Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

6 week online course

Start now!
back to overview

IPv6 Microsegmentation in Data Center Environments

The proponents of microsegmentation solutions would love you to believe that it takes no more than somewhat-stateful packet filters sitting in front of the VMs to get rid of traditional subnets. As I explained in my IPv6 Microsegmentation talk (links below), you need more if you want to have machines from multiple security domains sitting in the same subnet – from RA guard to DHCPv6 and ND inspection.

It’s also possible to solve the problem by reducing the size of layer-2 domains to what they were initially supposed to be: links between adjacent nodes (host-to-router links). Would that work in a data center environment supporting VM mobility? Watch the video from the IPv6 microsegmentation webinar to find out.

More information

It looks like I’m the only one talking about IPv6 microsegmentation – all the top hits on Google are links to one or another version of my presentation:

There’s another CliffsNotes version of my webinar floating around the Internet, but as the author took great care to mention me only in passing without including any links whatsoever, I won’t link to his version either. Happy hunting.

1 comment:

  1. It pops up in more than one place it is just has many different faces :-) https://tools.ietf.org/html/draft-jjmb-v6ops-unique-ipv6-prefix-per-host-00 and https://datatracker.ietf.org/doc/draft-herbert-nvo3-ila/ are good examples. Well, and then in large-scale WiFi networks (for the events with low volume of linux hosts, because apparently linux is buggy) I've been clearing the onlink bit and blocking P2P.... :-)

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Sidebar