Definition

east-west traffic

East-west traffic, in a networking context, is the transfer of data packets from server to server within a data center. The term east-west for this type of traffic comes from network diagram drawings that usually depict local area network (LAN) traffic horizontally. In contrast, north-south traffic describes client-to-server traffic that moves between the data center and a location outside of the data center network. North-south traffic is typically depicted vertically to illustrate traffic that flows above or below the data center.

In the past few years, the volume of east-west traffic has grown as a result of virtualization and data center trends such as converged infrastructure. Today, network controllers, virtual machines (VMs) and other devices perform various functions and services that previously ran on physical hardware. As these components relay data to each other, they increase traffic on the network, which in turn, can cause latency issues that negatively impact network performance. For example, if hosts on one access switch need to quickly communicate with systems on another access switch, uplinks among the access layer and aggregation layer become congested.

To compensate, many organizations have migrated from traditional three-layer data center architectures to various forms of leaf-spine architectures. The simplicity of a leaf-spine approach is well-suited to handling higher volumes of east-west traffic; leaf switches consolidate traffic from users and then connect to the spine, which comprises the network core of servers and storage systems.

East-west traffic and north-south traffic in leaf-spine architecture
East-west traffic

Securing east-west traffic

Visibility into east-west traffic is critical for organizations to determine the best security practices for their networks and data centers. While many organizations tend to focus on securing external traffic that enters their networks, it is increasingly important for organizations to monitor internal traffic patterns for malware that has infiltrated the network and insider threats

Microsegmentation can significantly reduce the surface available for malicious activity and lessen the impact of an attack on east-west traffic. If the data center is segmented into logical units, data center administrators can tailor unique security policies and rules for each logical unit. This tighly-coupled approach eliminates the tedious, error-prone manual configuration processes that often lead to security flaws after a migration.

SDN and east-west traffic

Software-defined networking (SDN) provides another level of control and management to east-west traffic. Organizations that deploy a software-defined network on a leaf-spine fabric can take advantage of the equal nature of each port and also retain the advantages of security zones, traffic engineering and virtual overlay networks. With an SDN controller that manages edge policies for each port, policies can be moved with a workload. This makes the fabric more agile and responsive to business needs, thus making east-west traffic management more efficient.

This was last updated in April 2017

Continue Reading About east-west traffic

Dig Deeper on Software-defined data center

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your organization approach security in regard to east-west traffic?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchNetworking

SearchEnterpriseWAN

SearchCloudProvider

SearchUnifiedCommunications

SearchSecurity

  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...

SearchDataCenter

Close