In this document I’m going to implement a macro segmentation strategy using useg.
The test looks and it is simple but the idea is to show that a domain or segment can comprehends subnet(s), entire vnet/vpcs, and or maybe multiples vnet/vpcs across regions and across cloud providers.
If you are not familiar with the feature, please visit my previous blog on useg to get started:
Test Deployment
I have a small environment with two spokes (spoke30 and spoke40) where I deployed two test VMs:
- spoke30-useg-vm1
- spoke40-useg-vm1
App Domain “appdomain-blue”:
App Domain “appdomain-green”:
The policies created for testing are represented on the diagram below:
Testing
The test looks and it is simple but the idea is to show that a domain or segment can comprehends subnet(s), entire vnet/vpcs, and or maybe multiples vnet/vpcs across regions and across cloud providers.
Domain blue can talk to domain green:
Ping works as expected:
Domain blue cannot talk to domain green:
Ping fails as expected:
