Micro Segmentation Application#
| Group/Version | microsegmentation.eda.nokia.com/v1alpha1 |
| Supported OS | Nokia SR Linux: 26.3.* |
| Supported HW | Nokia 7220 IXR-D2/D3 |
| Catalog | Nokia/catalog/microsegmentation |
| Source Code | coming soon |
Micro segmentation is introduced as BETA in EDA 26.4.1
Micro segmentation is currently only available on select hardware platforms
Micro segmenation leverages the Group Based Policy functionality which was introduced in SRL 26.3.1
It is only supported on IXR 7220-D2/D3 platforms and on IXR 7220-D4 (for L2 only).
Micro segmentation is a network security capability intended to prevent lateral movement of security threats. It divides networks into smaller, isolated zones (known as micro segments) and establishes rules to restrict traffic between them. An example of a micro segment defined within an enterprise network is a set of homogeneous devices such as DNS servers, printers, client applications, or server applications.
The use of micro segmentation policies offers various benefits over traditional ACLs or IP filters:
- Abstraction of micro segments independent of networking concepts (IP addressing, VLANs etc).
- Flexible network designs and IP addressing schemes.
- Update the micro segment a host belongs to, without changing the security policy.
To start using micro segmentation policies:
- create
GroupTagsto define the micro segments - create a
GroupTagAssociationPolicyto associate the group tags with interfaces or routes. - create a
MicroSegmentationPolicyreferencing the group tags as source and/or destination
The application provides the following components:
Summary dashboards for the following resource types:
- Group Tags
- Microsegmentation Policies - Policy Entry Coutners
- Microsegmenation Policies - Node Platform Status
The app installs the following resources:
IndexAllocationPool: group-tag-pool-globalIndexAllocationPool: group-tag-pool-local