CCNP Chapter 5: Network Visibility & Segmentation

Introduction to Network Visibility

Network visibility refers to the ability to see and understand everything happening within your network. It's critical for monitoring performance, detecting anomalies, and enhancing security posture. Visibility tools provide deep insights into traffic flow, application usage, and user behavior.

One key solution is the use of NetFlow and IPFIX, which export flow data for analysis.

NetFlow, IPFIX, and Telemetry

NetFlow and IPFIX are protocols that capture metadata about traffic flows. These technologies help network administrators understand which applications consume bandwidth and identify abnormal usage patterns.

Telemetry pushes real-time data directly from network devices to collectors, offering faster and more efficient data delivery than traditional polling.

flow exporter EXPORTER-1
 destination 192.168.100.100
 transport udp 2055
 export-protocol netflow-v9
 template data timeout 60

Micro-Segmentation

Micro-segmentation divides the network into smaller zones to isolate workloads and improve security. This limits lateral movement in case of a breach and enhances policy enforcement. Technologies such as Cisco ACI and TrustSec enable micro-segmentation based on user identity and role.

Cisco TrustSec

TrustSec is Cisco's security architecture that simplifies policy enforcement across a network by using Security Group Tags (SGTs). Policies are defined once and enforced consistently, independent of IP addresses or VLANs.

cts role-based enforcement
cts device-id "SW1"
cts sgt 10