Architects and engineers are confronted with the criteria on how to create segments when designing segmentation for Aviatrix and how segments communicates among themselves. Today Aviatrix supports Region, Account Name, Subnets , VPC/VNets, and CSP tags as segmentation criteria: In a fabric with a “network” centric design the app domains are aligned to network constructs (vpc/vnet/subnet). For example: 1 subnet = 1 app domain or 1 vpc = 1 app domain. Usually communication is allowed unrestricted as those domains contains multiple apps. It is called an app centric design when the app domain constructs are aligned to the application and … Continue reading Micro-Segmentation Cloud Architecture with Aviatrix

In this document I’m going to experiment with multiple app domain membership: a VM belongs to more than on app domain. If you are not familiar with the feature, please visit my previous blog on useg to get started: Test Deployment I have a small environment with two spokes (spoke30 and spoke40) where I deployed three test VMs: spoke30-useg-vm1 spoke40-useg-vm1 spoke40-useg-vm2 Each one has a tag with its own VM name. App Domain “appdomain-blue”: The two VMs matches the logical OR condition and are correctly classified as belonging to the “appdomain-blue”: App Domain “appdomain-green”: The two VMs matches the logical … Continue reading Aviatrix useg: multiple app membership