VPN architecture patterns and when VPN is the wrong answer
VPN architecture from an operator's seat: site-to-site vs remote access, WireGuard vs IPsec vs TLS, split vs full tunnel, and where ZTNA replaces the VPN.
Topic
Enterprise networking is the architecture and operation of the routed, switched, and increasingly software-defined fabrics that connect an organization. This section covers routing and BGP, DNS, network design, segmentation, and the operational habits of reliable networks.
VPN architecture from an operator's seat: site-to-site vs remote access, WireGuard vs IPsec vs TLS, split vs full tunnel, and where ZTNA replaces the VPN.
The network documentation that gets used and stays current: L3 diagrams, IPAM, patch records, change logs, and the docs-as-code workflow that keeps them alive.
A network troubleshooting method that survives real outages: OSI layering used correctly, the ping-to-packet-capture tooling ladder, and symptom traps to avoid.
DNS architecture that fails gracefully: authoritative/recursive separation, anycast, TTL strategy, DNSSEC tradeoffs, and the failure patterns behind outages.
A practitioner's guide to BGP for enterprises: when multihoming justifies it, route filtering per RFC 7454 and MANRS, communities, and the classic mistakes.
Enterprise network design from the failure modes up: hierarchy, L2/L3 boundaries, HSRP/VRRP redundancy, and capacity planning that survives growth.