Prisma SD-WAN VRF
Table of Contents
Prisma SD-WAN VRF
VRFs are a tool for segmenting networks and traffic optimization. This approach
divides a WAN into smaller and performance for better user experiences and
productivity.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Prisma SD-WAN supports Virtual Routing and Forwarding tables (VRFs) for Network (aka WAN)
segmentation of application traffic. Network segmentation is a design strategy that
divides a WAN into smaller, isolated networks, or segments. This approach helps to
improve network security, optimize network traffic, and ensure high availability of
network resources.
By segmenting the network, you can isolate different departments, locations, or types of
traffic onto separate network segments. It reduces the risk of unauthorized access,
limits the impact of security breaches, and provides better control over network
resources.
WAN Segments are first defined in global VRF profiles. These VRF profiles are then bound
to sites. After that, interfaces are configured with the appropriate VRF. When traffic
enters the interface, it only considers destinations with the same VRF locally or across
the fabric. If the traffic is destined to go across the fabric, it gets automatically
encapsulated with a unique identifier specific to that VRF. Once the traffic reaches the
remote ION, it can egress onto the VRF that is appropriately configured.
Network segmentation will help achieve isolation of application traffic for you who share
the same WAN infrastructure by carrying the segment identifier over the WAN overlay.
There are many applications and services on the network, each with various levels of
security posture. A multi-segment solution is required to maximize control and
separation between network segments.