In DC, what do you think about small IP subnets like /28-/31 and having the firewall do all the routing between subnets? That way you could do sort of micro segmentation with a physical (well or a virtual but anyway separate from the VM platform) firewall.
Does it cause much latency? I think it wouldn't, as the firewall could use the ASICs for the simpler rules.
No comments:
Post a Comment