Micro-Segmentation in Action

In this blog article I’m going to show you Micro-Sgementation in action with NSX in my lab.  The concept of Micro-Sgementaiton is the ability to block or limit traffic between all workloads within your datacenter, which includes blocking or limiting traffic between all VM’s on the same layer 2 network.  There is a great whitepaper here explaining more.  In my lab I have the following logical switches:

I have the following virtual machines assigned to the following logical switches:

WEB01 (192.168.0.11) -> Tenant-01-Web-Tier
WEB02 (192.168.0.12) -> Tenant-01-Web-Tier
APP01 (192.168.1.11) -> Tenant-01-App-Tier
DB01 (192.168.2.11) -> Tenant-01-DB-Tier

WEB01 can successfully ping WEB02 and vice versa:

The following rule will block all traffic from WEB01 to WEB02 but not from WEB02 to WEB01:

This was just a quick post showing the power of NSX and Micro-Segmentation.  I’m now going to start looking into the service composes functionality and policies can be applied to a specific group of VM’s.  Expect more soon