North-South vs East-West Trafficby Iwan Price-Evans on Networking • July 13, 2022
The points of a compass are used to describe network traffic flow within a data center or cloud environment. The terms North-South and East-West refer to traffic flowing across private and public networks. These are the concepts of data traffic on a private network flowing horizontally (east and west) and data traffic flowing vertically (north and south) between a private network and public networks.
The two traffic patterns of North-South and East-West apply in all data centers, whether in the cloud, physical data center, or hybrid environment.
Organizations used to 'trust and verify' traffic flowing East-West because the private network was considered secure. North-South traffic was considered untrustworthy. This perimeter-focussed approach no longer fits with modern zero-trust security management.
Modern microservices architectures enable agile development but the constant release of application updates creates new challenges for DevOps teams. They must create and manage North-South and East-West traffic flows between the many services that support applications while maintaining reliability and security.
North traffic refers to network traffic flowing out of a private network (Northbound traffic). South refers to data flowing into a private network via a firewall or other network routing device (Southbound traffic).
Communication between entities inside a private cloud or data center and external (public) entities is considered North-South traffic.
North-South traffic examples:
- A public browser client sends a southbound request for resources on a web application server. In this scenario, the northbound traffic would be the server response to the client.
- A (REST) API can be implemented as the interface to external entities. This northbound API can allow components like network controllers to communicate with higher-level network components.
North-South traffic typically contains communications such as database queries, commands, or other data submissions being sent and received. The public and private nature of these communications make them untrusted therefore the security of the private network relies on firewalls and network monitoring at the perimeter.
East-West traffic refers to network traffic flowing across a private network.
Modern cloud infrastructure can produce larger volumes of East-West traffic than traditional infrastructure. All VMs, containers, network devices, and network controllers inside a private network generate communication traffic. This is all East-West traffic.
East-West traffic examples:
- Routers exchanging routing table information.
- Switches exchanging spanning-tree information.
- Microservice and API communications.
- A LAN client communicating with a server.
In the past, internal East-West traffic was considered to be trusted because it was inside a physical boundary. Today's zero-trust approach to security is born out of the failures of these older assumptions. East-West traffic will always be vulnerable to cybersecurity threat actors infiltrating internal networks or insider threats. This is why modern networks require intelligent threat monitoring of East-West traffic.
East-West Load Balancing and Security
Organizations are preferring private cloud infrastructure for many reasons but East-West traffic in these environments can cause latency that impacts the network performance.
Cloud-based microservices create an increased number of connections between networked components, and this increases East-West traffic. As these cloud networks get ever more complex, it's important to manage the traffic between the microservices and other virtual components.
Using a load balancer to manage East-West traffic ensures service reliability and removes potential points of failure.
Snapt Nova provides load balancing and WAF security on-demand for both North-South and East-West traffic. Nova is designed for modern distributed applications, with support for multi-cloud, autoscaling, service discovery, containers, and microservices, making it an ideal solution for East-West load balancing and security.