Many users are unaware that network traffic can be segmented (or separated) within a Nutanix cluster for various functions or purposes. For example, backplane traffic can be separated from Management-Plane Traffic so as to allow for even greater available bandwidth for the backplane traffic. Further, as another example, DMZ related traffic could be isolated to specific host uplinks. The four primary means of network segmentation are the following:
- Isolating Backplane Traffic by using VLANs (Logical Segmentation)
- Isolating Backplane Traffic Physically (Physical Segmentation)
- Isolating Service-Specific Traffic
- Isolating Stargate-to-Stargate traffic over RDMA
To note, certain means of segmentation are limited to certain hypervisor versions. For example, the segmentation of management and backplane traffic is supported across the AHV, ESX and Hyper-V (Hyper-V offering logical segmentation only) hypervisors, while service-specific segmentation is supported only by the AHV and ESX hypervisors. Further, while most of the network segmentation configuration can be accomplished through the Prism Web user-interface (UI), some configuration elements for some of the available segmentation means are accomplished only through command-line interface (CLI).
For more information regarding network segmentation and the procedures to employ it, please refer to the Securing Traffic Through Network Segmentation section of the AOS Security Guide.