How to Segment Traffic Flows at the Network Edge

Hari Srinivasan
How to Segment Traffic Flows at the Network Edge


As organizations interconnect with partners, mobile users, cloud, and SaaS and network service providers, the volume of traffic moving outside the data center becomes a major network challenge. Many organizational networks were not designed to connect to so many external networks and users. The result is often a complex proliferation of sub-performing WAN connections-physical and logical-atop a multitude of infrastructures. This network complexity is not only difficult to manage but it’s expensive as well. MPLS-layer VPNs quickly becomes cost-prohibitive, and protecting sensitive data while remaining compliant with multiple regulations can become overwhelming. The emerging portability of applications and data, and the huge growth in data acquisition and access, only add to the complexity.

Re-architect traffic flows for the edge

To tackle latency issues, many organizations have started placing significant portions of their application and IT infrastructure at the digital edge where they are close to globally dispersed users, partners and cloud services. Connecting directly to colocated clouds and business partners that are physically proximate to one another can simplify segmentation enormously, as well as leverage emerging technologies such as SD-WAN for greater flexibility and cost savings.

Simplifying WAN segmentation by re-architecting for the digital edge is part of an overall Interconnection Oriented Architecture™ (IOA™) strategy. An IOA is a proven and repeatable architectural framework that directly and securely connects people, locations, clouds and data at the digital edge, where a multitude of applications and services-cloud-based and/or networked-interact to support or fulfill a variety of digital interactions.


Plan, and move ahead

The first step to simplifying your WAN segmentation is to implement traffic segmentation at network intersection points within digital edge nodes (aka: communications hubs), taking into account as much as possible as you consider how to segment your traffic flows. For example, how many clouds, partners and field area networks will be interconnected? Then use that information to determine the best segmentation strategy for your data and application workload needs. In many cases, the solution will be a mix of appliances and SD-WAN approaches.

Equinix’s IOA Playbook and IOA Knowledge Base outline a process for segmenting traffic flows which delves deeply into the reasons for and steps involved in segmenting WAN traffic at the digital edge (see diagram below).


The steps that are covered include:

  1. Selecting the segmentation approach to accommodate public cloud, partner and field area network demands.
  2. Workload risk classification and determining the suitability of different cloud models for each workload (e.g., internet/public cloud, hybrid or private).
  3. Deploying high-risk/medium-risk/low-risk access policies, as appropriate, as traffic moves to the digital edge, and application/cloud and multi-tenancy maturity increases.

The following use case exemplifies how this might work in the real world:

A global media and entertainment provider requires local presence in regions where a high density of customers requires its cloud-based apps at the best possible performance. The company deploys an IOA strategy on Platform Equinix™ at the nearest digital edge location, rather than from a centralized data center, leveraging the Equinix Performance Hub and Cloud Exchange to establish interconnection hubs in both South and North Asia. As a result, the company can move more of its enterprise apps to the digital edge, while delivering a superior quality of experience to its customers.

With the right planning that considers multiple cost-effective options at the digital edge, localized traffic can deliver LAN-like speed, latency and cost. Perhaps most importantly, segmentation at the edge reduces complexity and offers a flexible foundation for intelligent workload placement and resource investment in more agile, virtualized networking technologies.

Read the IOA Playbook to see how to segment traffic flows at the digital edge for far greater efficiency, flexibility and security and far less cost.

For more on this topic, check out the following blogs:


Subscribe to the Equinix Blog