This whitepaper is for historical reference only. Some content might be outdated and some links might not be available.

# Centralized or distributed network configuration and management
<a name="centralized-distributed-network-configuration-management"></a>

 As you build your network, you need to decide between distributed and centralized networking components for your organization. When starting distributed networks or Full Mesh routing solutions with smaller networks, on-premises sites, and cloud providers network may help reduce complicated point to point communication. However, as the network grows, and the number of nodes increases, the number of connections between the nodes increases the complexity for the network management introducing scalability challenges. Hub and spoke network topologies offer a different set of advantages over point to point communication links. Centralized networks (hub and spoke networks) allow you to inspect all your traffic in one point, controlling ingress and egress traffic from your environment, and simplify the management of the connections. Hub and spoke networks offer larger scalability over new links, and they offer centralized control over spoke sites. With these kinds of tools, you can centrally control access to public and private networks, restrict users access to resources over LAN and WIFI networks, control the addition and deletion of routing components, and simplify the modification of the logical divisions within your network (VLAN, VRFs, and so on). 

# Automating network infrastructure
<a name="automating-network-infrastructure"></a>

In cloud environments, network engineers not only configure the networks, but they should also accustom themselves to orchestration tools using Infrastructure as Code (IaC) to deploy network infrastructure at scale. This helps in reducing deployment time, minimizes human error when configuring repeatable patterns, and provides ease in lift and shift for your current network infrastructure if it needs to be replicated in a different environment. 

IP address management can be controlled and automated using IP Address Management (IPAM) solutions. IPAM solutions help enhancing dynamic allocations of IP addresses, adding/deleting of new and existing CIDRs, automated delivery and record maintenance. Automation to manage your network helps remove delays in on-boarding new applications or growing existing applications, by enabling you to assign IP addresses to your network resources. IPAM solutions can also automatically track critical IP address information, including its assignment attributes, location in your network, and routing and security domain. Reducing the need to manually track or do bookkeeping for your IP addresses and reducing the possibility of errors during IP assignments. 

# Traffic inspection
<a name="traffic-inspection"></a>

In hybrid environments, you should consult with your networking and security teams on traffic inspection requirement and identify application traffic which needs to be inspected. Typically, any traffic leaving your or cloud infrastructure and egressing to public internet can be prone to attack. To mitigate this risk, any traffic within your network generated by a critical workload should be routed through an inspection device. While designing your network topology, your security team and your engineering team should collaborate with your networking team to build the level of granularity of the inspection given the traffic to be inspected. Some examples include: the direction of the traffic (east-west, north-south), the protocols, and origin and destination. These inspections need to meet the compliance and forensic requirements within your policy. Additionally, we recommend that you assemble high availability (HA) inspection devices to avoid a single point of failure.