2017-09-04 22:44:13 +00:00
|
|
|
---
|
2020-04-07 18:55:19 +00:00
|
|
|
layout: docs
|
|
|
|
page_title: Consul Enterprise Network Segments
|
2020-04-13 18:40:26 +00:00
|
|
|
sidebar_title: Network Segments
|
2017-09-04 22:44:13 +00:00
|
|
|
description: |-
|
|
|
|
Consul Enterprise enables you create separate LAN gossip pools within one
|
|
|
|
cluster to segment network groups.
|
|
|
|
---
|
|
|
|
|
2020-03-24 20:06:20 +00:00
|
|
|
# Network Segments
|
2017-09-04 22:44:13 +00:00
|
|
|
|
2020-04-23 22:13:18 +00:00
|
|
|
<EnterpriseAlert>
|
2020-07-08 23:09:00 +00:00
|
|
|
This feature requires{' '}
|
|
|
|
<a href="https://www.hashicorp.com/products/consul/">Consul Enterprise</a>{' '}
|
|
|
|
with the Global Visibility, Routing, and Scale module.
|
2020-04-23 22:13:18 +00:00
|
|
|
</EnterpriseAlert>
|
|
|
|
|
2017-09-04 22:44:13 +00:00
|
|
|
Consul Network Segments enables operators to create separate LAN gossip segments
|
|
|
|
in one Consul cluster. Agents in a segment are only able to join and communicate
|
2020-03-24 20:06:20 +00:00
|
|
|
with other agents in it's network segment. This functionality is useful for
|
2017-09-04 22:44:13 +00:00
|
|
|
clusters that have multiple tenants that should not be able to communicate
|
|
|
|
with each other.
|
|
|
|
|
2020-03-24 20:06:20 +00:00
|
|
|
To get started with network segments you can review the guide on HashiCorp Learn for
|
|
|
|
[Network Segments](https://learn.hashicorp.com/consul/day-2-operations/network-segments).
|
2017-09-04 22:44:13 +00:00
|
|
|
|
2020-04-09 23:46:54 +00:00
|
|
|
~> **Note:** Due to limitations in [Serf](/docs/internals/gossip), a Consul agent configured with too many network segments may not be able to start
|
2020-01-09 09:41:31 +00:00
|
|
|
|
2017-09-04 22:44:13 +00:00
|
|
|
# Consul Networking Models
|
|
|
|
|
|
|
|
To help set context for this feature, it is useful to understand the various
|
|
|
|
Consul networking models and their capabilities.
|
|
|
|
|
|
|
|
**Cluster:** A set of Consul servers forming a Raft quorum along with a
|
|
|
|
collection of Consul clients, all set to the same
|
2020-04-09 23:46:54 +00:00
|
|
|
[datacenter](/docs/agent/options#_datacenter), and joined together to form
|
2017-09-04 22:44:13 +00:00
|
|
|
what we will call a "local cluster". Consul clients discover the Consul servers
|
|
|
|
in their local cluster through the gossip mechanism and make RPC requests to
|
2020-04-06 20:27:35 +00:00
|
|
|
them. LAN Gossip (OSS) is an open intra-cluster networking model, and Network
|
2017-09-04 22:44:13 +00:00
|
|
|
Segments (Enterprise) creates multiple segments within one cluster.
|
|
|
|
|
|
|
|
**Federated Cluster:** A cluster of clusters with a Consul server group per
|
|
|
|
cluster each set per "datacenter". These Consul servers are federated together
|
|
|
|
over the WAN. Consul clients make use of resources in federated clusters by
|
|
|
|
forwarding RPCs through the Consul servers in their local cluster, but they
|
|
|
|
never interact with remote Consul servers directly. There are currently two
|
2020-04-06 20:27:35 +00:00
|
|
|
inter-cluster network models which can be viewed on HashiCorp Learn:
|
2020-03-24 20:06:20 +00:00
|
|
|
[WAN gossip (OSS)](https://learn.hashicorp.com/consul/security-networking/datacenters)
|
2019-05-15 15:49:41 +00:00
|
|
|
and [Network Areas (Enterprise)](https://learn.hashicorp.com/consul/day-2-operations/advanced-federation).
|
2017-09-04 22:44:13 +00:00
|
|
|
|
|
|
|
**LAN Gossip Pool**: A set of Consul agents that have full mesh connectivity
|
|
|
|
among themselves, and use Serf to maintain a shared view of the members of the
|
|
|
|
pool for different purposes, like finding a Consul server in a local cluster,
|
|
|
|
or finding servers in a remote cluster. A **segmented** LAN Gossip Pool limits a
|
|
|
|
group of agents to only connect with the agents in its segment.
|