{"id":16261,"date":"2019-04-16T16:10:25","date_gmt":"2019-04-16T16:10:25","guid":{"rendered":"https:\/\/lavellenetworks.com\/?p=16261"},"modified":"2021-04-14T05:47:58","modified_gmt":"2021-04-14T05:47:58","slug":"network-segmentation-secured-intent-based-private-networking","status":"publish","type":"post","link":"https:\/\/lavellenetworks.com\/blog\/network-segmentation-secured-intent-based-private-networking\/","title":{"rendered":"Network Segmentation: Secured Intent Based Private Networking"},"content":{"rendered":"<p>In our last <strong><a href=\"https:\/\/lavellenetworks.com\/blog\/network-segmentation-securing-traffic-in-the-dying-age-of-traditional-perimeter\/\" target=\"_blank\" rel=\"noopener\">blog<\/a><\/strong>,\u00a0<strong>Network Segmentation: Segregating Traffic in the dying age of Perimeter, <\/strong>we discussed the importance of network segmentation at a granular level using modern era segmenting solution which can allow each segment to scale without compromising on enterprise network security. Here we discuss how intent based segmentation can help simplify enterprise private networking.<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Protecting the end points \u2013 That\u2019s what Matters<\/strong><\/h2>\n<div class=\"new-blog\">&nbsp;<\/p>\n<p><em><b>\u201cOur discussions with numerous CIOs, CISOs, and IT engineers show that there are two end points of modern enterprise application communication, and unless we deploy protection and detection mechanisms for these two, the network security problem cannot be solved. The fact that we are having these discussions of course underlines the fact that there is no more disagreement in the industry about why the network firewall exists, and why there is a lot more to do for security than just a firewall.&#8221;<\/em><\/p>\n<p><em>Shyamal Kumar, CEO of Lavelle Networks<\/em><\/b><\/div>\n<p>&nbsp;<\/p>\n<p>The first end point is the combination of device, user, credentials, and the application client (most often an app or browser) and the second being the application server cloud or web service or micro-service. Enterprise networking teams are challenged to securely connect the modern era business ecosystem &#8211; devices, applications, users, and systems. It\u2019s becoming critically important to ensure security between each endpoint. Using a traditional firewall and routing in today\u2019s dynamic cloud ecosystem poses a significant threat to network security.<\/p>\n<p>&nbsp;<\/p>\n<p>This growing need to secure endpoints necessitates changes in the way we segmented traffic traditionally. Using advanced network segmentation techniques like micro-segmentation, each individual segment is segregated further down at the application and the user levels. Segmentation extended at the edges of the network and is maintained across an enterprise network securely. So how to implement network segmentation? Enterprises use various network segmentation methods. Few common network segmentation methods in enterprises are<\/p>\n<p>&nbsp;<\/p>\n<p><strong>1. Implementing gateways between network with security measures using varied technologies at different layers. For example<\/strong><\/p>\n<ul>\n<li>Routers or layer 3 switches divide an enterprise network into smaller network segments to restrict traffic flow using measures such as access control lists (ACL).<\/li>\n<li>Using virtualised routing and networking protocols- Virtual Local Area Networks and Virtual Routing and Forwarding to segment enterprise network<\/li>\n<li>The use of virtual machines, containers and virtual functions to isolate network activities for trusted traffic or unreliable traffics.<\/li>\n<li>Managed Security groups, Virtual Switching, and Cloud Services used to segment applications, data and services.<\/li>\n<\/ul>\n<p><strong> 2. Using IPsec to isolate Domain and Server.<\/strong><\/p>\n<p><strong> 3. Using Encryption and Logical unit number masking to establishing storage based segmentation and filtering.<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/lavellenetworks.com\/blog\/securing-your-network-when-the-perimeter-is-not-visible\/\"><img loading=\"lazy\" class=\"alignnone wp-image-16264 size-full\" src=\"https:\/\/lavellenetworks.com\/wp-content\/uploads\/2019\/04\/Blog_CTA_Banner_1-1.jpg\" alt=\"\" width=\"728\" height=\"120\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Enter Networks Groups<\/strong><\/h2>\n<p>&nbsp;<\/p>\n<p>Network Groups is a Lavelle Networks network segmentation abstraction that simplifies the configuration and management of network segregation. Network Groups allow IT teams to achieve network segmentation for any kind of private networks using intent driven user interface, and fast REST API based transactions. It hides all the network protocol complexity from the user, allowing an unprecedented speed of control operations. IT administrators can control to connect\/disconnect users, locations, applications within seconds.<\/p>\n<p>&nbsp;<\/p>\n<p>Network Groups is realized as a simple drag-and-drop configuration to add and remove members\/sites from and to a network. Network Groups are used to implement a software-defined Group Virtual Private Network (Group VPN). Group VPN implements aggressive encryption keying that is centralized and programmed from the SDN Controller (CloudStation). The controller generates the encryption key based on the encryption policy and the re-keying interval. The key is generated and is pulled by every CloudPort which has one or more of its LAN segments that are part of the Network Group. Network Groups construct allows specifying the topology (next-hop type), network encapsulation mode, VPN security profile and its associated parameters, policies at network level.<\/p>\n<p>&nbsp;<\/p>\n<p>Network Groups allow the creation of dynamic tunnels at run time between networks across sites. The solution uses no static overlay tunnels that make it a highly scalable network that can cater to 10s of 1000s of networks in a single segment. A dynamic tunnel is established at runtime based on a policy defined in the CloudStation. The system does not use routing on the WAN side. The limitation of the number of routes like in a classical routing based VPN does not apply here. The system supports upto 4000 network segments with a single controller instance. Configurations that can be done for a network group are defined as follow &#8211;<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Next Hop Type<\/strong><\/h2>\n<p><strong>1. Hub<\/strong> \u2013 Identifies the topology as Hub-and-Spoke. A CloudPort should be indicated as a Hub.<\/p>\n<p><strong>2. Resolve<\/strong> \u2013 Identifies the topology as peer-to-peer, wherein the CloudPort queries the CloudStation to determine the Next Hop and Encapsulation Type.<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Encapsulation Types<\/strong><\/h2>\n<p><strong>1. UDP (LNTUN)<\/strong> \u2013 Lavelle Networks proprietary UDP tunnelling<\/p>\n<p><strong>2. GRE<\/strong> \u2013 Standard GRE encapsulation allows interoperability with other devices that support the same protocol.<\/p>\n<p><strong>3. IPSEC<\/strong> \u2013 A group-key based secure IP VPN. A security profile that specifies the authentication and encryption modes is associated with this mode.<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Internet Access<\/strong><\/h2>\n<p>This permits Internet access at the site for a Network group. Network Group is one of the three policy attachment points.<\/p>\n<h1 id=\"Read-More:-Lavelle-Networks-Transforms-the-Game-of-Virtual-Private-Networks:-Catalysing-VPNs-for-Any-Cloud\"><\/h1>\n<p style=\"text-align: center;\"><a href=\"https:\/\/lavellenetworks.com\/lavelle-networks-transforms-the-game-of-virtual-private-networks-catalysing-vpns-for-any-cloud\/\"><img loading=\"lazy\" class=\"alignnone wp-image-16265 size-full\" src=\"https:\/\/lavellenetworks.com\/wp-content\/uploads\/2019\/04\/Blog_CTA_Banner_2.jpg\" alt=\"\" width=\"728\" height=\"120\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><strong>ScaleAOn \u2013 What\u2019s in the name?<\/strong><\/h2>\n<p>&nbsp;<\/p>\n<p>While looking at various different ways to build our next generation network product architecture, back in 2016, it became evident to us that there are two big challenges our solution is going to solve for our customers:<\/p>\n<ul>\n<li>Let them scale their business without worrying about their networks<\/li>\n<li>Make their network like electricity, flip a switch, it\u2019s always on until you flip it off. Turn on our products, they are going to keep the network Always on.<\/li>\n<\/ul>\n<p>Thus, network groups became \u2013 ScaleAOn, networking at Scale, Always ON.<\/p>\n<p>&nbsp;<\/p>\n<div class=\"new-blog\"><em><b>&#8220;Building great networking software is hard. Picking a name was actually the easiest part. We waded through multiple technology alternatives and created what is now working so well, that customers don\u2019t realise they even use our SD-WAN. Quiet, invisible, always on.&#8221;<\/em><\/p>\n<p><em>Shyamal Kumar, CEO of Lavelle Networks<\/em><\/b><\/div>\n<p>&nbsp;<\/p>\n<p>The fundamentals of ScaleAOn are:<\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>Network control plane communication over fast REST APIs, rather than out-of-date methods like protocol handshakes.<\/li>\n<li>\u00a0A 100% SDN forwarding plane composed of loosely de-coupled tables, which can be re-programmed into any combination of access control lists, policies, route lookups, tunnel encapsulations, path selections, NFV service chains. Within milliseconds, the life of a packet can be changed to adapt to the network condition out on the WAN.<\/li>\n<li>An Intent driven configuration framework that does not need persistent old school transport connections like SSH, and therefore the control plane can fail over to the right WAN path even before it loses a single transaction.<\/li>\n<li>Zero errors in creating network segments, because of our visual aids in the user interface, which do not need a single line of actual network interface configuration while creating a VPN or WAN topology.<\/li>\n<li>A network naming scheme which produces logical identifiers for every single private subnet in your network, without having to remember the IP addresses ever again.<\/li>\n<li>Treat encryption as a security policy, instead of complex IPSEC IKE configuration methods on classical routers.<\/li>\n<li>Make encryption key generation so easy, that you don\u2019t need to know anything about encryption to use it on your network<\/li>\n<li>Make it so hard for non-enterprise traffic to enter or exit through your Internet WAN, that intruders will give up and try other easier to breach solutions.<\/li>\n<li>Optimise the entire network path computation around the real problem, which is network congestion.<\/li>\n<li>Total de-coupling of packet I\/O, network forwarding, application inspection, network services so that a failure in any of them only degrades the service, but does not cripple it to stop traffic.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>If ScaleAOn piques your interest, the above mentioned blogs might be valuable to you. Check them out, and as always, feel free to <strong><a href=\"https:\/\/lavellenetworks.com\/contact\/\">contact<\/a><\/strong> Lavelle Networks with any questions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In our last blog,\u00a0Network Segmentation: Segregating Traffic in the dying age of Perimeter, we discussed the importance of network segmentation at a granular level using modern era segmenting solution which can allow each segment to scale without compromising on enterprise network security. Here we discuss how intent based segmentation can<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":10,"featured_media":20633,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[10],"tags":[82],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v16.0.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Network Segmentation: Secured Intent Based Private Networking - Lavellenetworks<\/title>\n<meta name=\"description\" content=\"Here in this article, we discuss how intent based segmentation can help simplify enterprise private networking. Read on to know more.\" \/>\n<link rel=\"canonical\" href=\"https:\/\/lavellenetworks.com\/blog\/network-segmentation-secured-intent-based-private-networking\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Network Segmentation: Secured Intent Based Private Networking - Lavellenetworks\" \/>\n<meta property=\"og:description\" content=\"Here in this article, we discuss how intent based segmentation can help simplify enterprise private networking. Read on to know more.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/lavellenetworks.com\/blog\/network-segmentation-secured-intent-based-private-networking\/\" \/>\n<meta property=\"og:site_name\" content=\"Lavellenetworks\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-16T16:10:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-14T05:47:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/lavellenetworks.com\/blog\/wp-content\/uploads\/2019\/04\/Network-Segmentation-Secured-Intent-Based-Private-Networking-Blog-Image-1024x512-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\">\n\t<meta name=\"twitter:data1\" content=\"6 minutes\">\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/lavellenetworks.com\/blog\/#website\",\"url\":\"https:\/\/lavellenetworks.com\/blog\/\",\"name\":\"Lavellenetworks\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/lavellenetworks.com\/blog\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/lavellenetworks.com\/blog\/network-segmentation-secured-intent-based-private-networking\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/lavellenetworks.com\/blog\/wp-content\/uploads\/2019\/04\/Network-Segmentation-Secured-Intent-Based-Private-Networking-Blog-Image-1024x512-1.jpg\",\"width\":1024,\"height\":512},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/lavellenetworks.com\/blog\/network-segmentation-secured-intent-based-private-networking\/#webpage\",\"url\":\"https:\/\/lavellenetworks.com\/blog\/network-segmentation-secured-intent-based-private-networking\/\",\"name\":\"Network Segmentation: Secured Intent Based Private Networking - Lavellenetworks\",\"isPartOf\":{\"@id\":\"https:\/\/lavellenetworks.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/lavellenetworks.com\/blog\/network-segmentation-secured-intent-based-private-networking\/#primaryimage\"},\"datePublished\":\"2019-04-16T16:10:25+00:00\",\"dateModified\":\"2021-04-14T05:47:58+00:00\",\"author\":{\"@id\":\"https:\/\/lavellenetworks.com\/blog\/#\/schema\/person\/b1a8ff9ffe087e7ab52713b8452b0d3a\"},\"description\":\"Here in this article, we discuss how intent based segmentation can help simplify enterprise private networking. Read on to know more.\",\"breadcrumb\":{\"@id\":\"https:\/\/lavellenetworks.com\/blog\/network-segmentation-secured-intent-based-private-networking\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/lavellenetworks.com\/blog\/network-segmentation-secured-intent-based-private-networking\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/lavellenetworks.com\/blog\/network-segmentation-secured-intent-based-private-networking\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/lavellenetworks.com\/blog\/\",\"url\":\"https:\/\/lavellenetworks.com\/blog\/\",\"name\":\"Blog\"}},{\"@type\":\"ListItem\",\"position\":2,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/lavellenetworks.com\/blog\/network-segmentation-secured-intent-based-private-networking\/\",\"url\":\"https:\/\/lavellenetworks.com\/blog\/network-segmentation-secured-intent-based-private-networking\/\",\"name\":\"Network Segmentation: Secured Intent Based Private Networking\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/lavellenetworks.com\/blog\/#\/schema\/person\/b1a8ff9ffe087e7ab52713b8452b0d3a\",\"name\":\"Samuel Natarajan\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/lavellenetworks.com\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/lavellenetworks.com\/blog\/wp-content\/uploads\/2021\/04\/sam-146x146.jpg\",\"caption\":\"Samuel Natarajan\"},\"sameAs\":[\"https:\/\/lavellenetworks.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/lavellenetworks.com\/blog\/wp-json\/wp\/v2\/posts\/16261"}],"collection":[{"href":"https:\/\/lavellenetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lavellenetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lavellenetworks.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/lavellenetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=16261"}],"version-history":[{"count":4,"href":"https:\/\/lavellenetworks.com\/blog\/wp-json\/wp\/v2\/posts\/16261\/revisions"}],"predecessor-version":[{"id":20636,"href":"https:\/\/lavellenetworks.com\/blog\/wp-json\/wp\/v2\/posts\/16261\/revisions\/20636"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lavellenetworks.com\/blog\/wp-json\/wp\/v2\/media\/20633"}],"wp:attachment":[{"href":"https:\/\/lavellenetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=16261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lavellenetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=16261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lavellenetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=16261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}