-ready infrastructure, automation, and network and security alignment. https://cdn.ttgtmedia.com/rms/onlineimages/collab_a186832700.jpg https://www.techtarget.com/searchnetworking/opinion/networking-resolutions-for-2026 Wed, 07 Jan 2026 10:00:00 GMT 6 networking resolutions for 2026 <p>The most dominant theme from AWS re:Invent 2025, as expected, focused on AI. Discussions centered on new AI services, an agent development platform environment, code translators and more. But, over in the corner, out of the limelight but not unworthy of note, were several announcements related to enterprise networking.</p> <p>AWS brought forward new capabilities, both large and small, that will drive a pivotal shift in how enterprises approach cloud and multi-cloud connectivity. These developments underscore the growing importance of seamless, secure and efficient networking services in <a href="https://www.techtarget.com/searchcio/tip/How-to-build-a-digital-transformation-roadmap-in-6-steps">enabling digital transformation</a>.</p> <section class="section main-article-chapter" data-menu-title="The multi-cloud elephant in the room"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The multi-cloud elephant in the room</h2> <p>For much of AWS's history, it opted against the idea that customers needed to collaborate with other cloud providers for services. This was despite the fact that most enterprises use two or more cloud providers on a consistent basis, leading to a whole niche industry devoted to making multi-cloud connectivity practical and consistent.</p> <p>However, at AWS re:Invent 2025, AWS was more open to multi-cloud than ever after years of resistance. It was a talking point during the <a href="https://aws.amazon.com/about-aws/whats-new/2025/11/preview-aws-interconnect-multicloud/">announcement of AWS Interconnect</a>, a new family of managed network services designed to simplify private connectivity to and across cloud environments.</p> <p>The flagship offering, Interconnect - multicloud, was launched in collaboration with Google Cloud's Cross-Cloud Interconnect. This service enables enterprises to establish private, high-speed, MACsec-encrypted connections between VPCs in AWS and Google Cloud regions through a fully managed provisioning process that completes in minutes.</p> <p>Key features of Interconnect - multicloud include the following:</p> <ul class="default-list"> <li><b>Quad-redundant infrastructure.</b> Used for <a href="https://www.techtarget.com/searchdatacenter/definition/high-availability">high availability</a>, with pre-provisioned capacity across separate physical buildings.</li> <li><b>99.99% uptime.</b> Ensures reliability on the AWS portion of the connection.</li> <li><b>Open specification for multi-cloud networking</b>. Published on GitHub, which enables other cloud providers to adopt the architecture.</li> </ul> <p>This new offering eliminates the need for customers to procure and manage their own circuits, routers, cross-connects or third-party fabrics, significantly reducing supply chain and operational complexity. By shifting routing, failover and provisioning into a cloud-operated model, AWS plans to deliver hyperscale-grade resiliency as a shared service, making it accessible even to organizations with limited networking expertise.</p> </section> <section class="section main-article-chapter" data-menu-title="Simplifying cloud access connectivity"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Simplifying cloud access connectivity</h2> <p>The second piece of the Interconnect family, Interconnect – last mile, aims at simplifying the effort and cost of establishing network access to cloud-based VPCs from premises locations. The focus is on making this process a straightforward service request within the AWS Console, providing flexible connectivity between 1-100 gigabits per second (Gbps).</p> <p>The heavy lifting, such as <a href="https://www.techtarget.com/searchnetworking/tip/How-to-set-up-a-VLAN-for-enterprise-networks">configuring virtual LANs,</a> autonomous system numbers and Border Gateway Protocol peering, will be orchestrated through integrated, automated provisioning coordination between AWS and the local business ISP.</p> <p><a name="_Hlk216423437"></a>The first partner working with AWS is Lumen, but AWS is publishing a standard API for any local service provider to adopt it.</p> </section> <section class="section main-article-chapter" data-menu-title="Accelerating hybrid networking"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Accelerating hybrid networking</h2> <p>AWS also announced several broader enhancements to hybrid networking, making it faster and easier to deploy. Key updates include site-to-site VPNs and direct site-to-site VPNs.</p> <ol class="default-list"> <li><b>Site-to-site VPNs.</b> Supports speeds of up to 5 Gbps, paving the path for faster data transfers between on-premises and cloud environments.</li> <li><b>Direct site-to-site VPN</b>. Integrates with Eero devices to simplify distributed site management and improve disaster recovery capabilities.</li> </ol> <p>These advancements are particularly relevant for those managing hybrid environments, as they reduce the time and effort required to establish secure, high-speed connections between on-premises infrastructure and cloud resources.</p> </section> <section class="section main-article-chapter" data-menu-title="The path to industry standardization"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The path to industry standardization</h2> <p><a name="_Hlk216436748"></a><a name="_Hlk216436854"></a>The partnership with Google Cloud is a strong start, but the true potential of AWS Interconnect - multicloud lies in its ability to integrate with other major cloud providers, such as Microsoft Azure, which has already expressed commitment to join the program in 2026.</p> <p><a name="_Hlk216435780"></a>With Azure's inclusion, the three major cloud providers will all participate in the Interconnect - multicloud framework, which will cover a significant majority of multi-cloud networking needs in North America. As additional providers adopt the open specification, enterprises will benefit from greater path diversity, improved resiliency and a more fully unified approach to multi-cloud networking.</p> <p>The full potential of AWS Interconnect - last mile will take longer, as each local service provider must come on board with automated provisioning. AWS hopes its customers -- and eventually the market as a whole -- will drive this process, as local ISPs begin to view the service as a necessary requirement rather than a competitor. </p> <p>The AWS networking announcements at re:Invent mark a significant evolution, with the potential to reshape how enterprises <a href="https://www.techtarget.com/searchcloudcomputing/definition/cloud-architecture">design and operate cloud access and multi-cloud architectures</a>. By delivering simplified, high-performance connectivity tools, AWS addresses current challenges and sets the stage for a future where multi-cloud networking is as seamless and reliable as single-cloud operations. These innovations represent an opportunity to accelerate digital transformation while reducing complexity and cost for enterprises of all sizes.</p> <p><i>Jim Frey covers networking as principal analyst at Omdia.<br><br>Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.</i></p> </section> AWS re:Invent 2025 introduced Interconnect - multicloud, a platform aimed at simplifying multi-cloud and hybrid networking and enabling secure, high-speed connectivity. https://cdn.ttgtmedia.com/rms/onlineimages/cloud_g943065362.jpg https://www.techtarget.com/searchnetworking/opinion/AWS-reInvent-2025-signals-a-shift-in-multi-cloud-networking Fri, 12 Dec 2025 15:30:00 GMT AWS re:Invent 2025 signals a shift in multi-cloud networking <p><a name="_Hlk213857789"></a>Fast forward three years, and the world's largest AI clusters will be largely built on Ethernet. <br><br>That's the claim Broadcom made during a presentation at ONUG's Fall 2025 AI Networking Summit. Broadcom, alongside other major companies such as Cisco, Meta and Nvidia, is collaborating <a target="_blank" href="https://www.opencompute.org/blog/introducing-esun-advancing-ethernet-for-scale-up-ai-infrastructure-at-ocp" rel="noopener">on</a> Ethernet for Scale-Up Networking (ESUN). Their goal is to advance Ethernet in the growing scale-up domain for AI systems.</p> <p>Learn why Ethernet can help companies prepare for the rapid expected <a href="https://www.techtarget.com/searchnetworking/feature/Overview-of-the-AI-maturity-model-in-networking">growth of AI networks</a>.</p> <section class="section main-article-chapter" data-menu-title="The network demands of AI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The network demands of AI</h2> <p>According to a <a target="_blank" href="https://www.mckinsey.com/industries/technology-media-and-telecommunications/our-insights/the-cost-of-compute-a-7-trillion-dollar-race-to-scale-data-centers" rel="noopener">McKinsey</a> report from April 2025, infrastructure investors are planning to add 124 gigawatts of compute capacity to data centers between 2025 and 2030. OpenAI aims to contribute to 20% of this capacity alone over the next five years, a capacity that translates to roughly 75 million eXponential Processing Units (XPUs) -- <a href="https://www.techtarget.com/searchdatacenter/tip/How-do-CPU-GPU-and-DPU-differ-from-one-another">GPUs, Tensor Processing Units and other custom accelerators</a> -- deployed over the next five years. <br><br>This amount of compute is necessary driven by the increasing complexity of<b> </b>large language models. LLMs have an increasing number of parameters, but are also becoming <a href="https://www.techtarget.com/searchenterpriseai/definition/multimodal-AI">multimodal</a>, and incorporating processing-intensive capabilities such as memory and reasoning. <br><br>In addition, networks will play an increasingly important role in this buildout. At scale, machine learning requires connecting potentially millions of disparate XPUs together to build large superclusters. Networks provide the glue -- the load balancing, congestion control and failure mechanisms -- to enable efficient job completion times for these systems that draw on <a href="https://www.techtarget.com/searchdatacenter/news/366627578/Meta-Google-unveil-massive-AI-data-center-investment-plans">massive superclusters</a>.</p> <p>"The network is the supercomputer in AI infrastructure," said Hasan Siraj, head of software products and ecosystem at Broadcom.</p> </section> <section class="section main-article-chapter" data-menu-title="Dimensions of scale in AI networks"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Dimensions of scale in AI networks</h2> <p>AI networks have <a href="https://www.techtarget.com/searchstorage/tip/Differences-in-scale-up-vs-scale-out-storage">three scaling methods</a>:</p> <ol class="default-list"> <li>Scale up.</li> <li>Scale out.</li> <li>Scale across.</li> </ol> <p>Each type presents different requirements and challenges.</p> <h3>Scale-up networks</h3> <p>Scale-up network configurations house approximately 100 XPUs within a single rack. All accelerators are directly connected and can access each other's memory instantly. This creates a one-hop network where one XPU can access another's memory with minimal latency.<br><br>Key requirements for scale-up include high networking bandwidth, efficient data transfer and reliable transport protocols. The aggregate bandwidth of high-bandwidth memory modules is expected to increase significantly over the next few years.</p> <h3>Scale-out networks</h3> <p>Scale-out networks connect multiple scale-up racks together, potentially linking thousands of XPUs within a single data center. The architecture gets more complex at this stage, especially when <a href="https://www.datacenterknowledge.com/build-design/unlocking-efficiency-the-advantages-of-multi-story-data-centers">moving from a two-tier to a three-tier network</a>. This makes load balancing and congestion control extremely difficult.</p> <p>Two-tier architectures have significant advantages over three-tier architectures. Benefits of two-tier architectures include the following:</p> <ul class="default-list"> <li>Fewer optical transceivers required.</li> <li>Lower latency.</li> <li>Higher reliability.</li> <li>Better performance.</li> <li>Lower power consumption.</li> </ul> <p>The increased complexity of three-tier architectures creates various challenges. Drawbacks of three-tier architectures include the following:</p> <ul class="default-list"> <li>More optical transceivers needed.</li> <li>Higher latency -- five hops instead of three.</li> <li>Three times the number of switches.</li> <li><a href="https://www.techtarget.com/searchnetworking/answer/What-are-the-3-most-common-network-issues-to-troubleshoot">More link failures</a>.</li> <li>Increased power consumption.</li> </ul> <h3>Scale-across networks</h3> <p>A 10-megawatt data center can house approximately 6,000 XPUs. Larger clusters require lossless connections between multiple data center buildings through scale-across implementations. Scale-across demands switches capable of de-buffering and <a href="https://www.techtarget.com/searchnetworking/news/366619009/Cisco-launches-Smart-Switches-with-AMD-DPUs-for-security">line-rate encryption</a> to maintain performance across facilities.</p> </section> <section class="section main-article-chapter" data-menu-title="Benefits of Ethernet for AI scale-up"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Benefits of Ethernet for AI scale-up</h2> <p>Many large hyperscalers rely on Ethernet today due to its many benefits. Advantages of Ethernet include the following:</p> <ul class="default-list"> <li><b>Open architecture.</b> Ethernet is an open, standards-based technology managed and maintained by the IEEE and other standards bodies in a large ecosystem. This both encourages innovation and prevents vendor lock-in. Ethernet has standards at every layer of the stack to enable scale-up networking. Organizations that want to incorporate their own memory semantics and scheduling.</li> <li><b>Reliability.</b> Modern Ethernet technologies minimize the risk of downtime by implementing significant congestion management and <a href="https://www.techtarget.com/whatis/definition/flow-control">flow control</a> mechanisms for lossless communication.</li> <li><b>Low latency.</b> Modern high-speed Ethernet technology -- 400 gigabits per second (Gbps) and 800 Gbps -- has the features -- such as cut-through switching and precision latency management -- to <a href="https://www.computerweekly.com/news/366614397/AI-drives-more-Ethernet-everywhere">meet the demands of AI networks</a>.</li> <li><b>Efficiency.</b> Ethernet is power- and cost-efficient. It's also flexible, enabling backward compatibility and the use of various media such as copper or fiber optics.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Ethernet scale-up networking development"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Ethernet scale-up networking development</h2> <p>ESUN is helping create standards for scale-up networking development. These specifications outline the principles for designing high-performance, open, large-scale <a href="https://www.lightreading.com/data-centers/optimizing-ai-data-center-infrastructure">AI data center infrastructure</a>. ESUN focuses on this development by addressing the following two key points:</p> <ul class="default-list"> <li><b>Network functionality. </b>Focuses on how traffic is sent across network switches, including lossless data transfer, error handling and protocol headers.</li> <li><b>XPU-endpoint functionality.</b> Focuses on designing aspects of XPUs that are often tightly coupled to XPU architecture, such as workload partitioning, memory ordering and load balancing. Within ESUN, the SUE-Transport workstream aims to work on this endpoint functionality.</li> </ul> <p>By addressing these areas of functionality, ESUN enables the following:</p> <ul class="default-list"> <li>Technical collaboration between operators and manufacturers.</li> <li><a href="https://www.telecoms.com/network-software/how-interoperability-will-define-network-infrastructure-in-2025">Interoperability</a> of CPU network interfaces and Ethernet switch application-specific integrated circuits.</li> <li>Resilient, lossless single-hop and multi-hop components.</li> <li>Standards and best practices that align with other bodies, such as the Ultra-Ethernet Consortium and IEEE 802.3.</li> <li>Adoption across the industry through Ethernet's mature ecosystem.</li> </ul> <p>If 75 million XPUs emerge in the next five years, they are unlikely to come from a single company -- the market will have some diversity. Some hyperscalers are building their own XPUs, for example. Ethernet promises to enable this diversity and <a href="https://aibusiness.com/it/ethernet-s-open-ecosystem-unlocks-the-ai-infrastructure-supply-chain">innovation in the AI infrastructure industry</a>.</p> <p><i>Ben Lutkevich is a site editor for Informa TechTarget. Previously, he wrote definitions and features for WhatIs.</i></p> </section> Demands for data center and networking capacity for AI are likely to surge. Learn why AI providers are collaborating on Ethernet technology to support this growth. https://cdn.ttgtmedia.com/rms/onlineimages/storage_g1197646065.jpg https://www.techtarget.com/searchnetworking/feature/Ethernet-scale-up-networking-powers-AI-infrastructure Wed, 12 Nov 2025 17:00:00 GMT Ethernet scale-up networking powers AI infrastructure <p>AI can't exist without network engineering.</p> <p>Everything in today's world runs on the network; it's the backbone of the digital economy. However, the network can't remain stagnant -- it must <a href="https://www.techtarget.com/searchnetworking/feature/AI-adoption-in-networks-is-the-norm-despite-its-infancy">incorporate new technologies such as AI</a> to remain functional. Network engineers must be active contributors, not just spectators of industry change. Given the pace at which AI evolves, those who don't continuously learn will be left behind.</p> <p>Not everyone can afford expensive hardware for daily training. Building a virtual lab, then, is crucial for skill upkeep. <a href="https://www.techtarget.com/searchnetworking/answer/Network-simulation-vs-emulation-Whats-the-difference">Simulation and emulation tools</a> enable network engineers to practice, upskill and stand out in the highly competitive tech industry.</p> <p>Future-ready networking environments require specialized virtual labs to fully harness AI's capabilities. These labs must offer enhanced hardware, dynamic topologies and AI-driven testing. By implementing these strategies, network professionals can effectively include AI in their infrastructure.</p> <section class="section main-article-chapter" data-menu-title="Virtual lab capabilities in the AI era"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Virtual lab capabilities in the AI era</h2> <p>Virtual labs provide an excellent way for network administrators to simulate various scenarios. This enables them to view how different conditions can influence the network, especially as AI integration deepens in the network. However, as networks grow more complex, virtual labs haven't kept pace with advancements. The range of complex features virtual labs can support is currently limited.</p> <h3><a name="_n1oveb6tv5i1"></a>Supported capabilities</h3> <p>Virtual network labs can support some AI or AI-adjacent capabilities. They enable several capabilities, including the following:</p> <ul class="default-list"> <li><b>Network automation. </b>Handles basic <a href="https://www.techtarget.com/searchnetworking/definition/network-automation">network automation</a>, such as scripted configurations and rule-based policies.</li> <li><b>Traffic simulation.</b> Simulates network traffic, but only with limited-scale synthetic data generation.</li> <li><b>Network performance monitoring.</b> Monitors network performance, including latency and throughput metrics, in standard labs.</li> </ul> <h3><a name="_oo9a2qts6z2z"></a>Unsupported capabilities</h3> <p>However, despite their benefits, virtual network labs are difficult to use in the AI era. They can't keep up with AI's rapid innovation velocity and the variety of available technologies. They are limited by technical constraints and generally lack built-in <a href="https://www.techtarget.com/searchnetworking/tip/Building-networks-for-AI-workloads">support for AI and data-intensive workloads</a>.</p> <p>Drawbacks of virtual network labs include the following:</p> <ul class="default-list"> <li><b>Inability to emulate AI-driven traffic. </b>Simulating complex and dynamic traffic patterns generated by AI applications is beyond the scope of most traditional labs.</li> <li><b>Absence of AI-specific tools. </b>Frameworks such as CUDA, PyTorch or TensorFlow lack data labeling and model training tools.</li> <li><b>Limited data processing.</b> Virtual labs often lack computational power and storage capacity, so they can't handle the massive datasets required to train AI models.</li> <li><b>AI model training.</b> Real-time <a href="https://www.techtarget.com/searchenterpriseai/tip/Explore-the-role-of-training-data-in-AI-and-machine-learning">AI/ML model training</a> requires GPU acceleration, which virtual labs don't typically have.</li> <li><b>Data generation.</b> Virtual labs can't handle large-scale synthetic data generation, which needs high-performance storage.</li> <li><b>Dynamic topology adaptation. </b>Dynamic topology adaptation for AI-driven network reconfiguration, which optimizes the network according to real-time conditions, isn't supported in virtual labs.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Redefine the lab architecture"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Redefine the lab architecture</h2> <p>Virtual lab architectures must adapt to include AI capabilities. Network administrators should incorporate specialized hardware and flexible, dynamic topologies.</p> <p>Some specialized hardware that AI virtual labs require includes virtual GPU integration and high-speed networking capabilities. Virtual GPU integration enables computational power allocation to specific virtual machines. Meanwhile, high-speed networking<b> </b>-- such as 100 Gbps Ethernet -- interfaces to connect compute and storage, preventing data transfer bottlenecks.</p> <p>Topology considerations include the following:</p> <ul class="default-list"> <li><b>Dynamic topology. </b>The lab must facilitate on-demand network topology creation and modification. This capability enables rapid construction and dismantling of various network scenarios for training and testing.</li> <li><b>Containerization.</b> Topologies that implement containers and orchestration tools such as Docker and Kubernetes <a href="https://www.techtarget.com/searchitoperations/tip/Benefits-of-containers-for-AI-workloads">help isolate and manage AI workloads</a>. This prevents interference with other lab functions.</li> <li><b>Integration with public cloud. </b>A hybrid architecture that integrates with public cloud providers -- such as AWS, Microsoft Azure and Google Cloud -- can provide access to specialized AI services and scalable resources that are too costly to maintain on-premises.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Evolve testing processes"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Evolve testing processes</h2> <p>The shift to an network lab with AI also requires a new approach to testing. AI-driven networks constantly learn and adapt. This necessitates a move toward continuous integration and continuous delivery pipelines for network changes. <a href="https://www.techtarget.com/searchnetworking/tip/How-to-implement-CI-CD-in-network-automation">CI/CD pipelines enable automated and continuous testing</a> for new models and configurations.</p> <p>A significant part of the testing process now involves validating the training data's quality and integrity. Poor data leads to poor model performance, so a focus on data validation is essential.</p> <p>Testing should go beyond the network on which the models operate. Develop specific tests to evaluate the AI model's performance. This includes testing for accuracy, bias and stability under different conditions.</p> </section> <section class="section main-article-chapter" data-menu-title="How to build an AI virtual lab"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to build an AI virtual lab</h2> <p>Use the following steps to build an AI virtual network lab.</p> <ol class="default-list"> <li><b>Define use cases.</b> Identify AI applications such as correlation and root cause analysis, as well as AI-augmented troubleshooting.</li> <li><b>Select tools.</b> To build virtual networks, use simulation and emulation platforms such as Cisco Modeling Labs, EVE-NG or Graphical Network Simulator-3.</li> <li><b>Provision hardware.</b> Ensure the virtual lab has GPU support and high-speed networking.</li> <li><b>Integrate AI frameworks.</b> Deploy AI frameworks, such as CUDA, PyTorch or TensorFlow.</li> <li><b>Test and optimize.</b> <a href="https://www.techtarget.com/searchnetworking/tip/How-to-test-changes-in-a-network-lab-environment">Validate AI models in simulated environments</a> before production.</li> </ol> </section> <section class="section main-article-chapter" data-menu-title="Best practices for AI virtual network labs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Best practices for AI virtual network labs</h2> <p>A network lab with AI should follow best practices to ensure smooth operation. Consider the following best practices when building a network lab.</p> <ul class="default-list"> <li><b>Automation.</b> Automation is key to managing an AI lab's complexity, from environment provisioning to testing and data management. Use <a href="https://www.techtarget.com/searchnetworking/tip/Ansible-vs-Terraform-vs-Vagrant-Whats-the-difference">automation tools</a> such as Ansible, Terraform and Python scripts.</li> <li><b>Security.</b> Implement strong security measures to protect sensitive data and AI models. This includes access control, data encryption and regular security audits.</li> <li><b>Monitoring.</b> Use <a target="_blank" href="https://www.gartner.com/reviews/market/infrastructure-monitoring-tools" rel="noopener">advanced monitoring tools</a> to track network and AI workload performance. Look for indicators such as GPU use, data pipeline bottlenecks and model inference latency.</li> </ul> <p>These best practices, along with appropriate architecture and processes, make for effective AI use in a virtual lab. AI is useful for innovating and managing future networks, but network professionals must first embrace these changes.</p> <p><a name="_3k2wfe5796p3"></a><i>Verlaine Muhungu is a self-taught tech enthusiast, DevNet advocate and aspiring Cisco Press author, focused on network automation, penetration testing and secure coding practices. He was recognized as a Cisco top talent in sub-Saharan Africa during the 2016 NetRiders IT Skills Competition.</i></p> </section> Network teams use virtual labs to test new network configurations and technologies. As AI integrates into networks, virtual labs must upgrade to handle their massive workloads. https://cdn.ttgtmedia.com/rms/onlineimages/disaster_recovery_a379640336.jpg https://www.techtarget.com/searchnetworking/tip/How-to-build-a-virtual-network-lab-in-the-AI-era Wed, 01 Oct 2025 16:45:00 GMT How to build a virtual network lab in the AI era <p>At this year's HPE Discover conference, it was clear that IT pros' demands for virtualization alternatives and infrastructure for AI have been heard.</p> <p>Here are three important facts from the event that IT leaders must be aware of as we enter the second half of 2025.</p> <section class="section main-article-chapter" data-menu-title="Demands for virtualization alternatives"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Demands for virtualization alternatives</h2> <p>When there is a massive uptick in demand, the vendor community will respond, though might take a few quarters.</p> <p>Since Broadcom <a href="https://www.techtarget.com/searchcloudcomputing/news/366591935/Broadcom-faces-challenges-with-latest-VMware-releases">adjusted VMware's licensing model</a> 18 months ago, many organizations have investigated potential alternatives. While some businesses have started to integrate alternative options, the majority of <a href="https://www.techtarget.com/searchvmware/news/366621112/VMware-dominance-remains-despite-challengers">organizations have decided to stand pat</a>.</p> <p>At HPE Discover, CEO Antonio Neri highlighted the availability of HPE Private Cloud Business Edition with <a href="https://www.techtarget.com/searchcloudcomputing/news/366623936/HPE-adds-Morpheus-Data-to-KVM-hypervisor-for-enterprises">HPE Morpheus VM Essentials</a>, specifically calling out the potential to save 90% on virtualization costs.</p> <p>Morpheus VM Essentials enables users to provision and manage HVM-based VMs, HPE's own hypervisor based on Kernel-based Virtual Machine, and VMware-based VMs from a single interface. With HPE Private Cloud Business Edition, HPE provides Morpheus VM Essentials as part of a private cloud built on the HPE Alletra disaggregated hyperconverged infrastructure platform.</p> <p><a href="https://www.techtarget.com/searchitoperations/news/366624593/Red-Hat-OpenShift-Virtualization-roadmap-chases-VMware">Red Hat</a>, Microsoft, Nutanix and Verge.io also provide <a href="https://www.techtarget.com/searchdatacenter/news/366618713/VMware-alternative-vendors-see-2025-as-year-to-make-a-mark">alternative hypervisor options</a>. If your organization is interested in diversifying its hypervisor environment, it is important to recognize that this space is evolving quickly. Keep an eye out, as additional alternatives are likely to emerge, and their capabilities should increase over the next several quarters.</p> <p>When evaluating alternatives, security, scalability and cost are all key concerns. But, more importantly, understand how easily an alternative can integrate into your existing environment, while also providing greater agility to meet future demands, such as supporting hybrid cloud options and container-based workloads.</p> </section> <section class="section main-article-chapter" data-menu-title="IT infrastructure for AI on the rise"> <h2 class="section-title"><i class="icon" data-icon="1"></i>IT infrastructure for AI on the rise</h2> <p>According to 2025 hybrid cloud research from Enterprise Strategy Group, now part of Omdia, 91% of organizations say they are making or planning to make significant infrastructure investments to support new AI initiatives. This new wave of investment in AI is transforming vendor roadmaps and priorities.</p> <p>One of the earliest signs of shifting vendor roadmaps appeared on the server side, with vendors adding the ability to integrate more GPU accelerators into a single system, such as the HPE Compute XD690, to improve the density of the deployment for training and inference. On the storage side, nearly every vendor now offers a high-performance, highly scalable storage option in their portfolios to support AI demands.</p> <p>HPE highlighted the HPE Alletra Storage MP X10000, which was <a href="https://www.techtarget.com/searchdatacenter/news/366615895/Object-storage-VM-offerings-emerge-for-HPE-GreenLake">announced late last year</a>. This storage infrastructure offers what you expect: a highly scalable, high-performance software-defined storage system that offers object storage services to support the anticipated large volumes of unstructured data required for AI training and inference. In addition to the foundational specifications, however, HPE adds the ability to integrate a prevalidated portfolio of generative AI models designed to tag the metadata of object data inline on ingest.</p> <p>Quality data is essential to success in AI. Prepping the data to identify and tag the right data to train or augment models is a complex and time-consuming activity. With the ability to integrate prevalidated models, the X10000 should help simplify the data preparation process to support internal AI projects. While a similar process could be done using external systems leveraging similar generative AI models, this integrated approach should simplify deployment and reduce network bandwidth once in place, since the tagging happens inline within the system itself.</p> <p>Beyond the X10000, HPE also announced a <a href="https://www.techtarget.com/searchenterpriseai/news/366626405/HPE-beefs-up-AI-factory-fueled-offerings-with-Nvidia-upgrades">new generation of its HPE Private Cloud AI</a>, which provides turnkey AI factory infrastructure for enterprise environments. Importantly, this technology can integrate with the previous generation of HPE Private Cloud AI.</p> <p>Given how new AI environments are, there is a question as to whether a turnkey approach with predefined configurations, which should make deployment simpler, is superior. Or is a more customized approach, which tailors the hardware to the use case, preferable for improving ROI? With that consideration in mind, HPE also offers options to deploy a more customized approach as well.</p> <p>For IT decision-makers investing in AI, the takeaway is that success requires more than a GPU investment. The way your organization manages its data environment to support the AI environment is a critical design factor in ensuring success in AI. As businesses become more mature in their use of AI, their needs will move beyond compute and storage.</p> </section> <section class="section main-article-chapter" data-menu-title="Networking essential for AI success"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Networking essential for AI success</h2> <p>In his keynote address, Neri listed networking, along with AI and hybrid cloud, as the three pillars of HPE's corporate strategy. The strategic importance of networking is likely fueling <a href="https://www.techtarget.com/searchnetworking/news/366626897/DOJ-clears-road-for-HPEs-14B-Juniper-Networks-acquisition">HPE's plans to acquire Juniper Networks</a> to augment its networking portfolio.</p> <p>Networking obviously plays a critical role in ensuring the distributed application environment operates properly. As organizations scale their internal AI initiatives, <a href="https://www.techtarget.com/searchnetworking/tip/Building-networks-for-AI-workloads">modernizing networking infrastructure</a> has become increasingly vital to ensuring that the surrounding data pipeline infrastructure -- storage and networking -- can support the needs of the accelerator technology. In your AI architecture investment plans, networking should be a critical consideration.</p> <p><i>Scott Sinclair is practice director with TechTarget's Enterprise Strategy Group, now part of Omdia, covering the storage industry.</i></p> <p><i>Enterprise Strategy Group is part of Omdia. Its analysts have business relationships with technology vendors.</i></p> </section> IT vendors continue to deliver VMware alternatives and expand infrastructure systems they offer to support enterprise AI workloads. https://cdn.ttgtmedia.com/visuals/digdeeper/2.jpg https://www.techtarget.com/searchdatacenter/opinion/Virtualization-alternatives-and-AI-Lessons-from-HPE-Discover Mon, 07 Jul 2025 11:51:00 GMT Virtualization alternatives and AI: Lessons from HPE Discover <p>Network as a service (NaaS) is a cloud model for delivering various network services virtually on a subscription basis.</p> <p>Configuring and operating network components, such as routers, protocols, <a href="https://www.techtarget.com/searchnetworking/definition/WAN-optimization-WAN-acceleration">wide area network optimizers</a>, firewalls and software-defined WAN (<a href="https://www.techtarget.com/searchnetworking/definition/SD-WAN-software-defined-WAN">SD-WAN</a>), can be time-consuming and complicated. With NaaS, a third-party provider handles those responsibilities and makes them available to enterprise customers.</p> <p>Depending on the provider, a NaaS subscription offers many services. Some providers have specific focus areas, such as ultrasecure connectivity, ultrasimple configuration, or services for mobile and temporary locations. Services common to NaaS infrastructures include the following:</p> <ul class="default-list"> <li>Network optimization.</li> <li>Network security.</li> <li>SD-WAN.</li> <li>Wireless networking.</li> <li>Virtual private network.</li> </ul> <p>NaaS essentially makes the network another utility the organization pays for, like electricity, water or heat. Small and medium-sized businesses are the classic NaaS buyers, especially those with no existing WAN investment. With the rise of many other as-a-service models in the past decade, larger organizations have also become more interested in NaaS.</p> <p>With NaaS, network teams manage the organization's network through a portal instead of a patchwork of network management tools and stacks of hardware. Users can add a new location to the organization's WAN by connecting it to the NaaS provider's nearest point of presence (<a href="https://www.techtarget.com/searchnetworking/definition/point-of-presence-POP">POP</a>) either directly through a leased line to a nearby data center or over the internet.</p> <section class="section main-article-chapter" data-menu-title="Benefits of NaaS"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Benefits of NaaS</h2> <p>One of the most appealing benefits of NaaS is cost efficiency. NaaS appeals to new business owners because it avoids much of the capital investment expenses for network hardware. This also simplifies network management and reduces the amount of staff time required to maintain the network. As a result, it reduces the level of training and skill required of staff.</p> <p>One of the <a href="https://www.techtarget.com/searchnetworking/feature/The-benefits-and-drawbacks-of-network-as-a-service">primary business concerns</a> of NaaS is resilience, which guarantees uptime to a location. SD-WAN technology addresses uptime concerns because it simplifies using multiple network links to provide connectivity to the NaaS backbone and other NaaS sites across the internet. SD-WAN also helps resolve traffic engineering concerns for demanding applications, such as <a href="https://www.techtarget.com/searchunifiedcommunications/definition/VoIP">voice over Internet Protocol</a>.</p> <p>Other NaaS benefits include the following:</p> <ul class="default-list"> <li><b>Scalability.</b> NaaS architectures are more scalable than traditional hardware networks. Organizations can simply purchase more capacity as the need arises.</li> <li><b>Flexibility. </b>Since NaaS networks are software-based, they offer greater customization than traditional hardware-based networks. This means networks can be vendor-neutral and teams can easily reconfigure them.</li> <li><b>Improved security.</b> NaaS providers can offer both network services and security services instead of teams having to purchase them separately. NaaS also offers faster access to newer technology, reducing security risks on legacy devices.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Additional NaaS considerations"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Additional NaaS considerations</h2> <p>Other NaaS concerns include how to deal with <a href="https://www.techtarget.com/searchitchannel/definition/service-level-agreement">service-level agreements</a> and compliance issues related to data sovereignty. There's also the question of who manages the last-mile connectivity that links each site to the nearest POP. The NaaS provider might handle this as part of the service, or the responsibility might fall on the customer.</p> </section> Network as a service (NaaS) is a cloud model for delivering various network services virtually on a subscription basis. https://cdn.ttgtmedia.com/visuals/digdeeper/3.jpg https://www.techtarget.com/searchnetworking/definition/Network-as-a-Service-NaaS Mon, 07 Jul 2025 09:00:00 GMT What is network as a service (NaaS)? <p>GSM (Global System for Mobile Communications) is a digital mobile communication standard applied widely in Europe and other parts of the world.</p> <p>Globally compatible, GSM is more popular than another 2G mobile standard: code-division multiple access (<a href="https://www.techtarget.com/searchnetworking/definition/CDMA-Code-Division-Multiple-Access">CDMA</a>), which is only available in a few countries. While CDMA is tied to a specific mobile phone and CDMA devices are locked to a specific carrier, GSM phones use subscriber identity module cards and can use different <a href="https://www.techtarget.com/searchmobilecomputing/definition/SIM-card">SIM cards</a> from different carriers. Carrier switching -- not possible with CDMA - is easy with GSM because of its flexibility.</p> <section class="section main-article-chapter" data-menu-title="How GSM works"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How GSM works</h2> <p>The evolution of wireless mobile telecommunications encompasses GSM, as well as High-Speed Circuit-Switched Data, General Packet Radio Service (<a href="https://www.techtarget.com/searchmobilecomputing/definition/GPRS">GPRS</a>), Enhanced Data rates for GSM Evolution (EDGE) and Universal Mobile Telecommunications Service (UMTS).</p> <p>GSM uses a variation of time-division multiple access (<a href="https://www.techtarget.com/searchnetworking/definition/TDMA">TDMA</a>) to subdivide a carrier frequency into different time slots. Typically, a 200 kilohertz radio channel is split into eight time slots. By separating the same bandwidth into multiple time slots, GSM enables multiple users -– typically eight to 16 -– to use that frequency for mobile communication.</p> <p>In each time slot, information is transferred in bursts. GSM digitizes and <a href="https://www.techtarget.com/searchstorage/definition/compression">compresses data</a> and then sends it down a channel with two other streams of user data, each in its own time slot. Several components of the GSM system carry out these activities:</p> <ul class="default-list"> <li><b>Mobile station (MS).</b> This is the cellphone that includes a SIM card, digital signal processor, radio transceiver and display. It initiates a call or data session.</li> <li><b>Base station subsystem (BSS). </b>This consists of the<b> base transceiver station (BTS) </b>and the <b>base station controller (BSC)</b>. The BTS receives a signal from the MS and forwards it to the BSC, which transfers the signal to the network switching subsystem.</li> <li><b>Network switching subsystem (NSS).</b> The NSS handles call processing, call routing, flow management and connectivity. It includes a <b>mobile switching centre (MSC)</b> for call switching and forwarding; two databases -- <b>visitor location register (VLR)</b> and <b>home location register (HLR)</b> -- that store user information; <b>equipment identity register</b>, which is a list of functioning mobile devices; and <b>authentication center</b>, which <a href="https://www.techtarget.com/searchsecurity/answer/What-are-the-key-identify-and-access-management-benefits">verifies user identities</a> and ensures privacy on every call. Once the MSC receives the signal from the BSC, it connects to the HLR and VLR to verify the user's identity and current location. It then routes the call to the intended recipient. If the <a href="https://www.techtarget.com/searchvirtualdesktop/answer/How-does-a-roaming-user-profile-work">user is roaming</a> -- i.e., on a different network -- the MSC switches the call across networks. This facilitates seamless communication with minimal delays and without requiring users to change their devices or phone numbers.</li> </ul> <p>GSM operates in a variety of frequency bands, with the 850 <a href="https://www.techtarget.com/searchnetworking/definition/megahertz">megahertz</a>, 900 MHz, 1,800 MHz and 1,900 MHz frequency bands among the most common. The U.S. and other countries in North and South America usually use the 850 MHz/1,900 MHz band, while all other countries usually use the 900 MHz/1,800 MHz band.</p> </section> <section class="section main-article-chapter" data-menu-title="Composition of the GSM network architecture"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Composition of the GSM network architecture</h2> <p>The GSM network has four separate parts that work together: the MS, BSS, NSS, and operation support system.</p> <p>The mobile device connects to the network using hardware. The SIM card provides the network with identifying information about the mobile user.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/mobile_computing-gsm.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/mobile_computing-gsm_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/mobile_computing-gsm_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/mobile_computing-gsm.png 1280w" alt="A diagram showing the core elements of a GSM network and how it works" height="392" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>A GSM network with a mobile station, base station controller and network subsystem </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The BSS handles traffic between the cellphone and NSS. It consists of the BTS and BSC. The BTS contains the equipment that communicates with mobile phones, largely the radio transmitter receivers and antennas; the BSC is the intelligence behind it that communicates with and controls a group of BTSes.</p> <p>The NSS, often called the <i>core network</i>, tracks the location of callers to enable <a href="https://www.techtarget.com/iotagenda/blog/IoT-Agenda/Dead-zones-in-cellular-service-take-on-renewed-importance-in-IoT">cellular services delivery</a>. Mobile carriers own the NSS. The NSS consists of numerous parts, including the MSC and HLR. These components perform different functions, such as routing calls and text messages and authenticating and storing caller account information using SIM cards.</p> <p>Because many GSM network operators have roaming agreements with foreign operators, users can often continue to use their phones when they travel to other countries. SIM cards that hold home network access configurations can switch to those with metered local access, significantly reducing roaming costs with no reductions in service.</p> </section> <section class="section main-article-chapter" data-menu-title="Benefits of GSM"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Benefits of GSM</h2> <p>For many years, GSM was the preferred technology for telecommunication ecosystems worldwide because of these benefits:</p> <ul class="default-list"> <li><b>Flexibility and convenience.</b> Users can switch between phone carriers easily.</li> <li><b>Compatibility.</b> Most carriers and phones used to be GSM-compatible, enabling users to connect and communicate seamlessly from any network and geographic location.</li> <li><b>Multiple uses.</b> Users on a GSM network could browse the internet, check emails, watch <a href="https://www.computerweekly.com/news/366573493/BT-Broadpeak-intro-multicast-tech-to-enhance-network-video-streaming">streaming videos</a> and connect with others through social networking sites -- all from the same device.</li> <li><b>Roaming support.</b> Users could use the same device and number even while traveling outside their home network.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="What are some limitations of GSM?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are some limitations of GSM?</h2> <p>Here are some disadvantages of GSM:</p> <ul class="default-list"> <li><b>Electronic interference. </b>Because GSM uses a pulse-transmission technology, it is known to interfere with electronics, like hearing aids. This <a href="https://www.techtarget.com/searchmobilecomputing/definition/electromagnetic-interference">electromagnetic interference</a> is why certain places like airports, gas stations and hospitals require that mobile phones be turned off.</li> <li><b>Bandwidth lag.</b> When using GSM technologies, multiple users access the same bandwidth, sometimes resulting in considerable <a href="https://www.techtarget.com/whatis/definition/latency">latency</a> as more users join the network.</li> <li><b>Limited rate of data transfer.</b> GSM offers a somewhat limited <a href="https://www.techtarget.com/searchunifiedcommunications/definition/data-transfer-rate">data transfer rate</a>. To achieve higher data rates, a user must switch to a device with more advanced forms of GSM.</li> <li><b>Repeaters.</b> GSM requires carriers to install repeaters to increase coverage.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="GSM security controls and security concerns"> <h2 class="section-title"><i class="icon" data-icon="1"></i>GSM security controls and security concerns</h2> <p>GSM was designed as a secure wireless system with security features to protect user data, ensure user privacy and safeguard communications from unauthorized access and eavesdropping. For example, it uses authentication measures, such as <a href="https://www.techtarget.com/searchsecurity/definition/challenge-response-system">challenge-response authentication</a>, which prompts a user to provide a valid answer to a question, and a preshared key in the form of a password or <a href="https://www.techtarget.com/searchsecurity/definition/passphrase">passphrase</a>. GSM also employs cryptographic security algorithms, including stream <a href="https://www.techtarget.com/searchsecurity/definition/cipher">ciphers</a>, like A5/1, A5/2 and A5/3, that encrypt <a href="https://www.techtarget.com/searchsecurity/definition/plaintext">plaintext</a> digits and ensure the privacy of user conversations.</p> <p>Despite having these features, GSM does not offer impenetrable security; it is susceptible to attacks. For example, the algorithms for both A5/1 and A5/2 have been broken and published in the past. Furthermore, GPRS Encryption Algorithm 1 and GEA2 -- ciphers in GPRS, a packet-based communication service that GSM uses to transmit data -- have also been broken and published. Open source software is also available to <a href="https://www.techtarget.com/searchsecurity/tip/Wireshark-tutorial-How-to-sniff-network-traffic">sniff packets in the GPRS network</a> easily. Given these vulnerabilities, GSM is vulnerable to plaintext attacks, which can compromise communications and user data.</p> </section> <section class="section main-article-chapter" data-menu-title="History of GSM"> <h2 class="section-title"><i class="icon" data-icon="1"></i>History of GSM</h2> <p>The GSM standard debuted in the early 1980s when it was originally known as Groupe Spécial Mobile. However, it wasn't until the early 1990s when it was first implemented in Europe. The goal was to provide a unified mobile communication standard for all of Europe.</p> <p>The GSM standard was meant to eliminate compatibility issues common with pre-GSM analog telecommunications systems, such as Advanced Mobile Phone System (AMPS) in the U.S. and Total Access Communication System in the U.K. These GSM predecessors were also unable to <a href="https://www.techtarget.com/searchdatacenter/definition/scalability">scale</a> with the adoption of more users. The shortcomings of these systems signaled the need for more efficient cellular technology suitable for international use.</p> <p>The European Conference of Postal and Telecommunications Administrations (CEPT) in 1983 worked to develop a European standard for digital telecommunications. CEPT listed several criteria the new system must meet: international roaming support, high speech quality, support for handheld devices, low service cost, flexibility to accommodate new services and <a href="https://www.computerweekly.com/news/252529225/UK-businesses-urged-to-move-away-from-ISDN-in-2023">Integrated Services Digital Network</a> capability.</p> <p>In 1987, representatives from 13 European countries signed a contract to deploy a telecommunications standard. The European Union (EU) then passed laws to require GSM as a standard in Europe. In 1989, the responsibility of the GSM project was transferred from CEPT to the European Telecommunications Standards Institute.</p> <p>Mobile services based on GSM were finally launched in Finland in 1991. That same year, the GSM standard frequency band was expanded from 900 MHz to 1,800 MHz. By 2010, GSM represented 80% of the global mobile market.</p> <p>Since then, GSM use has declined, and GSM is becoming increasingly obsolete, particularly as more mobile phones are switching to newer technologies, like <a href="https://www.techtarget.com/searchnetworking/definition/5G">5G</a>. Several telecommunications carriers, such as AT&T, Cellcom and Verizon in the U.S. and Telstra in Australia, have decommissioned their GSM networks. In 2017, Singapore retired its 2G GSM network. Some other U.S. carriers, such as T-Mobile, have also announced plans to switch off 2G.</p> </section> <section class="section main-article-chapter" data-menu-title="GSM vs. CDMA vs. LTE: Differences"> <h2 class="section-title"><i class="icon" data-icon="1"></i>GSM vs. CDMA vs. LTE: Differences</h2> <p>GSM, CDMA and <a href="https://www.techtarget.com/searchmobilecomputing/definition/Long-Term-Evolution-LTE">Long-Term Evolution</a> (<a href="https://www.techtarget.com/searchmobilecomputing/definition/Long-Term-Evolution-LTE">LTE</a>) cellular-wireless communications use different technologies and are meant to meet different business objectives. GSM is the oldest; it initially relied on processor/chip technologies available at the time to encode and decode data.</p> <p>For a time, <a href="https://www.techtarget.com/searchmobilecomputing/definition/Mobile-service-provider">mobile operators</a> deployed 2G GSM across many countries worldwide except for the U.S. and several countries in South America. Incompatibility with existing analog AMPS services largely drove these exceptions. To provide the necessary interim compatibility with GSM, they evaluated GSM's economies of scale for their networks.</p> <p>Carriers employed Digital AMPS, based on Interim Standard (IS)-136 for TDMA networking from the Electronics Industries Association/Telecommunication Industry Association. TDMA protocols were not sufficiently <a href="https://www.computerweekly.com/news/366567817/Additional-spectrum-needed-for-5G-Advanced-6G-networks">spectrum-efficient</a> to support fast-growing cellular services, leading to the introduction of the CDMA protocol.</p> <p>Also known as ITU IS-95, cdmaOne became the CDMA digital cellular standard in 1993, gaining popularity in countries using older analog AMPS. However, cdmaOne needed powerful processors to provide the additional compute power needed for coding and decoding CDMA. This is why CDMA phones were more expensive than GSM models.</p> <p>GSM introduced GPRS for data in 2000, which then led to EDGE, while cdmaOne led to American National Standards Institute-2000 1xRTT and then to Evolution-Data Optimized. Because CDMA protocols provide superior spectrum efficiency, <a href="https://www.techtarget.com/searchnetworking/definition/3rd-Generation-Partnership-Project-3GPP">3rd Generation Partnership Project</a> adopted these protocols under Wideband CDMA for implementation in 3G UMTS.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/security-5G_security_evolution-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/security-5G_security_evolution-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/security-5G_security_evolution-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/security-5G_security_evolution-f.png 1280w" alt="A chart describing the evolution of 1G to 5G cellular network technology." height="392" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Key technologies and standards during the nearly five decades-long evolution of cellular networks from 1G to 5G </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>4G LTE is a GSM technology and a major upgrade over 3G in data transfer speeds. It doesn't offer any way to make regular phone calls in the traditional sense. Instead, it uses specialized <a href="https://www.techtarget.com/searchunifiedcommunications/definition/VoIP">voice over Internet Protocol</a> for what's referred to as <a href="https://www.techtarget.com/searchnetworking/definition/voice-over-LTE-VoLTE">voice over LTE</a>.</p> <p>CDMA and GSM technologies eventually converged through orthogonal frequency-division multiple access (<a href="https://www.techtarget.com/searchnetworking/definition/orthogonal-frequency-division-multiple-access-OFDMA">OFDMA</a>), LTE's encoding protocol. OFDMA is also the encoding protocol for Worldwide Interoperability for Microwave Access and <a href="https://www.techtarget.com/searchmobilecomputing/definition/Wi-Fi">Wi-Fi</a> networks.</p> </section> <section class="section main-article-chapter" data-menu-title="GSM or CDMA: Which is more popular?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>GSM or CDMA: Which is more popular?</h2> <p>Between GSM and CDMA, GSM -- and, by extension, its descendants, <a href="https://www.techtarget.com/whatis/definition/5G-New-Radio-NR">5G New Radio</a>, UMTS and LTE -- is more popular. For almost three decades, GSM-based technologies were deployed in practically every country in the world. In the U.S., most carriers used GSM to provide mobile services.</p> <p>CDMA was always used in fewer countries compared to GSM. Also, more carriers that use CDMA are shutting down or phasing out their CDMA networks. But this now applies to GSM also.</p> <p>As 5G becomes more commonplace, it is expected to come with new encoding protocols. Many telecommunications industry watchers predict it will have a global and dramatic effect on digital communications.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/FtCKGmalxXA?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <p>Most carriers are asking their customers to switch over to 4G and, if possible, to 5G-ready devices if they haven't already. Some, like T-Mobile, are also offering free replacements for older handsets.</p> <p><em>Wireless networking improves from generation to generation. Learn more about the <a href="https://www.techtarget.com/searchnetworking/feature/Understand-the-basics-of-5G-wireless-networks">basics behind 5G</a>.</em></p> </section> GSM (Global System for Mobile Communications) is a digital mobile communication standard applied widely in Europe and other parts of the world. https://cdn.ttgtmedia.com/visuals/digdeeper/6.jpg https://www.techtarget.com/searchmobilecomputing/definition/GSM Tue, 27 May 2025 09:00:00 GMT What is GSM (Global System for Mobile Communications)? <p>A network node is a connection point in a communications network. This point, often known as an <i>endpoint</i>, is attached to the network and can send and receive data over that network. It can also create and redistribute data along various network routes. Examples of endpoints or end nodes include computers, smartphones and printers.</p> <p>Not all nodes are <a href="https://www.techtarget.com/whatis/definition/endpoint-device">endpoints</a>, however. Some nodes are intermediate nodes that don't create or terminate data but rather direct it to the appropriate destination. Examples include <a href="https://www.techtarget.com/searchnetworking/definition/router">routers</a> and <a href="https://www.techtarget.com/searchnetworking/definition/switch">switches</a>. Similarly, there are centralized nodes known as <a href="https://www.techtarget.com/whatis/definition/server">servers</a> that store data and provide resources to other nodes in the network.</p> <section class="section main-article-chapter" data-menu-title="What is a computer network, and where do network nodes fit?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is a computer network, and where do network nodes fit?</h2> <p>A computer network is a system of computers and computing devices connected via communication links. These links allow computers and other devices to send information over the network and share it among multiple digital devices, known as <i>nodes</i>.</p> <p>Within a network, each node is often an endpoint for data transmissions or redistribution. Nodes have either a programmed or engineered capability to recognize, process and forward transmissions to other network nodes.</p> <p>The concept of network nodes originated with the <a href="https://www.techtarget.com/searchnetworking/tip/A-guide-to-distributed-network-architectures">use of distributed networks</a> and packet switching. Depending on the application, network nodes perform a variety of functions. Computer networks and the nodes connected to them make things like video streaming, social networks and <a href="https://www.techtarget.com/searchnetworking/feature/How-cloud-network-architecture-can-redesign-the-enterprise-edge">cloud networks</a> possible.</p> <p>Computer networks can be physical or logical. A physical computer network is a "real" network comprised of cables and devices that send data back and forth. In contrast, <a href="https://www.techtarget.com/searchnetworking/definition/logical-network">logical networks</a> are software representations of a physical network and are built on top of a physical network.</p> <p>Regardless of the type, networks are governed by <a href="https://www.techtarget.com/searchnetworking/definition/protocol">network protocols</a>. These are the widely accepted and standardized rules defining how information is sent and received over a network. Networks can be defined by the protocols they use. They can also be defined by their geographic location, and the physical arrangement of the network components and their purpose.</p> <p>The internet is an example of a computer network. It is made up of many smaller computer networks, each comprised of hundreds of thousands of nodes.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/WexBQ1XgaDw?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Examples of nodes in networking"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Examples of nodes in networking</h2> <p>Nodes are the building blocks of any network because they enable the flow of data, which then makes network communication possible. The data flows can be simple, such as file transfers between two laptops, or complex, such as between two servers in a data center.</p> <p>In <a href="https://www.techtarget.com/searchnetworking/tip/Network-modernization-benefits-and-challenges">modern networks</a>, the term "node" encompasses a wide variety of connecting entities. Examples of network nodes include the following:</p> <ul class="default-list"> <li>Computers (PCs and laptops).</li> <li>Smartphones and other network-connected mobile devices.</li> <li>Servers.</li> <li>Routers.</li> <li>Switches.</li> <li>Printers.</li> <li>Sensors</li> <li><a href="https://www.techtarget.com/iotagenda/definition/Internet-of-Things-IoT">IoT</a> devices.</li> </ul> <p>Network <a href="https://www.techtarget.com/searchsecurity/definition/bridge">bridges</a> that connect multiple <a href="https://www.techtarget.com/searchnetworking/definition/local-area-network-LAN">LANs</a> to form larger networks are also considered nodes.</p> </section> <section class="section main-article-chapter" data-menu-title="What does a network node do?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What does a network node do?</h2> <p>A network node sits at a point in the network where it sends, receives, stores or creates information. It transmits data to communicate with other nodes in the network. Different nodes connect over a link or communication channel to form a network. These connections can be cable, <a href="https://www.techtarget.com/searchnetworking/definition/fiber-optics-optical-fiber">fiber optic</a> or wireless.</p> <p>In a computer network, nodes can be physical networked devices, such as modems, PCs and printers. These devices recognize transmissions from other nodes and forward them to other nodes. Nodes like PCs and laptops can also share resource nodes like printers and files. Some nodes, like routers, can also forward data to ensure it reaches the appropriate destination.</p> <p>The nodes connected to a network each have a unique <a href="https://www.techtarget.com/whatis/definition/IP-address-Internet-Protocol-Address">IP address</a>. It acts as an identifier that differentiates one node from another and helps with their discovery. Node discovery is often achieved with the help of automated tools that scan the network and create a visual display to show the various interconnections. Doing so can help with <a href="https://www.techtarget.com/searchnetworking/answer/What-are-the-3-most-common-network-issues-to-troubleshoot">network troubleshooting</a> and performance optimization. It can also help to identify unauthorized or potentially <a href="https://www.techtarget.com/searchsecurity/tip/6-common-types-of-cyber-attacks-and-how-to-prevent-them">malicious devices</a> connected to the network. The IP address is also needed to enable the node to access network resources and communicate with other nodes.</p> <p>Modern nodes go way beyond simply facilitating data transfers. Depending on the application and network setup, nodes can also integrate cutting-edge technologies like cloud computing, <a href="https://www.techtarget.com/searchdatacenter/definition/edge-computing">edge computing</a> and AI to perform more complex tasks like automations, data analysis and real-time data processing. Many nodes also incorporate security features like firewalls, data <a href="https://www.techtarget.com/searchsecurity/definition/encryption">encryption</a> and user authentication to protect data, prevent unauthorized access to the network, and reduce the probability of cyberattacks.</p> </section> <section class="section main-article-chapter" data-menu-title="What are the types of network nodes?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the types of network nodes?</h2> <p>There are several ways to categorize nodes. One is by network type, and another is by network topology.</p> <h3>Nodes by network type</h3> <ul class="default-list"> <li><b>Data communications.</b> Data communications nodes are physical network nodes like data communications equipment or devices that sit between data terminal equipment (DTE) and data transmission circuits. These include switches, bridges, modems or <a href="https://www.techtarget.com/searchnetworking/definition/hub">hubs</a> that perform signal conversion, coding and line clocking. These nodes also include DTE, such as digital telephone handsets, printers, routers, servers and workstations.</li> <li><b>Internet network.</b> On the internet and with intranets, most physical network nodes are host computers identified by an IP address. However, some data link devices, such as wireless LAN (WLAN) access points, do not have IP host addresses. They are considered physical network or LAN nodes rather than internet nodes or hosts.</li> <li><b>LAN and wide area network (WAN).</b> These nodes are devices that perform a specific function, such as printing, resource-sharing or troubleshooting network issues. Each LAN or WAN node must have a media access control address (<a href="https://www.techtarget.com/searchnetworking/definition/MAC-address">MAC address</a>) for each network interface card (<a href="https://www.techtarget.com/searchnetworking/definition/network-interface-card">NIC</a>). Examples include modems with Ethernet interfaces, <a href="https://www.techtarget.com/searchnetworking/answer/Is-there-a-difference-between-a-wireless-access-point-and-a-wireless-router">WLAN access points</a> and computers.</li> <li><b>Telecommunications network.</b> In fixed telephone networks, nodes can be public or private telephone exchanges or computers that provide intelligent network services, such as data transfers or redistribution. In cellular communications, nodes include <a href="https://www.techtarget.com/whatis/definition/base-station">base station</a> controllers that control one or more base stations.</li> <li><b>Cable system.</b> In <a href="https://www.techtarget.com/searchnetworking/tutorial/Network-cable-history-and-fundamentals-Cabling-tips-for-network-professionals-lesson-1">cable systems</a>, nodes use fiber optic cable to connect to businesses and homes served by a common fiber optic receiver within a geographic location. A fiber optic node describes the number of homes or businesses a specific fiber node can serve.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Nodes by network topologies"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Nodes by network topologies</h2> <p>Another way to categorize nodes is by how they are arranged in a physical computer network. This is known as the <a href="https://www.techtarget.com/searchnetworking/definition/network-topology">network topology</a> approach. Some common network topologies include the following:</p> <ol class="default-list"> <li><a href="https://www.techtarget.com/searchnetworking/definition/bus-network">Bus</a> topology connects individual nodes directly to a main cable. A common example is cable broadband distribution networks.</li> <li>Ring topology has nodes connected in a loop or ring; each node has a neighbor on each side and the data can pass either in one direction or in both directions. Metro networks usually connect their nodes using a ring topology.</li> <li><a href="https://www.techtarget.com/searchnetworking/definition/star-network">Star</a> topology connects all nodes to a central hub. Most wired home and office networks connect their nodes (PCs, printers, scanners, etc.) with a star topology.</li> <li><a href="https://www.techtarget.com/iotagenda/definition/mesh-network-topology-mesh-network">Mesh</a> topology has every node connected to every other node, creating multiple paths between various nodes in the network.</li> </ol> <div class="youtube-iframe-container"> <iframe id="ytplayer-1" src="https://www.youtube.com/embed/8UZlwhiWKmA?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <p>In addition to the above, network nodes can be connected using a hybrid topology. Such networks combine two or more topologies (ring and mesh, star and bus, etc.) to provide greater connection flexibility and scalability.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/whatis-network_topology.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/whatis-network_topology_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/whatis-network_topology_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/whatis-network_topology.png 1280w" alt="Graphic of the various types of network topology." height="398" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>The nodes in the pictured topologies are represented by dots, and the communications links by lines. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="What are examples and applications of network nodes?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are examples and applications of network nodes?</h2> <p>Examples of how network nodes are used include the following:</p> <p><b>Print request.</b> An employee sends a print request from a computer to a printer in another office. The employee's computer is a node on the network. The request travels over the network and through a series of other nodes -- a router, for example -- on the company LAN. The request reaches the printer, also a node; it processes the request and completes the printing job.</p> <p><b>Base station controller.</b> This is a node on a <a href="https://www.techtarget.com/searchnetworking/feature/A-deep-dive-into-the-differences-between-4G-and-5G-networks">cellular network</a> that provides intelligent network services to devices. The base station controller sits between the cell sites and the mobile switching center, which are also nodes on the cell network. Base station controllers determine how cell signals should be routed through the network.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/iota-edge-to-cloud_architecture_layers-h.png"> <img data-src="https://www.techtarget.com/rms/onlineImages/iota-edge-to-cloud_architecture_layers-h_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/iota-edge-to-cloud_architecture_layers-h_half_column_mobile.png 960w,https://www.techtarget.com/rms/onlineImages/iota-edge-to-cloud_architecture_layers-h.png 1280w" alt="Diagram of edge-to-cloud architecture layers." height="466" width="279"> <figcaption> <i class="icon pictures" data-icon="z"></i>Fog nodes give IoT and edge networks an extra boost. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p><b>Peer-to-peer mesh network.</b> A peer-to-peer mesh network lets mobile devices communicate information without Wi-Fi or cellular service. In a mesh network topology, every node connects to every other node. Cellphones act as nodes and extend their signals to other cellphones in the network that might be experiencing a service outage. IBM's The Weather Company uses this approach to transmit critical information when other networks are down.</p> <p><b>Internet of things.</b> <a href="https://www.techtarget.com/iotagenda/feature/Everything-you-need-to-know-about-IoT-connectivity-options">IoT networks</a> connect devices of all types -- not just computers -- to the internet. Each device is a node on the IoT network. Edge nodes create data from IoT devices. <a href="https://www.techtarget.com/iotagenda/feature/Fog-nodes-simplify-edge-vs-cloud-computing-choice">Fog nodes</a> add another layer of physical servers, bringing real-time analytical processing to IoT networks.</p> <p><i>Networks vary in size, connectivity, coverage and design. This guide examines the </i><a href="https://www.techtarget.com/searchnetworking/feature/7-types-of-networks-and-their-use-cases"><i>most common types of networks, along with their advantages and applications</i></a><i>. Also, further explore the </i><a href="https://www.techtarget.com/searchnetworking/tip/6-types-of-enterprise-networking-topologies"><i>different types of network topologies</i></a><i>. </i></p> </section> A network node is a connection point in a communications network. https://cdn.ttgtmedia.com/visuals/digdeeper/4.jpg https://www.techtarget.com/searchnetworking/definition/node Fri, 07 Mar 2025 13:15:00 GMT What is a network node? <p>A router is a physical or virtual appliance that passes information between two or more packet-switched computer networks. These networks can be local area networks (LANs), wide area networks (WANs) or a combination of the two. A router inspects a given data packet's destination internet protocol (<a href="https://www.techtarget.com/whatis/definition/IP-address-Internet-Protocol-Address">IP) address</a>, calculates the best way to reach its destination and then forwards it accordingly.</p> <p>A router is a common type of gateway. It's positioned where two or more networks meet at each point of presence on the internet. Hundreds of routers might forward a single IP packet as it moves from one network to the next on the way to its final destination. Routers exist on Layer 3, the network layer, of the <a href="https://www.techtarget.com/searchnetworking/definition/OSI">Open Systems Interconnection model</a>.</p> <p>Traditional routers are standalone devices that use proprietary software. A virtual router is a software instance that performs the same functions as a physical router. Virtual routers typically run on commodity servers, either alone or packaged with other <a href="https://www.techtarget.com/searchnetworking/definition/virtual-network-functions-VNF">virtual network functions</a>, such as firewall packet filtering, load balancing and WAN optimization capabilities.</p> <p><a href="https://www.techtarget.com/searchnetworking/tip/An-introduction-to-8-types-of-network-devices">Other network devices</a>, such as wireless access points and network switches, might include built-in router functionality.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/Cisco_Catalyst_8200.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/Cisco_Catalyst_8200_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/Cisco_Catalyst_8200_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/Cisco_Catalyst_8200.jpg 1280w" alt="Screenshot of Cisco branch router." height="179" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Branch routers, like this one from Cisco, connect remote offices to an organization's WAN. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <section class="section main-article-chapter" data-menu-title="Why use a router?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why use a router?</h2> <p>A router sends data packets to their correct destinations and enables multiple devices to share the same internet connection. It acts as a central hub, receiving internet traffic and distributing it to the correct devices on the local network. It lets those devices share the same public IP address and connection.</p> <p>Routers also let connected devices communicate without needing internet access, facilitating the creation of local network.</p> </section> <section class="section main-article-chapter" data-menu-title="How a router works"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How a router works</h2> <p>When a network device such as a laptop or a phone sends data to another device, that data is broken down into packets. Each packet's header contains important information, such as the source and destination IP address. A router examines a packet header's destination IP address and compares it with a <a href="https://www.techtarget.com/searchnetworking/definition/routing-table">routing table</a> to determine the packet's best next hop.</p> <p>Routing tables list directions for forwarding data to network destinations, sometimes in the context of other variables, such as cost. They amount to an algorithmic set of rules that calculate the best way to transmit traffic toward any given IP address.</p> <p>A routing table often specifies a default route, which the router uses whenever it fails to find a better forwarding option for a given packet. For example, a typical home office router directs all outbound traffic along a single default route to its internet service provider (<a href="https://www.techtarget.com/whatis/definition/ISP-Internet-service-provider">ISP</a>).</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_a_router_connects_two_networks-h.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_a_router_connects_two_networks-h_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_a_router_connects_two_networks-h_half_column_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/how_a_router_connects_two_networks-h.png 1280w" alt="Network diagram with the router connecting two networks." height="160" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>A router can be used to connect two local area networks. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Routing tables are <a href="https://www.techtarget.com/searchnetworking/answer/Static-and-dynamic-routing">either static or dynamic</a>. Static routers are manually configured, while dynamic routers automatically update their routing tables based on network activity and exchange information with other devices using routing protocols.</p> <p>Many routers also perform Network Address Translation (<a href="https://www.techtarget.com/searchnetworking/definition/Network-Address-Translation-NAT">NAT</a>), which shields the private IP addresses of a LAN by readdressing all outgoing traffic with a single shared public IP address. NAT helps to conserve globally valid IP addresses and <a href="https://www.techtarget.com/searchnetworking/tip/Tips-to-improve-network-security-visibility">improve network security</a>.</p> </section> <section class="section main-article-chapter" data-menu-title="The difference between a router and a modem"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The difference between a router and a modem</h2> <p>The terms modem and router are sometimes used interchangeably when describing a home network, but they're not the same.</p> <h3>Modems</h3> <p>A modem connects a home or office to the ISP and converts the analog internet signal into a digital format that devices understand. It connects directly to the ISP, providing an internet connection, but doesn't create a local network. Typically, modems don't have built-in wireless capabilities and offer only a wired internet connection.</p> <h3>Routers</h3> <p>In contrast, a router takes the internet connection from the modem and distributes it to various devices within a home or office network. This enables devices to connect either wirelessly or through <a href="https://www.techtarget.com/searchnetworking/definition/Ethernet">Ethernet</a> cables.</p> <p>The router creates a LAN, enabling multiple devices to connect, communicate with each other and access the internet. Routers come with wireless or <a href="https://www.techtarget.com/searchmobilecomputing/definition/Wi-Fi">Wi-Fi</a> capabilities, enabling devices to connect to the network without needing Ethernet cables.</p> <p>It's common today to have a single device that combines both modem and router functions. These devices are often referred to as modem routers or gateways.</p> </section> <section class="section main-article-chapter" data-menu-title="Types of routers"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Types of routers</h2> <p>Some of the different types of network routers include the following:</p> <ul class="default-list"> <li><b>Wired routers.</b> These routers physically connect devices to the internet using Ethernet cables. Wired connections provide higher internet speeds and are generally more reliable and secure than wireless ones. They're ideal for environments, such as data centers, where a stable and high-speed connection is essential.</li> <li><b>Wireless routers. </b>A <a href="https://www.techtarget.com/searchmobilecomputing/definition/wireless-router">wireless router</a> works in the same way as the router in a hard-wired home or business LAN but enables greater mobility for notebook or portable computers. Wireless routers use the 802.11g specification, a standard that offers transmission over short distances.</li> <li><b>Core routers.</b> ISPs use core routers, the fastest and most powerful types of routers. Core routers provide maximum bandwidth for connecting additional routers or switches. They sit at the center of the internet and forward information along the main fiber optic backbone. Enterprise routers connect large organizations' networks to core routers.</li> <li><b>Edge routers.</b> An <a href="https://www.techtarget.com/searchnetworking/definition/edge-router">edge router</a>, also known as an access router, is a lower-capacity device that resides at the boundary of a LAN and connects it to the public internet, a private WAN or an external LAN. Subscriber edge routers are edge routers used in home and small office routers.</li> <li><b>Branch routers.</b> These routers link an organization's remote office locations to its WAN, connecting to the primary campus network's edge routers. They often provide additional features, such as time-division multiplexing, wireless LAN management capabilities and WAN application acceleration.</li> <li><b>Virtual routers.</b> A virtual router is a software-based emulation of a physical router. It divides one physical router into multiple isolated units, enabling the device to operate as several independent routers. Each virtual router has its own routing tables, interfaces and configurations. Virtual routers are typically used to create separate routing instances for different <a href="https://www.techtarget.com/searchnetworking/definition/virtual-private-network">virtual private networks</a> on the same device or in multi-tenancy environments, where customer traffic must be isolated within a shared infrastructure.</li> <li><b>Logical routers.</b> A logical router is a configured partition of a traditional network hardware, or physical router. It's viewed as an enhanced virtual router with dedicated hardware resources, such as a specific central processing unit, memory and network interfaces assigned to each logical router instance. Logical routers replicate the hardware's functionality, creating multiple routing domains within a single router. They perform a subset of the tasks that physical routers can complete, and each logical router can contain multiple routing instances and routing tables.</li> </ul> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/lyIUgr9JOLs?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Routing protocol categories"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Routing protocol categories</h2> <p>Routing protocols determine how a router identifies other routers on the network, keeps track of all possible destinations and makes dynamic decisions about where to send each network message. Routing protocols are typically categorized into the following three types:</p> <h3>Distance vector and link-state protocols</h3> <p>Distance vector protocols use the distance to determine the best route to a destination, which is usually measured in hops. Each router shares its routing table with its immediate neighbors, aiding in the calculation of the optimal path. Routing Information Protocol (<a href="https://www.techtarget.com/searchnetworking/definition/Routing-Information-Protocol">RIP</a>) is an example of a distance vector protocol.</p> <p>Link-state protocols determine the best routing path to a destination while maintaining a complete view of the <a href="https://www.techtarget.com/searchnetworking/tip/6-types-of-enterprise-networking-topologies">network topology</a>. Each router shares information about its directly connected neighbors to create a map of the network. This enables routers to calculate the shortest path to each destination based on various metrics, such as cost or speed. Open shortest path first (<a href="https://www.techtarget.com/searchnetworking/definition/OSPF-Open-Shortest-Path-First">OSPF</a>) is an example of a link-state routing protocol.</p> <h3>Interior and exterior gateway protocols</h3> <p>Interior Gateway Protocols (IGPs) exchange routing information within a single <a href="https://www.techtarget.com/searchnetworking/definition/autonomous-system">autonomous system</a>. Within an AS, routers use these protocols to identify the optimal path for data transmission. IGPs are typically employed for smaller-scale routing within an organization, often confined to a single building or a cluster of connected buildings. Common examples of IGP protocols include RIP, OSPF and Enhanced Interior Gateway Routing Protocol (<a href="https://www.techtarget.com/searchnetworking/definition/EIGRP">EIGRP</a>).</p> <p>Exterior Gateway Protocols (EGPs) exchange routing information between different ASes. They are essential for routing across the broader internet, as they enable different networks to communicate and determine the best paths for traffic moving from one AS to another. The most commonly used EGP is the Border Gateway Protocol (<a href="https://www.techtarget.com/searchnetworking/definition/BGP-Border-Gateway-Protocol">BGP</a>).</p> <h3>Hybrid protocols</h3> <p>Hybrid protocols integrate characteristics of both distance vector and link-state protocols to enhance efficiency and scalability. EIGRP is a notable example of a hybrid protocol. While it primarily follows distance vector principles, it also keeps a topology map similar to that of link-state protocols.</p> </section> <section class="section main-article-chapter" data-menu-title="Examples of routing protocols"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Examples of routing protocols</h2> <p>The various routing protocols currently in use include the following:</p> <ul class="default-list"> <li><b>Open Shortest Path First. </b>OSPF<b> </b>finds the best path for packets as they pass through a set of connected networks. The Internet Engineering Task Force designates OSPF as one of several Interior Gateway Protocols.</li> <li><b>Exterior Gateway Protocol. </b>While exterior gateway protocols are a category of protocols as mentioned above, there is also an older protocol named EGP.<b> </b>EGP determines how routing information exchanges between two neighbor gateway hosts that each have its own router. Hosts on the internet commonly use EGP to exchange routing table information. This protocol is obsolete now and has largely been replaced by BGP due to its lack of support for multipath networking environments.</li> <li><b>Border Gateway Protocol. </b>BGP manages how packets are routed across the internet through the exchange of information between edge routers. BGP offers network stability that guarantees routers can quickly adapt to send packets on an alternate internet path if the one they're using goes down.</li> <li><b>Interior Gateway Routing Protocol. </b>IGRP determines how an autonomous network exchanges routing information between gateways. Other network protocols then use the routing information to specify how transmissions should be routed. In 1993, EIGRP replaced IGRP due to the shift to classless IPv4 addressing, which IGRP was unable to support.</li> <li><b>Enhanced Interior Gateway Routing Protocol. </b>EIGRP evolved from IGRP. If a router can't find a route to a destination in one of these tables, it queries nearby routers, which then query routers closer to them until a route is found. When a routing table entry changes in one of the routers, it notifies nearby routers of the change instead of sending the entire table.</li> <li><b>Routing Information Protocol. </b>RIP is the original protocol that defines how routers should share information when traffic moves among an interconnected group of LANs. The largest number of hops allowed for RIP is 15, which limits the size of networks that RIP can support. RIP is rarely used in modern networks, except in very small networks.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Router security challenges"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Router security challenges</h2> <p>While routers play a crucial role in network connectivity, they also face numerous security challenges that threaten network integrity and safety. Here are some of the primary challenges:</p> <ul class="default-list"> <li><b>Firmware vulnerabilities.</b> If a router's <a href="https://www.techtarget.com/whatis/definition/firmware">firmware</a> or operating system is outdated, it could have known security vulnerabilities that hackers can exploit. Manufacturers frequently release updates to address these flaws, but users don't always install them in a timely manner. Additionally, attackers replace legitimate firmware with malicious versions that let them take control of the router, intercept traffic or steal sensitive data.</li> <li><b>Weak or default credentials. </b>Many routers come with default usernames and passwords that are easily found online. If these credentials aren't changed, anyone could gain access to the router's settings. Even when users do change their passwords, they might still opt for weak passwords that can be easily guessed or cracked through <a href="https://www.techtarget.com/searchsecurity/definition/brute-force-cracking">brute-force attacks</a>. The latest NIST password guidelines <a target="_blank" href="https://pages.nist.gov/800-63-4/sp800-63b.html" rel="noopener">recommend permitting passwords</a> up to 64 characters and advise a minimum of 8 characters for basic security.</li> <li><b>Denial-of-service attacks. </b><a href="https://www.techtarget.com/searchsecurity/definition/distributed-denial-of-service-attack">DDoS attack</a> is a common method of flooding a router with excessive traffic. This surge in data can exceed the router's processing capabilities, resulting in system crashes or severe latency. The router becomes unresponsive, leading to significant disruptions in network connectivity and preventing users from accessing essential online services.</li> <li><b>Router misconfigurations.</b> Routers have ports that facilitate various types of network traffic. If these ports are left open when they aren't needed, attackers can use them as a potential entry point. Convenience features for routers can also introduce security risks. For example, Wi-Fi Protected Setup, designed to simplify Wi-Fi router connections by using a button or PIN, can be a vulnerability if not properly configured.</li> <li><b>Physical access.</b> If someone gains physical access to a router, they could potentially reset it, change its settings or even install malicious software.</li> </ul> <p><i>Learn the key </i><a href="https://www.techtarget.com/searchnetworking/answer/Is-there-a-difference-between-a-wireless-access-point-and-a-wireless-router"><i>differences between a router and a wireless access point</i></a><i>. Discover how factors such as network size, organizational needs and user count help in choosing the correct device for a network.</i></p> </section> A router is a physical or virtual appliance that passes information between two or more packet-switched computer networks. https://cdn.ttgtmedia.com/visuals/digdeeper/6.jpg https://www.techtarget.com/searchnetworking/definition/router Tue, 04 Mar 2025 09:00:00 GMT What is a router? <p>Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (<a href="https://www.techtarget.com/searchnetworking/definition/virtual-private-network">VPN</a>). The protocol ensures security for VPN negotiation, remote host and network access.</p> <p>A critical role of IKE is negotiating security associations (SAs) for Internet Protocol Security (<a href="https://www.techtarget.com/searchsecurity/definition/IPsec-Internet-Protocol-Security">IPsec</a>). SAs are the security policies for communication between two or more entities. They consist of a set of algorithms and mutually agreed-upon keys that both parties use when attempting to establish a VPN tunnel or connection. Each system maintains a list of SAs for the other systems it communicates with.</p> <p>There are two versions of IKE standards:</p> <ol class="default-list"> <li>IKE protocol defined in Request for Comments (RFC) 2409.</li> <li>IKE version 2 (IKEv2) defined in RFC 7296.</li> </ol> <p>Most often, IKE uses <a href="https://www.techtarget.com/searchsecurity/definition/X509-certificate">X.509</a> <a href="https://www.techtarget.com/searchsecurity/definition/PKI">public key infrastructure</a> certificates for authentication and a <a href="https://www.techtarget.com/searchsecurity/definition/Diffie-Hellman-key-exchange">Diffie-Hellman key exchange</a> protocol to establish a shared secret session.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/security-key_exchange_diffie-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/security-key_exchange_diffie-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/security-key_exchange_diffie-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/security-key_exchange_diffie-f.png 1280w" alt="IPsec, encryption, internet security" height="301" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Diffie-Hellman key exchange works by having both parties choose a private key, calculate a public key, share both computed keys and compute a shared secret key for secured communication. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>A hybrid protocol, IKE also implements two earlier security protocols, Oakley and SKEME, within an Internet Security Association and Key Management Protocol (ISAKMP) <a href="https://www.techtarget.com/searchnetworking/definition/TCP-IP">TCP/IP</a>-based framework.</p> <p>The SKEME protocol is an alternate version for the exchange key. ISAKMP RFC 2408 is used for negotiations, establishing SAs and securing connections between IPsec peers, specifying the framework for key exchange and <a href="https://www.techtarget.com/searchsecurity/definition/authentication">authentication</a>. Oakley RFC 2412 is used for key agreements or exchanges and defines the mechanism used over the IKE session for key exchange. Diffie-Hellman is the default algorithm used for exchange.</p> <p>IKE is used by many technologies that are protected by IPsec. Some examples are VPN, <a href="https://www.techtarget.com/searchcontentmanagement/definition/Secure-File-Transfer-Protocol-SSH-File-Transfer-Protocol">Secure File Transfer Protocol</a>, <a href="https://www.techtarget.com/searchsecurity/definition/Secure-Shell">Secure Shell</a> and <a href="https://www.techtarget.com/searchnetworking/definition/PPP">Point-to-Point Protocol</a> connections.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/security-ipsec_tunnel_mode.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/security-ipsec_tunnel_mode_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/security-ipsec_tunnel_mode_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/security-ipsec_tunnel_mode.png 1280w" alt="IPsec, encryption, internet security" height="250" width="520"> <figcaption> <i class="icon pictures" data-icon="z"></i>Internet Key Exchange negotiates security associations for IPsec, which secures data transmitted over the public internet by enabling encrypted tunnels. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <section class="section main-article-chapter" data-menu-title="How does IKE work in IPsec?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How does IKE work in IPsec?</h2> <p>IKE is a part of IPsec, a suite of protocols and algorithms used to secure sensitive data transmitted across a network. The <a href="https://www.techtarget.com/whatis/definition/IETF-Internet-Engineering-Task-Force">Internet Engineering Task Force</a> developed IPsec to provide security through authentication and <a href="https://www.techtarget.com/searchsecurity/definition/encryption">encryption</a> of IP <a href="https://www.techtarget.com/searchnetworking/definition/packet">network packets</a> and secure VPNs.</p> <p>In IPsec, IKE defines an automatic means of negotiation and authentication for IPsec SAs during the initial connection. This is required for the encryption and decryption process because it negotiates the security that is used for main communication. IKE offers several benefits for IPsec configuration, including automatic negotiation and authentication, antireplay services, certification authority support and the ability to change encryption keys during an IPsec session.</p> <p>The IKE protocol uses User Datagram Protocol (<a href="https://www.techtarget.com/searchnetworking/definition/UDP-User-Datagram-Protocol">UDP</a>) packets during transmission, generally needing four to six packets with two to three messages. An IPsec stack intercepts relevant IP packets, encrypting and decrypting them as needed.</p> <p>To illustrate the use of IKE, imagine two spies who have not met before need to start exchanging secret messages. IKE is when they first meet, using an agreed-upon secret to identify each other, such as "I'll be at the park bench wearing a red hat; you ask about the snow." Then, they can agree on how to encrypt and drop off messages. From then on, they never need to meet again in person and only need to follow the agreed way to exchange messages.</p> </section> <section class="section main-article-chapter" data-menu-title="Understanding phase 1 and phase 2 of IKE"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding phase 1 and phase 2 of IKE</h2> <p>The original version of IKE sets up secure communications channels in two phases: phase 1 and phase 2.</p> <p>In phase 1, an authenticated connection between the initiator and responder is established using a preshared key or a digital certificate. The goal is to secure the communications that occur in phase 2.</p> <p>The Diffie-Hellman key exchange algorithm creates a secure authentication communication channel that is used for further communication. This digital encryption method uses numbers raised to specific powers to produce decryption keys. The negotiation should result in session keys and one bidirectional SA.<br><br>Phase 1 operates under one of two modes: main mode or aggressive mode. The main mode consists of both parties sending three two-way exchanges equaling six messages in total. The first two messages confirm encryption and authentication algorithms. The second set of two messages starts with a Diffie-Hellman key exchange, where both parties provide a random number. The third set of messages verifies the identities of each party.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/VY4EouzyJS0?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <p>Aggressive mode accomplishes the same task as the main mode but does so in just two exchanges of three messages. Whereas the main mode protects both parties' identities by encrypting them, the aggressive mode does not.</p> <p>Phase 2 of IKE negotiates an SA to secure the data that travels through IPsec, using the secure channel created in phase 1. The result is a minimum of two SAs that are unidirectional. Both parties also exchange proposals to determine which security parameter to use in the SA.</p> <p>Phase 2 operates in only one mode: quick mode. Quick mode provides three resources: proxy IDs, perfect forward secrecy (<a href="https://www.techtarget.com/whatis/definition/perfect-forward-secrecy">PFS</a>) and replay protection. The proxy IDs of each participant are shared with each other. PFS delivers keys independent from preceding keys. Replay protection is a security method to protect against replay attacks.</p> <p>The main and aggressive modes found in phase 1 only apply to IKEv1 and not to IKEv2.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/ikev1_phase_1_main_mode_message_structure-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/ikev1_phase_1_main_mode_message_structure-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/ikev1_phase_1_main_mode_message_structure-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/ikev1_phase_1_main_mode_message_structure-f.png 1280w" alt="internet key exchange version one main mode message structure, IKE" height="459" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>This image shows an example of IKE version 1's main message mode structure. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="What is IKE version 2 and what are its improvements?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is IKE version 2 and what are its improvements?</h2> <p>IKEv1 came out in 1998 and was followed by the release of IKEv2 in 2005. IKEv2, updated in 2014, negotiates and authenticates IPsec SAs and provides secure VPN communication channels between devices. This version does not include phases 1 or 2 like its predecessor, but message exchanges still negotiate an IPsec tunnel.</p> <p>The first of the four messages is a negotiation to decide a security attribute. The second is where each party authenticates its identity. The third includes the creation of additional SAs. The fourth message removes SA relationships, detects IPsec tunnel liveliness and reports errors.</p> <p>Improvements in IKEv2 over IKEv1 are as follows:</p> <ul class="default-list"> <li>Requires less bandwidth.</li> <li>Demands fewer cryptographic mechanisms to protect packets.</li> <li>Requires only one four-message initial exchange mechanism.</li> <li>Supports mobile platforms, including smartphones.</li> <li>Supports the security of <a href="https://www.techtarget.com/searchnetworking/definition/SCTP">Stream Control Transmission Protocol</a> traffic.</li> <li>Provides more resistance to denial-of-service (<a href="https://www.techtarget.com/searchsecurity/definition/denial-of-service">DoS</a>) attacks.</li> <li>Comes equipped with the built-in network address translation (<a href="https://www.techtarget.com/searchnetworking/definition/Network-Address-Translation-NAT">NAT</a>) traversal needed to support routers that perform translations.</li> <li>Detects automatically if an IPsec tunnel is still live so that IKE can automatically reestablish a connection if needed.</li> <li>Enables message fragmentation and IKEv2 to operate in areas where IP fragments might be blocked and an SA may fail to establish.</li> <li>Enables rekeying to build new keys for SA.</li> </ul> <p>Mobility and Multihoming Protocol is an <a href="https://datatracker.ietf.org/doc/html/rfc4555" target="_blank" rel="noopener">extension of IKE</a> in the v2 specification to support mobile devices, such as smartphones. It helps to quickly reestablish the connection when the device moves between networks.</p> </section> <section class="section main-article-chapter" data-menu-title="How does an IKEv2 connection work?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How does an IKEv2 connection work?</h2> <p>An IKEv2 connection uses less steps than IKEv1:</p> <ol class="default-list"> <li>IKE_SA_INIT is the initial exchange where the initiator and responder exchange supported encryption types.</li> <li>IKE_SA_AUTH is where they exchange authentication information and establish the connection.</li> <li>CREATE_CHILD_SA is where they create SAs for each other.</li> </ol> </section> <section class="section main-article-chapter" data-menu-title="What are the advantages of using IKE?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the advantages of using IKE?</h2> <p>IKE includes the following benefits:</p> <ul class="default-list"> <li>Automatic negotiation and authentication.</li> <li>Antireplay services.</li> <li>Ability to change encryption keys during an IPsec session.</li> <li>Calculation of shared keys.</li> <li>Fast connection speeds using NAT and NAT traversal.</li> <li>Attempts to restore a connection whenever the connection drops.</li> <li>Support for a variety of devices, including desktops and smartphones.</li> <li>Prevention of DoS and replay attacks.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="What are the potential challenges of using IKE?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the potential challenges of using IKE?</h2> <p>IKE may pose the following challenges:</p> <ul class="default-list"> <li>IKEv1 is vulnerable to Bleichenbacher attacks, which obtain information about a device based on the device's response to receiving modified <a href="https://www.techtarget.com/whatis/definition/ciphertext">ciphertext</a>.</li> <li>Using IKEv2 in some operating systems (<a href="https://www.techtarget.com/whatis/definition/operating-system-OS">OSes</a>) may require users to make additional manual configurations. For example, if IKE in Junos OS is not explicitly configured, Junos OS defaults to version 1 of IKE.</li> </ul> <p>There is also a chance that a firewall or a network administrator could block IKEv2's UDP port, causing a VPN to stop working.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-1" src="https://www.youtube.com/embed/-QypBk0Bu68?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="What is an L2TP IP VPN Internet Key Exchange?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is an L2TP IP VPN Internet Key Exchange?</h2> <p><a href="https://www.techtarget.com/whatis/definition/ISP-Internet-service-provider">Internet service providers</a> use Layer Two Tunneling Protocol (<a href="https://www.techtarget.com/searchnetworking/definition/Layer-Two-Tunneling-Protocol-L2TP">L2TP</a>) combined with IPsec to enable a VPN to pass all traffic. By using IKE, this networking protocol negotiates and authenticates secure VPN connections. Using L2TP is a bit slower than other VPNs but enables it to pass the original packets unaltered.</p> </section> <section class="section main-article-chapter" data-menu-title="Alternatives to IKE"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Alternatives to IKE</h2> <p>IKE has been largely replaced by IKEv2. For automatic connections using IPsec, IKEv2 is still the best choice. If a system is being designed from scratch, other methods may be considered.</p> <p>A manual IPsec tunnel can be configured that does not use IKE. For this to work, all the encryption types need to be preconfigured for both ends of the connection. By cutting out IKE, it can decrease the initial connection time. This may be useful for fixed tunnels, such as for a site-to-site VPN.</p> <p>Other modern VPN technologies may offer better VPN performance than IPsec with IKE. OpenVPN is a popular and well-understood VPN technology. WireGuard is a <a href="https://www.computerweekly.com/blog/Open-Source-Insider/Why-NordVPN-NordLynx-wired-up-WireGuard">recent VPN technology</a> that offers superior performance but is not widely supported yet.<br><br><em>Explore the <a href="https://www.techtarget.com/searchwindowsserver/tutorial/Why-you-can-benefit-from-using-Always-On-VPN">benefits of Always On VPN</a> and the differences between <a href="https://www.techtarget.com/searchnetworking/feature/SDP-vs-VPN-vs-zero-trust-networks-Whats-the-difference">VPN vs. zero trust vs. software-defined perimeter</a>.</em></p> </section> Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN). https://cdn.ttgtmedia.com/visuals/digdeeper/5.jpg https://www.techtarget.com/searchsecurity/definition/Internet-Key-Exchange Tue, 04 Feb 2025 09:00:00 GMT What is Internet Key Exchange (IKE)? <p>Endpoint detection and response (EDR) is a system that gathers and analyzes security threat-related information from computer workstations and other endpoints. The goal of these systems is to find security breaches as they happen and facilitate a quick response to discovered or potential threats.</p> <p>The term <i>endpoint detection and response</i> only describes the overall capabilities of a tool set. Therefore, the details and capabilities of an EDR system vary greatly depending on the implementation.</p> <p>An EDR implementation can be one of the following:</p> <ul class="default-list"> <li>A specific purpose-built tool.</li> <li>A small portion of a larger security monitoring tool.</li> <li>A loose collection of tools used together to accomplish the task.</li> </ul> <p>As attackers continuously update their methods and capabilities, traditional protection systems can fall short. EDR combines data and behavioral analysis, which makes them effective against emerging threats and active attacks, such as novel malware, emerging exploit chains, <a href="https://www.techtarget.com/searchsecurity/definition/ransomware">ransomware</a> and <a href="https://www.techtarget.com/searchsecurity/definition/advanced-persistent-threat-APT">advanced persistent threats</a>.</p> <p>The historical data that endpoint detection and response tools collect can provide peace of mind and remediation for actively exploited <a href="https://www.techtarget.com/searchsecurity/definition/zero-day-vulnerability">zero-day</a> attacks, even when a mitigation isn't available. The IT security industry considers EDR a form of advanced threat protection.</p> <section class="section main-article-chapter" data-menu-title="Why is EDR important?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why is EDR important?</h2> <p>EDR works by detecting and responding to known and unknown cyberattacks. As cyberthreats become increasingly sophisticated, traditional defenses like antivirus software are no longer sufficient to protect organizations.</p> <p>The array of <a href="https://www.techtarget.com/whatis/definition/attack-surface">attack surfaces</a> in modern enterprises has increased with the use of <a href="https://www.techtarget.com/iotagenda/definition/Internet-of-Things-IoT">internet of things</a> devices and intricate network connections. EDR helps security teams identify threats across all endpoints, such as laptops, desktops and mobile devices, systems. Organizations monitor endpoint activity in real time, letting security analysts identify cyberthreats quickly. EDR often collects and analyzes <a href="https://www.techtarget.com/whatis/definition/telemetry">telemetry</a>, network connection and endpoint activity log data.</p> <p>When EDR detects a threat, it initiates automated or manual responses, such as isolating affected endpoints or alerting security teams to take immediate action, depending on how the EDR service is set up. EDR often integrates various <a href="https://www.techtarget.com/whatis/definition/threat-intelligence-feed">threat intelligence feeds</a> to help with threat hunting, identifying suspicious activity and <a href="https://www.techtarget.com/searchsecurity/definition/Indicators-of-Compromise-IOC">indicators of compromise</a>. It protects against known and emerging cyberthreats by combining endpoint data with threat intelligence.</p> </section> <section class="section main-article-chapter" data-menu-title="Key steps to deploy EDR"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Key steps to deploy EDR</h2> <p>There are several steps to successfully deploying EDR. The most important include the following:</p> <ol class="default-list"> <li><b>Assess organizational needs.</b> Organizations should start by understanding their cybersecurity needs, including the types of endpoints they need to protect their current security infrastructure and potential vulnerabilities.</li> <li><b>Choose the right EDR solution.</b> Once needs are determined, they should select EDR software that aligns with the organization's specific requirements and current infrastructure. This means ensuring that an EDR security service can integrate with the existing security systems, including firewalls and security information and event management (<a href="https://www.techtarget.com/searchsecurity/definition/security-information-and-event-management-SIEM">SIEM</a>) tools.</li> <li><b>Install EDR on all endpoints.</b> EDR software should then be deployed on all endpoints vulnerable to attack, such as laptops, desktops and mobile devices.</li> <li><b>Customize response plans.</b> The EDR software must be configured to trigger responses in case of cyberattacks. This can include isolating affected endpoints, sending alerts and engaging incident response plans.</li> <li><b>Monitor and update regularly.</b> Organizations should continuously monitor their endpoint activity and ensure their EDR software is updated with the latest threat intelligence and patches.</li> </ol> </section> <section class="section main-article-chapter" data-menu-title="Endpoint detection and response use and capabilities"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Endpoint detection and response use and capabilities</h2> <p>EDR is primarily concerned with endpoints, which can be any computer system in a network, such as end-user workstations and servers. The systems protect most operating systems, including Windows, macOS, Linux and Berkeley Software Distribution, but they don't include network monitoring.</p> <p>An EDR system gathers information from many sources, including endpoints, firewalls, network scans and internet logs. Security vendors also offer EDR as part of a SIEM package, enabling a <a href="https://www.techtarget.com/searchsecurity/definition/Security-Operations-Center-SOC">security operations center</a> to investigate and respond to threats.</p> <p>EDR is an integral part of a complete information security posture. It isn't <a href="https://www.techtarget.com/searchsecurity/definition/antivirus-software">antivirus software</a>, but it may have antivirus capabilities or use data from another antivirus product. Antivirus software is primarily responsible for protecting against known malicious software. A well-executed EDR program, on the other hand, finds new exploits as they are running and detects malicious activity during an active incident. EDR is able to detect fileless malware attacks and attackers using stolen credentials, which traditional antivirus software can't stop.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/ISM_endpoint_sec_rise_securing_endpoints.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/ISM_endpoint_sec_rise_securing_endpoints_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/ISM_endpoint_sec_rise_securing_endpoints_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/ISM_endpoint_sec_rise_securing_endpoints.png 1280w" alt="Endpoint bar graphs" height="672" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Organizations have a number of different tools at their disposal to help protect endpoints but might face some challenges with endpoint detection and response (EDR) as well. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The role of an EDR system falls broadly into two categories:</p> <ul class="default-list"> <li>Information collection and analysis.</li> <li>Threat response.</li> </ul> <p>Because EDR capabilities vary from vendor to vendor, an organization researching EDR systems should carefully investigate the capabilities of any proposed system. They should also consider how well it can integrate with their current endpoint security solution and other security capabilities.</p> <p>EDR systems gather and organize data from endpoints, and then use that information to identify irregularities or trends. They use many data sources from an endpoint, including logs, performance monitoring information, file details, running processes and configuration data. A dedicated agent installed on the endpoint collects this data, or the system might use built-in operating system capabilities and other helper programs.</p> <p>EDR systems organize and analyze the collected data. A client device might perform portions of this, but, generally, a central system -- hardware device, a virtual server or a cloud service -- performs these functions.</p> <p>Simple EDR systems often only collect and display data or aggregate it and show trends. Operators might find following and making decisions based on this type of data difficult.</p> <p>Advanced EDR systems use machine learning or artificial intelligence to automatically identify and send alerts about new and emerging threats. They might also use aggregate information from the product vendor to better flag endpoint threats. Some systems allow mapping of observed suspicious behavior to the <a href="https://www.techtarget.com/searchsecurity/definition/MITRE-ATTCK-framework">MITRE ATT&CK framework</a> to help detect patterns.</p> <p>EDR threat response capabilities help the operator take corrective action, diagnose further issues and perform forensic analysis. This can enable issue tracking and help identify malicious activity or otherwise aid an investigation. Forensic capabilities help establish timelines, identify affected systems post breach and gather artifacts or investigate live system memory in suspect endpoints. Combining historical and current situational data helps to provide a fuller picture during an incident.</p> <p>Some endpoint detection and response systems perform automated remediation activities, such as disconnecting or stopping compromised processes or alerting the user or information security group. They also can actively isolate or disable suspect endpoints or accounts. A good <a href="https://www.techtarget.com/searchsecurity/definition/incident-response">incident response</a> system will also help coordinate teams during an active incident, helping to reduce its impact.</p> </section> <section class="section main-article-chapter" data-menu-title="Key EDR features"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Key EDR features</h2> <p>EDR software has several key features. The most important include the following:</p> <ul class="default-list"> <li>Continuous <a href="https://www.techtarget.com/whatis/definition/real-time-monitoring">real-time monitoring</a> of endpoints and automated threat detection.</li> <li>Preconfigured incident response plans such as isolating endpoints or alerting security teams.</li> <li>Integration of real-time data and threat intelligence to identify known and emerging threats.</li> <li>Automated processes for detecting, analyzing and responding to potential attacks, reducing the workload on security teams.</li> <li>Comprehensive data collection across all endpoints to monitor activity and identify anomalies.</li> <li>Extended detection and response (<a href="https://www.techtarget.com/searchsecurity/definition/extended-detection-and-response-XDR">XDR</a>).</li> <li>Vulnerability identification and management.</li> <li>Attack surface reduction tools that minimize exposure of endpoints to potential cyberattacks.</li> <li>Suspicious activity alerts.</li> </ul> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/yo7l3hn1H6I?si=LzCAcAvoFG0PJNj0?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Endpoint detection and response tools"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Endpoint detection and response tools</h2> <p>Vendors offer EDR capabilities either as standalone products or as part of an endpoint protection platform or a service package. According to Gartner, the <a target="_blank" href="https://www.gartner.com/reviews/market/endpoint-detection-and-response-solutions" rel="noopener">highly rated XDR services</a> include the following five:</p> <ol class="default-list"> <li>SentinelOne Singularity Platform.</li> <li>CrowdStrike Falcon.</li> <li>Harmony Endpoint</li> <li>Trend Micro XDR</li> <li>Microsoft Defender for Endpoint.</li> </ol> <p>Several open source tools are available, but they might require extensive configuration or extra management systems to be fully featured. These tools include OSSEC, Wazuh, TheHive Cortex and Open EDR.</p> <h3>What to look for in EDR software</h3> <p>There are several important elements of EDR software that organizations should consider when selecting an EDR tool. The most important elements include the following:</p> <ul class="default-list"> <li>Real-time threat detection.</li> <li>Threat intelligence integration.</li> <li>Automated responses to security incidents.</li> <li>User-friendly <a href="https://www.techtarget.com/searchapparchitecture/definition/user-interface-UI">interface</a> for security analysts.</li> <li>Compatibility with existing security tools.</li> <li>Strong data collection and telemetry capabilities.</li> <li>Flexible deployment options on-premises or cloud-based.</li> <li>Scalability to accommodate organizational growth.</li> <li>High-quality customer support and managed services.</li> </ul> <p><i>Protecting your endpoints is critical for maintaining security. Learn why </i><a href="https://www.techtarget.com/searchsecurity/ehandbook/Why-EDR-technologies-are-essential-for-endpoint-protection"><i>EDR technologies are essential for endpoint protection</i></a><i>.</i></p> </section> Endpoint detection and response (EDR) is a system that gathers and analyzes security threat-related information from computer workstations and other endpoints. https://cdn.ttgtmedia.com/visuals/digdeeper/3.jpg https://www.techtarget.com/searchsecurity/definition/endpoint-detection-and-response-EDR Fri, 22 Nov 2024 13:57:00 GMT What is endpoint detection and response (EDR)? <p>Without a lifecycle management framework, it's difficult for network teams to predict how changes will affect UX and the system itself. The network lifecycle management process provides structure to these changes for a more effective network.</p> <p>Using the network lifecycle management process, network pros can plan and implement changes and guide ongoing network operations. By following the phases of a network lifecycle, teams can learn network behavior, reconfigure their networks to adapt to changes and improve their overall business strategy.</p> <section class="section main-article-chapter" data-menu-title="Network lifecycle phases and frameworks"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Network lifecycle phases and frameworks</h2> <p>The simplest form of network lifecycle management consists of three phases:</p> <ul class="default-list"> <li>Plan.</li> <li>Build.</li> <li>Manage.</li> </ul> <p>These phases are also known as <i>design</i>, <i>implement</i> and <i>operate</i>. The cycle always repeats as the plan phase identifies new requirements. Network teams can also apply the lifecycle process to subtasks.</p> <p>Network lifecycle management phases are often adapted into different frameworks, including the following.</p> <h3>ITIL framework</h3> <p><a href="https://www.techtarget.com/searchdatacenter/definition/ITIL">Information Technology Infrastructure Library</a> (ITIL) is a management framework that describes a similar process. The ITIL framework has five phases as opposed to the three previously described. It focuses on service strategy, service design, service transition, service operations and continual service improvement.</p> <p>Network teams should integrate the fifth phase -- continual service improvement -- simultaneously with the first four phases so teams can improve operations as necessary.</p> <h3>PPDIOO framework</h3> <p>It can be beneficial to expand the basic three-phase network lifecycle into subphases. <a target="_blank" href="https://www.ciscopress.com/articles/article.asp?p=1608131&seqNum=3" rel="noopener">Cisco developed</a> a six-phase network management lifecycle: prepare, plan, design, implement, operate and optimize (PPDIOO).</p> <p>The extended PPDIOO model breaks the three-phase lifecycle into the following subphases:</p> <ol class="default-list"> <li>The plan phase expands into the prepare, plan and design phases.</li> <li>The build phase is developed into the implement phase. This sometimes includes the procure phase, which Cisco omits from its model.</li> <li>The manage phase incorporates the operate and optimize phases.</li> </ol> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/network_lifecycle_management_frameworks-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/network_lifecycle_management_frameworks-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/network_lifecycle_management_frameworks-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/network_lifecycle_management_frameworks-f.png 1280w" alt="Illustration comparing the PBM, ITIL and PPDIOO network lifecycle management frameworks." height="301" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Compare the different network management lifecycles. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Examine the PPDIOO network lifecycle"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Examine the PPDIOO network lifecycle</h2> <p>Below is a look at the steps included in each of the six PPDIOO lifecycle phases defined by Cisco.</p> <h3>1. Prepare</h3> <p>The most critical step in any business process is to identify business requirements and outline <a href="https://www.techtarget.com/searchcio/definition/organizational-goals">business goals</a>. During this stage, teams spend most of their time determining where their business needs to be at the end of the cycle so they can assess how the network can best support those goals. In this phase, network pros should perform financial analyses and calculate the ROIs for potential changes.</p> <p>Teams should also anticipate future needs. Consider tracking industry trends and understand how they can be important to the business. Other sources of information include industry analysts and conferences.</p> <h3>2. Plan</h3> <p>The plan phase closely follows the prepare phase. Here, teams begin creating project plans to help their organizations manage the remainder of the lifecycle. Consider questions related to vendor selection and management, such as the following:</p> <ul class="default-list"> <li>How will teams fund the necessary equipment and supplies?</li> <li>Which vendors should teams consider?</li> <li>Is that hot new startup with the latest technology worth the risk?</li> </ul> <h3>3. Design</h3> <p>The design phase gets into the details -- subject to the limitations identified in the prior phases -- such as budget. The design team creates a detailed network design that meets the requirements using the selected vendors. <a href="https://www.techtarget.com/searchnetworking/tutorial/Network-documentation-and-auditing">Thorough documentation is vital</a> in this phase.</p> <p>It might be necessary to build prototypes and conduct proofs of concept. This minimizes the risk of using any new technology. This phase is also the point at which new processes might need to be defined, such as <a href="https://www.techtarget.com/searchnetworking/feature/Is-network-automation-adoption-necessary">when to adopt automation</a>.</p> <h3>4. Implement</h3> <p>In this stage, the implementation team transitions from the previous cycle into the new deployment. Organizations have adopted the philosophy that the design group implements the changes. Once the design has been fully validated and automated and can be managed, they hand it over to the operations team.</p> <h3>5. Operate</h3> <p>The operation phase begins when the new network -- or new parts of the network -- is functional and has a defined operational process. This phase is where <a href="https://www.techtarget.com/searchnetworking/tip/5-principles-of-the-network-change-management-process">network management design is thoroughly tested</a>. However, teams should have already identified common operational problems during the design and implementation phases. As such, they should have created mechanisms for monitoring and diagnosing those problems.</p> <h3>6. Optimize</h3> <p>The final lifecycle phase continues refining the design and operations of the new network functions. This is when network pros create processes for identifying unforeseen operational problems and ways to improve the network, including the processes used to operate it.</p> <p>Beware of overoptimizing certain aspects of the network. This can cause other operational problems. For example, while trying to save money on capital equipment, teams might modify a branch design that results in multiple variations. Ultimately, this might result in greater Opex.</p> <h3>What about testing?</h3> <p>Testing isn't listed as a step because teams should incorporate it in each phase. Testing is a key element of the design, implement, operate and optimize phases. The preparation phase also uses testing. Network pros might test the business leaders regarding the risk of using new technology.</p> </section> <section class="section main-article-chapter" data-menu-title="Incorporating the network lifecycle with business processes"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Incorporating the network lifecycle with business processes</h2> <p>Top-performing organizations incorporate some form of network lifecycle management process in their overall IT strategy, including the annual <a href="https://www.techtarget.com/searchcio/tip/Free-IT-strategic-planning-templates-for-CIOs">IT planning and budgeting</a> process. It's possible that many network pros have been using a similar ad hoc process without knowing the formal definitions.</p> <p>Many enterprises follow a three-year network lifecycle. In this timeline, enterprises upgrade approximately one-third of the network infrastructure every year. This ensures companies use modern technology. Using this model, enterprises can follow industry trends and technology innovations while predicting their year-to-year budget and staffing requirements. Other organizations might need to adjust their cycle durations to fit their needs.</p> <p>Regardless of the cycle duration, it makes sense to formally adopt and incorporate a network lifecycle process into annual business planning processes.</p> <p><b>Editor's note: </b><i>This article was originally written by Terry Slattery and updated by TechTarget editors to improve readability.</i></p> <p><i>Terry Slattery is an independent consultant who specializes in network management and network automation. He founded Netcordia and invented NetMRI, a network analysis appliance that provides visibility into the issues and complexity of modern router- and switch-based IP networks.</i></p> </section> Network pros should use a network lifecycle management process to monitor, manage and implement changes in their network, regardless of if they use PPIDOO or another framework. https://cdn.ttgtmedia.com/rms/onlineimages/books_g668146942.jpg https://www.techtarget.com/searchnetworking/tip/A-guide-to-network-lifecycle-management Mon, 21 Oct 2024 00:00:00 GMT A guide to network lifecycle management <p>Tailgating, sometimes referred to as piggybacking, is a type of <a href="https://www.techtarget.com/searchsecurity/definition/physical-security">physical security</a> breach in which an unauthorized person follows an authorized individual to enter secured premises while avoiding detection by an electronic or human access control (or alarm) system.</p> <p>In general, when tailgating attacks succeed, it's due to a combination of two factors: 1) human carelessness on the part of the followed party, and 2) ingenuity and confidence on the part of the following party. Tailgating is a significant security risk for organizations and their property, equipment, data and personnel.</p> <section class="section main-article-chapter" data-menu-title="Understanding tailgating"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding tailgating</h2> <p>Tailgating is one of the simplest forms of a <a href="https://www.techtarget.com/searchsecurity/definition/social-engineering">social engineering</a> attack, in which threat actors take advantage of human habits or weaknesses to perpetrate a malicious incident, such as a scam, theft or a <a href="https://www.techtarget.com/searchsecurity/definition/cyber-attack">cyberattack</a>.</p> <p>By simply following an authorized person (AP); an unauthorized party (UP) can easily get around <a href="https://www.techtarget.com/searchsecurity/definition/security">security</a> mechanisms, such as retina scanners, fingerprint scanners, and even human security guards, and <a href="https://www.techtarget.com/searchsecurity/tip/Five-common-insider-threats-and-how-to-mitigate-them">gain access</a> to restricted physical areas.</p> <p>Often, unauthorized persons are able to do so by taking take advantage of <a href="https://www.techtarget.com/searchenterpriseai/definition/cognitive-bias">cognitive biases</a> that affect human decision-making. One such "human bug" is the <a href="https://www.techtarget.com/searchsecurity/feature/Zero-trust-framework-ripe-for-modern-security-challenges">tendency to be courteous</a>; another is the tendency to <a href="https://www.techtarget.com/searchsecurity/definition/zero-trust-model-zero-trust-network">trust</a> other people; a third is simple habit. Due to these human quirks, many APs tend to hold the door for UPs, who then might exploit such polite gestures to access locations they might not have been able to access otherwise.</p> </section> <section class="section main-article-chapter" data-menu-title="How tailgating happens"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How tailgating happens</h2> <p>Tailgating attacks can happen in many ways, including the following:</p> <ul class="default-list"> <li>The simplest method is someone following someone else through a door.</li> <li>Tailgating can also occur when an authorized person enters an area without closing the door behind them. This can leave a small window of time available for an unauthorized person to enter the premises.</li> <li>Another method is when an AP keeps a door propped open for some reason. For instance, a painter might leave it open to get rid of paint fumes, or an IT vendor might be troubleshooting a <a href="https://www.techtarget.com/whatis/definition/server">server</a> or <a href="https://www.techtarget.com/searchnetworking/definition/router">router</a> in the server room while leaving the room's door open.</li> <li>A more sophisticated type of attack occurs when threat actors disguise themselves, either as <a href="https://www.techtarget.com/searchsecurity/feature/Insider-threat-vs-insider-risk-Whats-the-difference">authorized personnel</a> with access to a particular area (e.g., a manager) or seemingly harmless persons (e.g., a delivery person) to trick people into granting them access to that area.</li> </ul> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/security-cyber_espoinage_vs_warfare-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/security-cyber_espoinage_vs_warfare-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/security-cyber_espoinage_vs_warfare-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/security-cyber_espoinage_vs_warfare-f.png 1280w" alt="Visual comparing cyberespionage versus cyberwarfare." height="274" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Successful tailgating can lead to the installation of cameras or listening devices as part of a cyberespionage operation. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Where does tailgating happen?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Where does tailgating happen?</h2> <p>Tailgating is a common problem in multitenant buildings with high traffic (many people accessing the building and its premises). High traffic makes it difficult to identify and track unauthorized personnel, and to keep them out.</p> <p>Tailgating also happens more often in companies where employees lack good <a href="https://www.techtarget.com/searchenterprisedesktop/feature/Strengthen-end-user-security-with-effective-training-methods">cybersecurity hygiene</a> or don't follow <a href="https://www.techtarget.com/searchsecurity/tip/Enterprise-cybersecurity-hygiene-checklist">cybersecurity best practices</a>. This might be due to the following:</p> <ul class="default-list"> <li>Carelessness.</li> <li>Lack of awareness about <a href="https://www.techtarget.com/searchsecurity/tip/How-to-perform-a-cybersecurity-risk-assessment-step-by-step">cyber risks</a>.</li> <li>Inadequate <a href="https://www.techtarget.com/searchsecurity/definition/security-awareness-training">cybersecurity training</a>, particularly training about how humans are often the "weak link" in cybersecurity.</li> </ul> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/best_practices_for_avoiding_data_breaches-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/best_practices_for_avoiding_data_breaches-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/best_practices_for_avoiding_data_breaches-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/best_practices_for_avoiding_data_breaches-f.png 1280w" alt="Graphic showing best practices to avoid data breaches." height="269" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Tailgating can lead to data breaches, as well as loss of money and property. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Tailgating can also happen in firms lacking biometric access control systems. Without such electronic systems in place, almost anybody can enter secure areas by simply walking in. It's also difficult to identify blind spots in a facility or plan strategies to address them.</p> </section> <section class="section main-article-chapter" data-menu-title="Dangers of tailgating"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Dangers of tailgating</h2> <p>Tailgating is considered a "<a href="https://www.techtarget.com/searchsecurity/news/252515665/Conti-ransomware-leaks-show-a-low-tech-but-effective-model">low-tech</a>" attack tactic because it rarely involves sophisticated equipment. Nonetheless, it is a serious physical and cybersecurity concern for enterprises because it increases the risk of a malicious person compromising or harming the firm in some way. For example, an intruder might do the following:</p> <ul class="default-list"> <li>Exfiltrate sensitive information to cause a <a href="https://www.techtarget.com/searchsecurity/definition/data-breach">data breach</a>.</li> <li>Steal valuable equipment such as unattended laptops.</li> <li>Insert <a href="https://www.techtarget.com/searchsecurity/definition/spyware">spyware</a> into enterprise devices.</li> <li>Install <a href="https://www.techtarget.com/searchsecurity/definition/malware">malware</a> or <a href="https://www.techtarget.com/searchsecurity/definition/ransomware">ransomware</a> on computers.</li> <li>Turn off critical systems such as servers.</li> <li>Access the <a href="https://www.computerweekly.com/feature/Getting-physical-with-datacentre-security">server room</a> and create a <a href="https://www.techtarget.com/searchsecurity/definition/back-door">backdoor</a> to the entire enterprise network.</li> <li>Install cameras to remotely keep an eye on company operations and engage in corporate or <a href="https://www.techtarget.com/searchsecurity/definition/cyber-espionage">cyberespionage</a>.</li> <li>Steal money or business secrets like blueprints, <a href="https://www.techtarget.com/whatis/definition/intellectual-property-IP">intellectual property</a> (IP), client lists or financial information.</li> <li>Destroy or damage the firm's physical property (vandalism).</li> </ul> <p>Tailgaters can include <a href="https://www.techtarget.com/searchsecurity/definition/insider-threat">disgruntled former employees</a>, thieves, vandals or mischief makers. Basically, anyone who has an issue with the company or hopes to profit off it can be a tailgater. Whether tailgating persons are innocent or malicious, they can potentially disrupt the business, cause damage or create unexpected costs. They might also create further safety issues for company personnel due to fires or stampedes. Tailgating also can lead to physical violence.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/security-biometric_authentication_types.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/security-biometric_authentication_types_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/security-biometric_authentication_types_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/security-biometric_authentication_types.png 1280w" alt="Diagram showing types of biometric authentication." height="608" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Biometric access control systems combined with employees with good cybersecurity hygiene help prevent tailgating breaches. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="How to avoid tailgating"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to avoid tailgating</h2> <p>Organizations can protect their premises from unauthorized personnel and prevent tailgating by implementing certain <a href="https://www.techtarget.com/searchsecurity/definition/security-posture">effective security</a> measures. These include the following:</p> <h3>Electronic access doors</h3> <p>Installing access controls for entrances and restricted areas with swiftly closing doors is vital to prevent tailgating. Additionally, <a target="_blank" href="https://blog.gunneboentrancecontrol.com/7-reasons-to-choose-security-revolving-doors" rel="noopener"> revolving doors</a> provide tailgating detection and ensure that an individual is alone, preventing others from entering behind them without going through a proper access mechanism.</p> <h3>Laser sensors or mantraps</h3> <p>Photosensors, <a href="https://www.techtarget.com/iotagenda/definition/sensor-data">laser sensors</a> and mantraps can limit entry to a single person at a time, preventing someone from following an authorized person and entering an area they are not authorized to enter.</p> <h3>Biometric scanners</h3> <p><a href="https://www.techtarget.com/searchsecurity/definition/biometrics">Biometric</a> scanners and turnstiles allow only one person to enter an area at a time, preventing tailgaters from walking with or behind an authorized person. Also, biometric systems store specific individuals' data (e.g., fingerprints, palm prints, <a href="https://www.techtarget.com/whatis/definition/retina-scan">retinal scans</a>, etc.) to facilitate access to specific areas, so individuals whose information is <i>not</i> stored in the security system are automatically kept out of those areas.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/1nKE7sbQKtU?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <h3>Smart cards</h3> <p><a href="https://www.techtarget.com/searchsecurity/definition/smart-card">Smart cards</a> are usually customized for use by a single person, which helps to control access to a room, office or building. When implemented with electronic <a href="https://www.techtarget.com/searchsecurity/definition/access-control">access control</a> mechanisms, smart cards can prevent tailgating in entrances and restricted areas.</p> <h3>Photo ID</h3> <p>Employees must be required to wear <a href="https://www.techtarget.com/searchsecurity/definition/identity-management-ID-management">photo IDs</a> and visitors must be provided temporary badges and required to wear them as long as they are within the organization's premises. All IDs must be clearly visible. With these ID methods in place, anyone not wearing one becomes conspicuous, making it easier to recognize and detain them, and prevent them from entering secure premises.</p> <h3>Video surveillance</h3> <p>Surveillance devices such as <a href="https://www.techtarget.com/whatis/definition/CCTV-closed-circuit-television">CCTVs</a> provide a means to keep an eye on the premises 24/7. If the devices are clearly visible, they act as a deterrent to those looking to tailgate their way into an office or server room. Now, <a href="https://www.techtarget.com/searchenterpriseai/definition/AI-Artificial-Intelligence">AI</a>-enabled <a href="https://www.computerweekly.com/news/252497593/Attack-on-surveillance-cameras-a-warning-over-security-ethics">video surveillance</a> systems are available to provide uninterrupted views of secure areas plus real-time insights that enable security staff to identify unauthorized or malicious parties and take fast remedial action.</p> <h3>Multifactor authentication (MFA)</h3> <p><a href="https://www.techtarget.com/searchsecurity/definition/multifactor-authentication-MFA">MFA</a> on access doors requires users to provide more than one credential to access an area. In this way, even if an unauthorized individual manages to compromise one credential, they will still not be able to gain access. One example of MFA is requiring individuals to provide both an access card and a thumb print. Another is requiring entrants to enter numbers on a keypad and provide a retina print. MFA is particularly useful to keep unauthorized persons from accessing secure areas like server rooms or file rooms.</p> <p><a href="https://www.techtarget.com/searchsecurity/feature/The-fundamentals-of-MFA-The-business-case-for-multifactor-authentication"><i>Read about use cases for MFA</i></a>.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-1" src="https://www.youtube.com/embed/_3rlQVXGKZc?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <h3>Human security guards</h3> <p>Security guards provide a physical means to safeguard premises. These guards should be trained to ask unfamiliar personnel or personnel not wearing ID cards who they are and why they are on the premises. They also should be authorized to detain these persons in a holding room until management can determine what further action (e.g., a police report) is needed against them.</p> </section> <section class="section main-article-chapter" data-menu-title="The importance of employee education in preventing tailgating"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The importance of employee education in preventing tailgating</h2> <p>The above security measures are all crucial to curtail tailgating. However, their presence can create a <a href="https://www.computerweekly.com/feature/Secure-everything-not-just-the-weakest-link">false sense of security</a> among staff, leading to carelessness or ignorance of employees' role in preventing tailgating. That's why it is vital to educate them on the following:</p> <ul class="default-list"> <li>The dangers of tailgating.</li> <li>How to recognize tailgating attempts.</li> <li>What they can do to resist tailgating and to keep tailgaters out.</li> </ul> <p>It's also important to create a <a href="https://www.techtarget.com/searchsecurity/feature/How-effective-is-security-awareness-training-Not-enough">strong cyber awareness culture</a> throughout the organization and to make employees aware of their responsibilities to protect the company's assets from unauthorized parties. Employees should also be taught to follow these security <a href="https://www.techtarget.com/searchsecurity/tip/How-can-organizations-build-cybersecurity-awareness-among-employees">best practices</a>:</p> <ul class="default-list"> <li>Never hold the door for anyone.</li> <li>Always keep doors closed, especially those to secure or restricted areas like server rooms.</li> <li>Stop people from following them into special access zones or restricted areas, especially if they are not wearing employee or visitor badges.</li> <li>Ensure that any outsiders, such as repairmen or delivery persons, are legitimate and wearing appropriate visitor badges.</li> <li>Direct unfamiliar people, people without badges or people who appear "lost" to the reception desk.</li> <li>Never allow former employees to access the company premises if they don't have the permission of authorized personnel (e.g., IT team) or are not wearing proper ID badges.</li> <li>Report suspicious activity to security guards.</li> <li>Inform security guards or the <a href="https://www.techtarget.com/searchcio/definition/IT-organization-information-technology-organization">IT team</a> if an electronic door is not functioning properly.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Tailgating vs. piggybacking"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Tailgating vs. piggybacking</h2> <p>Tailgating is not the same as piggybacking, a type of breach in which the unauthorized individual tricks or convinces the authorized individual into letting them into a secure area. Thus, piggybacking usually involves an AP's knowledge, consent or permission. Also, the AP providing access to the UP usually assumes that the UP has a legitimate reason for requesting access.</p> <p>That said, both tailgating and piggybacking are forms of in-person social engineering attacks in which <a href="https://www.techtarget.com/whatis/definition/threat-actor">threat actors</a> try to gain access to an area that would be off-limits to them, usually for nefarious or malicious purposes. Both can be very damaging for an organization in a multitude of ways.</p> <p><i>Organizations should know the key signs of common security incidents and how to respond to keep systems and data safe. Read about the </i><a href="https://www.techtarget.com/searchsecurity/feature/10-types-of-security-incidents-and-how-to-handle-them"><i>types of security incidents and how to prevent them</i></a><i>.</i></p> </section> Tailgating, sometimes referred to as piggybacking, is a type of physical security breach in which an unauthorized person follows an authorized individual to enter secured premises while avoiding detection by an electronic or human access control (or alarm) system. https://cdn.ttgtmedia.com/visuals/digdeeper/4.jpg https://www.techtarget.com/whatis/definition/tailgating-piggybacking Thu, 17 Oct 2024 18:01:00 GMT What is tailgating (piggybacking)? Search Networking Resources and Information from TechTarget 60 webmaster@techtarget.com