Network Segmentation


need to isolate own boxes from customer-controlled ones
and even own ones are split into groups

need to isolate customer-controlled boxes from each other

many many VLANs
complexity - thus complex switch management

Firewalls as point of policy enforcement
between servers and the internet
between the VLANs