consul/website/pages/docs/enterprise/network-segments.mdx

51 lines
2.6 KiB
Markdown

---
layout: docs
page_title: Consul Enterprise Network Segments
sidebar_title: 'Network Segments'
sidebar_current: docs-enterprise-network-segments
description: |-
Consul Enterprise enables you create separate LAN gossip pools within one
cluster to segment network groups.
---
# Network Segments
Consul Network Segments enables operators to create separate LAN gossip segments
in one Consul cluster. Agents in a segment are only able to join and communicate
with other agents in it's network segment. This functionality is useful for
clusters that have multiple tenants that should not be able to communicate
with each other.
To get started with network segments you can review the guide on HashiCorp Learn for
[Network Segments](https://learn.hashicorp.com/consul/day-2-operations/network-segments).
~> **Note:** Due to limitations in [Serf](/docs/internals/gossip), a Consul agent configured with too many network segments may not be able to start
# Consul Networking Models
To help set context for this feature, it is useful to understand the various
Consul networking models and their capabilities.
**Cluster:** A set of Consul servers forming a Raft quorum along with a
collection of Consul clients, all set to the same
[datacenter](/docs/agent/options#_datacenter), and joined together to form
what we will call a "local cluster". Consul clients discover the Consul servers
in their local cluster through the gossip mechanism and make RPC requests to
them. LAN Gossip (OSS) is an open intra-cluster networking model, and Network
Segments (Enterprise) creates multiple segments within one cluster.
**Federated Cluster:** A cluster of clusters with a Consul server group per
cluster each set per "datacenter". These Consul servers are federated together
over the WAN. Consul clients make use of resources in federated clusters by
forwarding RPCs through the Consul servers in their local cluster, but they
never interact with remote Consul servers directly. There are currently two
inter-cluster network models which can be viewed on HashiCorp Learn:
[WAN gossip (OSS)](https://learn.hashicorp.com/consul/security-networking/datacenters)
and [Network Areas (Enterprise)](https://learn.hashicorp.com/consul/day-2-operations/advanced-federation).
**LAN Gossip Pool**: A set of Consul agents that have full mesh connectivity
among themselves, and use Serf to maintain a shared view of the members of the
pool for different purposes, like finding a Consul server in a local cluster,
or finding servers in a remote cluster. A **segmented** LAN Gossip Pool limits a
group of agents to only connect with the agents in its segment.