east-west traffic

east-west traffic

East-west traffic, in a networking context, is the transfer of data packets from server to server within a data center. The term east-west for this type of traffic comes from network diagram drawings that usually depict local area network (LAN) traffic horizontally. In contrast, north-south traffic describes client-to-server traffic that moves between the data center and a location outside of the data center network. North-south traffic is typically depicted vertically to illustrate traffic that flows above or below the data center.

In the past few years, the volume of east-west traffic has grown as a result of virtualization and data center trends such as converged infrastructure. Today, network controllers, virtual machines (VMs) and other devices perform various functions and services that previously ran on physical hardware. As these components relay data to each other, they increase traffic on the network, which in turn, can cause latency issues that negatively impact network performance. For example, if hosts on one access switch need to quickly communicate with systems on another access switch, uplinks among the access layer and aggregation layer become congested.

To compensate, many organizations have migrated from traditional three-layer data center architectures to various forms of leaf-spine architectures. The simplicity of a leaf-spine approach is well-suited to handling higher volumes of east-west traffic; leaf switches consolidate traffic from users and then connect to the spine, which comprises the network core of servers and storage systems.

East-west traffic and north-south traffic in leaf-spine architecture

Securing east-west traffic

Visibility into east-west traffic is critical for organizations to determine the best security practices for their networks and data centers. While many organizations tend to focus on securing external traffic that enters their networks, it is increasingly important for organizations to monitor internal traffic patterns for malware that has infiltrated the network and insider threats.

Microsegmentation can significantly reduce the surface available for malicious activity and lessen the impact of an attack on east-west traffic. If the data center is segmented into logical units, data center administrators can tailor unique security policies and rules for each logical unit. This tighly-coupled approach eliminates the tedious, error-prone manual configuration processes that often lead to security flaws after a migration.

SDN and east-west traffic

Software-defined networking (SDN) provides another level of control and management to east-west traffic. Organizations that deploy a software-defined network on a leaf-spine fabric can take advantage of the equal nature of each port and also retain the advantages of security zones, traffic engineering and virtual overlay networks. With an SDN controller that manages edge policies for each port, policies can be moved with a workload. This makes the fabric more agile and responsive to business needs, thus making east-west traffic management more efficient.