nanog mailing list archives

Re: Network Segmentation Approaches

From: charles () thefnf org
Date: Wed, 06 May 2015 14:59:53 -0500

Consider setting up a separate zone or zones (via VLAN) for devices
with embedded TCP/IP stacks.  I have worked in several shops using
switched power units from APC, SynAccess, and TrippLite, and find that
the TCP/IP stacks in those units are a bit fragile when confronted
with a lot of traffic, even when the traffic is not addressed to the
embedded devices.


Yes! This.

I used to have my PDUs/term serves/switches all on one VLAN. As growthoccurred, they get broken out to dedicated VLANs. With that, the amountof false positives from Zenoss went way down (frequently port 80 wouldreport down, then clear). I still get some alerts, but far lessfrequently.

Current thread:

Network Segmentation Approaches nanog1 (May 04)
- Re: Network Segmentation Approaches Rich Kulawiec (May 05)
  - Re: Network Segmentation Approaches Mark Andrews (May 05)
    - Re: Network Segmentation Approaches Gene LeDuc (May 05)
- Re: Network Segmentation Approaches Jimmy Hess (May 05)
- Re: Network Segmentation Approaches Stephen Satchell (May 05)
  - Re: Network Segmentation Approaches charles (May 06)
    - Re: Network Segmentation Approaches Christopher Morrow (May 06)
- RE: Network Segmentation Approaches Keith Medcalf (May 05)
  - Re: Network Segmentation Approaches Joel Maslak (May 05)
- <Possible follow-ups>
- Re: Network Segmentation Approaches Scott Weeks (May 06)
  - Re: Network Segmentation Approaches Rich Kulawiec (May 06)
  - Re: Network Segmentation Approaches Andrew Jones (May 06)
- Re: Network Segmentation Approaches Scott Weeks (May 06)
  - Re: Network Segmentation Approaches Rich Kulawiec (May 07)
    - [no subject] Jimmy Hess via NANOG (May 07)
- Re: Network Segmentation Approaches Scott Weeks (May 06)