No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
CloudEngine 12800 and 12800E V200R005C10 Configuration Guide - Security

This document describes the configurations of Security, including AAA, 802.1x Authentication, ACL, TCAM ACL Customization, local attack defense, Microsegmentation, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, MACsec, DHCP snooping, IPSG, URPF, SSL, Keychain and FIPS.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of Microsegmentation

Overview of Microsegmentation

Definition

Microsegmentation, also called EPG-based secure isolation, groups servers on a data center network based on rules. It applies traffic control policies based on End Point Groups (EPGs) to simplify O&M and implement secure management and control.

Purpose

Enterprises face increasing security risks as stored data, applications, and internal traffic increase on data center networks. Using traditional network methods such as subnet assignment and ACLs to isolate services brings the following issues:
  • Virtual Local Area Network (VLAN) IDs or VXLAN network identifiers (VNIs) can be used to divide subnets for service isolation (for example, isolating services in subnets A and B), but services on servers in the same subnet cannot be isolated. When different subnets share a gateway, servers in these subnets cannot be isolated because the gateway has a route to each subnet.
  • ACLs can be configured to isolate servers. However, data center networks contain many servers, and many ACL rules need to be deployed to isolate servers. This complicates configuration and maintenance. In addition, ACL resources of network devices are limited and cannot meet customer requirements.

Microsegmentation addresses the preceding issues. On a VXLAN network, microsegmentation provides grouping rules with finer granularity than subnets. For example, microsegmentation supports IP address-based or IP address segment-based grouping. In addition, microsegmentation is easy to deploy. You only need to add servers on the VXLAN network to EPGs and deploy traffic control policies based on EPGs.

Benefits

Microsegmentation implements service isolation on servers of a VXLAN network and ensures secure management and control for the VXLAN network. The configuration and maintenance are simple, reducing configuration and maintenance costs.

Translation
简体中文
Download
Updated: 2021-09-17

Document ID: EDOC1100075347

Views: 234114

Downloads: 100

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :