Feb 23, 2012
There's a debate emerging in the IT community about the use of flat networks vs. traditional tiered networks. In a flat network, hosts on the same subnet don’t require the use of a Layer 3 switch or router to communicate. This reduction in L3 activity can make flat networks more efficient and increase network performance. Flat networks can also support highly virtualized environments and key virtualization features such as virtual machine migration.
However, by moving to a flat network, common L3 filtering controls such as firewalls and access control lists won’t necessarily be available because more devices will sit on the same subnet. But this doesn’t mean giving up on security controls. A variety of Layer 2 technologies are available for physical networks and virtualized environments that let IT restrict communications among devices.
We’ll look at control options such as VLAN access control lists (VACLs) and private VLANs (PVLANs). VACLs can be set up to block specific traffic types, and can provide fine-grained control around which devices are allowed to communicate with other devices on the same subnet. PVLANs provide broad segmentation of Layer 2 traffic, and can be used to restrict intra-device communication.
We’ll also look at the use of port profiles and security profiles for use in virtualized environments. These mechanisms apply a predefined set of policies and configurations that determine access controls and other security rules. (S4210312)