What is east-west traffic?
East-west traffic refers to the transfer of data packets that move from server to server within a network's data center. The term for this type of traffic comes from network diagram drawings that usually depict LAN traffic horizontally.
In contrast, north-south traffic describes client-to-server traffic that moves between the data center and an outside location. Diagrams typically depict north-south traffic vertically to illustrate traffic flowing above or below the data center.
The growth of east-west traffic volume is due to virtualization and converged infrastructure. Network controllers and virtual machines perform functions and services once exclusive to physical hardware. These components increase network traffic as they relay data to each other. This can cause latency issues that negatively affect network performance. For example, if hosts on one access switch need to quickly communicate with systems on another access switch, uplinks among the access and aggregation layers can become congested.
Many organizations have migrated from traditional three-layer architectures to various leaf-spine architectures to address these issues. Leaf-spine's simplicity is well-suited to handle higher east-west traffic volumes. Leaf switches consolidate user traffic and connect to the spine comprising servers and storage systems.
How to secure east-west traffic
East-west traffic visibility is critical for organizations to determine the best security practices for their networks and data centers. Many organizations focus on securing external traffic that enters their networks. However, it's also important for network teams to monitor internal traffic patterns. This enables them to detect malware that has infiltrated the network and track insider threats.
Microsegmentation also significantly reduces surface availability for malicious activity and lessens the effect of an attack on east-west traffic. When network administrators segment the data center into logical units, they can tailor unique security policies and rules for each logical unit. This approach eliminates tedious, error-prone manual configuration processes, which often lead to security flaws post-migration.
SDN and east-west traffic
Software-defined networking provides another level of control and management to east-west traffic. Organizations that deploy SDN on a leaf-spine fabric can take advantage of each port's equal nature. They can also retain the advantages of security zones, traffic engineering and virtual overlay networks.
An SDN controller manages each port's edge policies, which can move with a workload. The fabric becomes more flexible and responsive to business needs, which makes east-west traffic management more efficient.
