Simplifying and Securing Network Segmentation with F5 Distributed Cloud and Nutanix Flow
By F5 DevCentral Community
Key Concepts
- Network Segmentation: Dividing a network into smaller, isolated segments for security and efficiency.
- Nutanix Flow: Nutanix’s microsegmentation solution for securing workloads within a network segment.
- F5 Distributed Cloud: A platform used to extend network segments across different environments and locations.
- BGP (Border Gateway Protocol): A standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS).
- CE (Customer Edge): A device deployed at a customer site to connect to the F5 Distributed Cloud.
- VPC (Virtual Private Cloud): A logically isolated section of a public cloud provider’s network.
- Microsegmentation: A granular approach to security that isolates individual workloads.
- XHub: A mechanism within Nutanix Flow to direct traffic to a specific destination.
Extending Network Segments with F5 Distributed Cloud and Nutanix Flow
This demonstration showcases how F5 Distributed Cloud and Nutanix Flow work together to simplify and secure network segmentation, specifically extending a local network segment to a remote site. The core benefit highlighted is the ability to maintain efficiency, reduce risk, and ensure compliance through isolated network environments.
Initial Setup & Network Isolation (San Jose)
The demonstration begins with a pre-configured environment. A Customer Edge (CE) device is deployed within a Nutanix Flow Virtual Private Cloud (VPC) named DEV3, located in San Jose. A specific subnet – 192.170.84.0/24 – has been isolated into a network segment named “jy-nutanics” using F5 Distributed Cloud and Nutanix Flow. Border Gateway Protocol (BGP) pairing has been established between the CE and the Nutanix Flow BGP gateway within this segment. This BGP pairing is crucial for route exchange and connectivity.
Configuration in Prism Central & Distributed Cloud
The configuration is viewed through both Prism Central (Nutanix’s management interface) and the F5 Distributed Cloud console. Prism Central confirms the isolation of the 192.170.84.0/24 subnet into the “jy-nutanics” segment. The F5 Distributed Cloud console is then used to extend this segment to a remote site in New York City (NYC).
Extending the Segment to NYC
To extend the network segment, the same segment name ("jy-nutanics") is assigned to a local subnet at the remote site in NYC (192.168.60.0/24) within the F5 Distributed Cloud console. This action triggers route exchange between the CEs in San Jose and NYC.
Route Advertisement & Verification
Upon completion of the segment assignment, routes are exchanged. Switching back to Prism Central, the demonstration shows that the remote site route, originating from the CE in NYC, is being advertised via BGP and installed in the VPC’s routing table. Critically, the routing table entry includes an XHub pointing to the CE in San Jose. This XHub directs traffic destined for the NYC subnet through the CE, effectively extending the network segment. This confirms successful extension of the network segment.
Connectivity Testing
Following the route propagation, connectivity is tested. The demonstration confirms that devices in San Jose can now reach and connect to resources on the remote subnet in NYC, while still utilizing the VPC’s logical router as the default gateway.
Reverting the Changes & Isolation
The demonstration then illustrates the ease of reverting the changes. Removing the segment assignment in the F5 Distributed Cloud console immediately removes the associated routes. In Prism Central, the remote site routes disappear from the VPC’s routing table. Correspondingly, the remote site routes are removed from the CE in NYC. Connectivity from San Jose to NYC is then lost, confirming the re-establishment of network isolation.
Microsegmentation within Segments
The presentation highlights that while F5 Distributed Cloud extends network segments, Nutanix Flow provides microsegmentation within each segment. An example is given: two Virtual Machines (VMs) residing on the same “jy-nutanics” segment can each have their own, independent security policies applied through Nutanix Flow.
Synergy & Benefits
The video concludes by emphasizing the combined benefits of F5 Distributed Cloud and Nutanix Flow. “F5 Distributed Cloud simplifies and secures network segmentation across any environment while Nutanix Flow provides micro segmentation inside each segment.” This combined approach delivers end-to-end network security, enabling enterprises to remain agile, compliant, and protected across diverse environments.
Notable Quote
“F5 Distributed Cloud simplifies and secures network segmentation across any environment while Nanx flow provides micro segmentation inside each segment.” – Presenter, during the concluding remarks.
This demonstration provides a practical example of how these technologies can be used to create a secure and flexible network infrastructure.
Chat with this Video
AI-PoweredHi! I can answer questions about this video "Simplifying and Securing Network Segmentation with F5 Distributed Cloud and Nutanix Flow". What would you like to know?