Anyone who would consider Layer-2 security to be a step up in IPv6 from the level achieved in IPv4 which happened about a decade ago, should seriously reconsider their position.
Unfortunately, time has shown that the improvements that were addressed are still concerns to most professionals. The same basic problems that were solved in IPv4 (DHCP spoofing-ND spoofing in lieu of of ARP spoofing) along with a few new ones that were unique with IPv6 are present (fragmented headers, RA guard).
Fortunately, there is considerable cause for hope. One Avenue that deserves serious consideration is to cease the reliance on large failure type domains built with technology from 40 years ago that functions like thick coaxial cabling (Ethernet).
It should also be admitted that several network edge devices support L2 forwarding as well as IPv6 routing. The use of Ethernet should also be limited to applications that it was specifically designed to be used for, such as a data link over short networks between adjacent devices.
This step toward micro segmentation would lead to a huge improvement in speed and reliability.
Fortunately, there are many possible solutions to these problems that lend themselves to use in production environments that are large in scale, but this is just a start. With the evolution of the technology needed to perform these functions, there is considerable reason for excitement for those who are forced to deal with these issues.
Micro segmentation is just one of the possible solutions, although for the time being, it remains a strong one. The best part of this promise is that the technology necessary to use micro segmentation as a solution already exists.
As has already been proven, instead of LANs reaching longer and longer systems, which might be their ultimate goals, micro segmentation of these systems makes not only working with them easier, but makes identifying and solving problems with them faster and easier.
Network Problem Solving
Another promising situation that this goal demonstrates is the ability that the concept of micro segmentation offers toward not only solving network problems, but exploring and creating opportunities for future development.
All too frequently, these technological advances remain in the domain of ivory tower theory but fail to reach cutting edge advancements in the field where they are needed and solve real world problems.
The purpose of these advancements is their applications in business and personal uses outside of the research institutions, especially where micro segmentation has already proven itself towards carrying significant data loads wherever it is needed.
Finally, it should be remembered that wherever micro segmentation is considered, there should always be significant planning for its application. Just as is the case with so many other data applications, micro segmentation should not be considered an end-all.
Instead, it should be considered another step in the right direction towards development of a more efficient and cost-effective tool of the LAN system. Wherever and however it is applied to real world problems, it should be kept as one solution among many that can be used to create more robust networks in the future.
Done right, micro segmentation is a step in the right direction.
- License: Image author owned
- License: Image author owned
Katrina racks them in for the market leader of custom racking products at Rack Solutions – visit us today.