Networking terms and definitions | Network World

Next-generation firewall (NGFW)

Next-generation firewalls defend network perimeters and include features to inspect traffic at a fine level including intrusion prevention systems, deep-packet inspection, and SSL inspection all integrated into a single system.

Infiniband

Infiniband is a highly specialized technology, Infiniband’s performance and scalability make it a valuable tool for organizations that require the highest levels of network performance. The high-performance interconnect technology designed to provide low-latency, high-bandwidth communication between servers, storage devices, and other high-performance computing (HPC) components. It’s particularly well-suited for applications that require rapid data transfer, such as scientific computing, financial modeling and video rendering. Infiniband is commonly used for HPC clusters,  data centers, supercomputers and scientific research.

Ethernet

Ethernet is one of the original networking technologies and was invented 50 years ago. Despite its age, the communications protocol can be deployed and incorporate modern advancements without losing backwards compatibility, Ethernet continues to reign as the de facto standard for computer networking. As artificial intelligence (AI) workloads increase, network industry giants are teaming up to ensure Ethernet networks can keep pace and satisfy AI’s high performance networking requirements. At its core, Ethernet is a protocol that allows computers (from servers to laptops) to talk to each other over wired networks that use devices like routers, switches and hubs to direct traffic. Ethernet works seamlessly with wireless protocols, too.

Internet

The internet is a global network of computers using internet protocol (IP) to communicate globally via switches and routers deployed in a cooperative network designed to direct traffic efficiently and to provide resiliency should some part of the internet fail.

Internet backbone

Tier 1 internet service providers (ISP) mesh their high-speed fiber-optic networks together to create the internet backbone, which moves traffic efficiently among geographic regions.

IP address

An IP address is a unique set of numbers or combination of letters and numbers that are assigned to each device on an IP network to make it possible for switches and routers to deliver packets to the correct destinations.

PaaS, NaaS, IaaS and IDaaS

Platform as a service (PaaS): In PaaS, a cloud provider delivers a platform for developers to build, run and manage applications. It includes the operating system, programming languages, database and other development tools. This allows developers to focus on building applications without worrying about the underlying infrastructure.

Network as a service (NaaS): NaaS is a cloud-based service that provides network infrastructure, such as routers, switches and firewalls, as a service. This allows organizations to access and manage their network resources through a cloud-based platform.

Infrastructure as a service (IaaS): IaaS provides the building blocks of cloud computing — servers, storage and networking. This gives users the most control over their cloud environment, but it also requires them to manage the operating system, applications, and other components.

Identity as a service (IDaaS): providers maintain cloud-based user profiles that authenticate users and enable access to resources or applications based on security policies, user groups, and individual privileges. The ability to integrate with various directory services (Active Directory, LDAP, etc.) and provide single sign-on across business-oriented SaaS applications is essential.

Internet of things (IoT)

The internet of things (IoT) is a network of connected smart devices providing rich operational data to enterprises. It is a catch-all term for the growing number of electronics that aren’t traditional computing devices, but are connected to the internet to to gather data, receive instructions or both.

Industrial internet of things (IIoT)

The industrial internet of things (IIoT) connects machines and devices in industries. It is the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy and manufacturing sectors.

Industry 4.0

Industry 4.0 blends technologies to create custom industrial solutions that make better use of resources. It connects the supply chain and the ERP system directly to the production line to form integrated, automated, and potentially autonomous manufacturing processes that make better use of capital, raw materials, and human resources.

IoT standards and protocols

There’s an often-impenetrable alphabet soup of protocols, standards and technologies around the Internet of Things, and this is a guide to essential IoT terms.

Narrowband IoT (NB-IoT)

NB-IoT is a communication standard designed for IoT devices to operate via carrier networks, either within an existing GSM bandwidth used by some cellular services, in an unused “guard band” between LTE channels, or independently.

IP

Internet protocol (IP) is the set of rules governing the format of data sent over IP networks. 

DHCP

DHCP stands for dynamic host-configuration protocol, an IP-network protocol  used for a server to automatically assign networked devices with IP addresses on the fly and and share other information to those devices so they can communicate efficiently with other endpoints.

DNS

The Domain Name System (DNS) resolves the common names of Web sites with their underlying IP addresses, adding efficiency and even security in the process.

IPv6

IPv6 is the latest version of internet protocol that identifies devices across the internet so they can be located but also can handle packets more efficiently, improve performance and increase security.

IP address

An IP address is a number or combination of letters and numbers used to label devices connected to a network on which the Internet Protocol is used as the medium for communication. IP addresses give devices on IP networks their own identities so they can find each other.

Network management

Network management is the process of administering and managing computer networks.

Intent-based networking

Intent-based networking (IBNS) is network management that gives network administrators the ability to define what they want the network to do in plain language, and having a network-management platform automatically configure devices on the network to create the desired state and enforce policies.

Microsegmentation

Microsegmentation is a way to create secure zones in networks, in data centers, and cloud deployments by segregating sections so only designated users and applications can gain access to each segment.

Software-defined networking (SDN)

Software-defined networking (SDN) is an approach to network management that enables dynamic, programmatically efficient network configuration in order to improve network performance and monitoring. It operates by separating the network control plane from the data plane, enabling network-wide changes without manually reconfiguring each device.

Network security

Network security consists of the policies, processes, and practices adopted to prevent, detect, and monitor unauthorized access, misuse, modification, or denial of service on a computer network and network-accessible resources.

Identity-based networking

Identity-based networking ties a user’s identity to the networked services that user can receive.

Microsegmentation

Microsegmentation is a way to create secure zones in networks, in data centers, and cloud deployments by segregating sections so only designated users and applications can gain access to each segment.

Network access control (NAC)

Network Access Control is an approach to computer security that attempts to unify endpoint-security technology, user or system authentication, and network security enforcement.

SASE

Secure access service edge (SASE) is a network architecture that rolls software-defined wide area networking (SD-WAN) and security into a cloud service that promises simplified WAN deployment, improved efficiency and security, and to provide appropriate bandwidth per application. SASE, a term coined by Gartner in 2019, offers a comprehensive solution for securing and optimizing network access in today’s hybrid work environment.   Its core elements include the following: 

Secure web gateway (SWG): Filters and inspects web traffic, blocking malicious content and preventing unauthorized access to websites.  
Cloud access security broker (CASB): Enforces security policies and controls for cloud applications, protecting data and preventing unauthorized access. 
Zero trust network access (ZTNA): Grants access to applications based on user identity and device posture, rather than relying on network location. 
Firewall-as-a-service (FWaaS): Provides a cloud-based firewall that protects networks from threats and unauthorized access. 
Unified management: A centralized platform for managing and monitoring both network and security components.  
Automation: Automated workflows and policies to simplify operations and improve efficiency. 
Analytics: Advanced analytics to provide insights into network and security performance. 

Multivendor SASE

Refers to a SASE platform that is provided by multiple vendors. This means you’d source that different components of the SASE platform, such as the secure web gateway (SWG), cloud access security broker (CASB), and zero-trust network access (ZTNA) from different vendors. This allows you to choose the best-of-breed solutions for each component of the platform. By using multivendor SASE platform, you avoid being tied to a single vendor and reduce the risk of vendor lock-in. On the negative side, managing multiple vendors is time-consuming than managing a single-vendor solution. Also, issues among vendors can impact the performance, efficiency and reliability of the SASE solution.

Single-vendor SASE

Single-vendor SASE refers to a solution that is provided by a single vendor. This means that all of the components of the SASE platform, such as the secure web gateway (SWG), cloud access security broker (CASB), and zero-trust network access (ZTNA) are delivered by a single vendor. Advantages of single-vendor SASE include simplified management, smoother integration and enhanced support. Disadvantages include vendor lock-in, more limited capabilities compared to multivendor platforms, and higher costs for large organizations.

Network switch

A network switch is a device that operates at the Data Link layer of the OSI model — Layer 2. It takes in packets being sent by devices that are connected to its physical ports and sends them out again, but only through the ports that lead to the devices the packets are intended to reach. They can also operate at the network layer — Layer 3 where routing occurs.

Open systems interconnection (OSI) reference model

Open Systems Interconnection (OSI) reference model is a framework for structuring  messages transmitted between any two entities in a network.

Power over Ethernet (PoE)

PoE is the delivery of electrical power to networked devices over the same data cabling that connects them to the LAN. This simplifies the devices themselves by eliminating the need for an electric plug  and power converter, and makes it unnecessary to have separate AC electric wiring and sockets installed near each device.

Routers

A router is a networking device that forwards data packets between computer networks. Routers operate at Layer 3 of the OSI model and perform traffic-directing functions between subnets within organizations and on the internet.

Border-gateway protocol (BGP)

Border Gateway Protocol is a standardized protocol designed to exchange routing and reachability information among the large, autonomous systems on the internet.

UDP port

UDP (User Datagram Protocol) is a communications protocol primarily used for establishing low-latency and loss-tolerant connections between applications on the internet. It speeds up transmissions by enabling the transfer of data before the receiving device agrees to the connection.

Storage networking

Storage networking is the process of interconnecting external storage resources over a network to all connected computers/nodes.

Network attached storage (NAS)

Network-attached storage (NAS) is a category of file-level storage that’s connected to a network and enables data access and file sharing across a heterogeneous client and server environment.

Non-volatile memory express (NVMe)

A communications protocol developed specifically for all-flash storage, NVMe enables faster performance and greater density compared to legacy protocols. It’s geared for enterprise workloads that require top performance, such as real-time data analytics, online trading platforms, and other latency-sensitive workloads.

Solid-state drive (SSD)

Solid-solid drives, or an SSD, are storage device that uses flash memory to store data. Unlike traditional hard disk drives (HDDs), SSDs have no moving parts, making them faster, more reliable, and quieter.

Storage-area network (SAN)

A storage-area network (SAN) is a dedicated, high-speed network that provides access to block-level storage. SANs were adopted to improve application availability and performance by segregating storage traffic from the rest of the LAN. 

Tensor processing unit (TPU)

A tensor processing unit (TPU) is a integrated circuit developed by Google for accelerating machine learning workloads. Unlike general-purpose CPUs or graphics processing units (GPUs), TPUs are designed and optimized specifically to handle the massive matrix multiplication and vector operations that are fundamental to neural networks and other machine learning algorithms.

While both TPUs and GPUs are used to accelerate AI, they have different design philosophies:

TPUs are optimized for massive, high-throughput machine learning tasks. They excel at inference and training large models.
GPUs are more versatile and programmable. While also excellent for parallel processing, they are not exclusively for machine learning and are widely used for computer graphics, scientific computing, and general-purpose parallel programming.

Virtualization

Virtualization is the creation of a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources. This includes virtual servers that can co-exist on the same hardware, but behave separately.

Containerization

Containerization (e.g., Docker, Kubernetes)  refers to a form of virtualization at the operating-system level. That is, rather than virtualizing hardware, containers virtualize the operating system itself. All containers on a single host share the same underlying OS kernel. Each container bundles only the application code, its runtime, system tools, libraries, and settings. This makes them much smaller and faster to start than virtual machines VMs. They provide isolation at the process and filesystem level, running in isolated “user spaces.”

Hypervisor

A hypervisor is software that separates a computer’s operating system and applications from the underlying physical hardware, allowing the hardware to be shared among multipe virtual machines.

Network virtualizaton

Network virtualization is the combination of network hardware and software resources with network functionality into a single, software-based administrative entity known as a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization.

Network function virtualization (NFV)

Network functions virtualization (NFV) uses commodity server hardware to replace specialized network appliances for more flexible, efficient, and scalable services.

Application-delivery controller (ADC)

An application delivery controller (ADC) is a network component that manages and optimizes how client machines connect to web and enterprise application servers. In general, a ADC is a hardware device or a software program that can manage and direct the flow of data to applications.

Virtual machine (VM)

A virtual machine (VM) is software that runs programs or applications without being tied to a physical machine. In a VM instance, one or more guest machines can run on a physical host computer.

VLAN
 A virtual LAN (VLAN) allows network administrators to logically segment a single physical LAN into multiple distinct broadcast domains. In simpler terms, a VLAN lets you group devices together as if they were on a separate network, even if those devices are connected to the same physical network switch or to different switches across a building or campus.

Traditionally, a LAN segments traffic using physical network segments, where each segment is a separate broadcast domain. Any device on that segment can hear broadcast traffic from other devices on the same segment. VLANs break this physical constraint. When a VLAN is configured on a switch, ports on that switch are assigned to specific VLAN IDs. Traffic from devices connected to ports in one VLAN cannot directly communicate with devices in another VLAN, unless a Layer 3 device (like a router or a Layer 3 switch) is used to route traffic between them.

This logical segmentation is achieved by adding a tag to the Ethernet frames as they traverse the network. This tag identifies which VLAN the frame belongs to, allowing switches to keep traffic within its assigned VLAN.

VPN (virtual private network)

A virtual private network can create secure remote-access and site-to-site connections inexpensively, are a stepping stone to software-defined WANs, and are proving useful in IoT.

Split tunneling

Split tunneling is a device configuration that ensures that only traffic destined for corporate resources go through the organization’s internet VPN, with the rest of the traffic going outside the VPN, directly to other sites on the internet.

WAN

A WAN  or wide-area network, is a network that uses various links—private lines, Multiprotocol Label Switching (MPLS), virtual private networks (VPNs), wireless (cellular), the Internet — to connect organizations’ geographically distributed sites. In an enterprise, a WAN could connect branch offices and individual remote workers with headquarters or the data center.

Data deduplication

Data deduplication, or dedupe, is the identification and elimination of duplicate blocks within a dataset, reducing the amount of traffic that must go on WAN connections. Deduplication can find redundant blocks of data within files from different directories, different data types, even different servers in different locations.

MPLS

Multi-protocol label switching (MPLS) is a packet protocol that ensures reliable connections for real-time applications, but it’s expensive, leading many enterprises to consider SD-WAN as a means to limit its use.

SASE

Secure access service edge (SASE) is a network architecture that rolls software-defined wide area networking (SD-WAN) and security into a cloud service that promises simplified WAN deployment, improved efficiency and security, and to provide appropriate bandwidth per application. SASE, a term coined by Gartner in 2019, offers a comprehensive solution for securing and optimizing network access in today’s hybrid work environment.   Its core elements include the following: 

Secure web gateway (SWG): Filters and inspects web traffic, blocking malicious content and preventing unauthorized access to websites.  
Cloud access security broker (CASB): Enforces security policies and controls for cloud applications, protecting data and preventing unauthorized access. 
Zero trust network access (ZTNA): Grants access to applications based on user identity and device posture, rather than relying on network location. 
Firewall-as-a-service (FWaaS): Provides a cloud-based firewall that protects networks from threats and unauthorized access. 
Unified management: A centralized platform for managing and monitoring both network and security components.  
Automation: Automated workflows and policies to simplify operations and improve efficiency. 
Analytics: Advanced analytics to provide insights into network and security performance. 

SD-WAN

Software-defined wide-area networks (SD-WAN) is sofware that can manage and enforce the routing of WAN traffic to the appropriate wide-area connection based on policies that can take into consideration factors including cost, link performance, time of day, and application needs based on policies. Like its bigger technology brother, software-defined networking, SD-WAN decouples the control plane from the data plane. 

VPN

Virtual private networks (VPNs) can create secure remote-access and site-to-site connections inexpensively, can be an option in SD-WANs, and are proving useful in IoT.

Wi-Fi

Wi-Fi refers to the wireless LAN technologies that utilize the IEEE 802.11 standards for communications. Wi-Fi products use radio waves to transmit data to and from devices with Wi-Fi software clients to access points that route the data to the connected wired network..

802.11ad

802.11ad is an amendment to the IEEE 802.11 wireless networking standard, developed to provide a multiple gigabit wireless system standard at 60 GHz frequency, and is a networking standard for WiGig networks.

802.11ay

802.11ay is a proposed enhancement to the current (2021) technical standards for Wi-Fi. It is the follow-up to IEEE 802.11ad, quadrupling the bandwidth and adding MIMO up to 8 streams. It will be the second WiGig standard.

802.11ax (Wi-Fi 6)

802.11ax, officially marketed by the Wi-Fi Alliance as Wi-Fi 6 and Wi-Fi 6E, is an IEEE standard for wireless local-area networks and the successor of 802.11ac. It is also known as High Efficiency Wi-Fi, for the overall improvements to Wi-Fi 6 clients under dense environments.

Access point

An access point is networking device that allows wireless-capable devices to connect to a wired network. Access points typically create a wireless local area network (WLAN) using Wi-Fi standards.

Wi-Fi 6E

Wi-Fi 6E is an extension of Wi-Fi 6 unlicensed wireless technology operating in the 6GHz band, and it provides lower latency and faster data rates than Wi-Fi 6. The spectrum also has a shorter range and supports more channels than bands that were already dedicated to Wi-Fi, making it suitable for deployment in high-density areas like stadiums.

Beamforming

Beamforming is a technique that focuses a wireless signal towards a specific receiving device, rather than having the signal spread in all directions from a broadcast antenna, as it normally would. The resulting more direct connection is faster and more reliable than it would be without beamforming.

Controllerless Wi-Fi

It’s no longer necessary for enterprises to install dedicated Wi-Fi controllers in their data centers because that function can be distributed among access points or moved to the cloud, but it’s not for everybody.

MU-MIMO

MU-MIMO stands for multi-user, multiple input, multiple output, and is wireless technology supported by routers and endpoint devices. MU-MIMO is the next evolution from single-user MIMO (SU-MIMO), which is generally referred to as MIMO. MIMO technology was created to help increase the number of simultaneous users a singel access point can support, which was initially achieved by increasing the number of antennas on a wireless router.

OFDMA

Orthogonal frequency-division multiple-access (OFDMA) provides Wi-Fi 6 with high throughput and more network efficiency by letting multiple clients connect to a single access point simultaneously.

Wi-Fi 6 (802.11ax)

802.11ax, officially marketed by the Wi-Fi Alliance as Wi-Fi 6 and Wi-Fi 6E, is an IEEE standard for wireless local-area networks and the successor of 802.11ac. It is also known as High Efficiency Wi-Fi, for the overall improvements to Wi-Fi 6 clients under dense environments.

Wi-Fi 7

Wi-Fi 7 is currently the leading edge of wireless internet standards, providing more bandwidth, lower latency and more resiliency than prior standards. A year ago, there was some speculation that 2024 would be the breakout year for Wi-Fi 7. While some Wi-Fi 7 gear began to emerge in 2024, it looks like 2025 will be the year for Wi-Fi 7 rollouts. 

Wi-Fi standards and speeds

Ever-improving Wi-Fi standards make for denser, faster Wi-Fi networks.

WPA3

The WPA3 Wi-Fi security standard tackles WPA2 shortcomings to better secure personal, enterprise, and IoT wireless networks.

Zero trust

Zero trust is security model based on the principle of “never trust, always verify.” It assumes that no user, device, or application, whether inside or outside the network, should be trusted by default. Access is granted only after authentication and authorization, based on context and least privilege.

Zero-water cooling

Zero-water cooling refers to various cooling technologies designed to eliminate or substantially reduce the amount of fresh water used for cooling purposes in data centers and power plants.

The goal of zero-watering cooling is to achieve a near-zero water usage effectiveness (WUE), a metric that measures water consumed for cooling against energy consumed by IT equipment.

The technology is critical because a typical hyperscale data center can evaporate more than a million liters of water a day. Zero-water cooling addresses this by significantly reducing or eliminating the dependency on local water supplies, making it a critical sustainability goal for industries in water-stressed regions.