Segmenting Virtual Networks Essay

2176 WordsMar 4, 20149 Pages
VYATTA, INC. | White Paper Segmenting Virtual Networks with Virtual Routers Segmenting Virtual Networks Introduction For the past 20 years, network architects have used segmentation strategies to make their networks more manageable and secure. Deploying firewalls between servers with different purposes or trust levels has long been a “must have” for any production network – especially those intended to rise to the level of PCI compliance. The rise of virtualization has caused some network designers to rethink the need for network segmentation. Virtual environments seem to naturally lend themselves to the use of big flat networks. vSwitch, the basic virtual switch provided by VMware, doesn’t even support Layer 3 functionality – so absent other technology, virtual machines within a hypervisor are not isolated or segmented. Some engineers have gone so far as to declare that it is time to do away with 3-tiered networks altogether. This paper will look at the question of network segmentation in highly virtualized environments. Is the world is flat? A flat network is one where the hosts have IP addresses on the same subnet – they are all in the same broadcast domain. Because the hosts are within a shared subnet, routing using a Layer 3 network device isn’t required for traffic remaining inside the network. Flat networks have the advantages of being both simple and, provided there aren’t too many devices on it, fast. Flat networks are also supportive of virtual machine migration, an important consideration in today’s virtualized world. Frank Ohlhorst made the case for flat networks when he wrote, "Flat network design came into being because an alternative was

More about Segmenting Virtual Networks Essay

Open Document