Named Networks
Overview
Named Networks provide a powerful abstraction layer for managing IP addresses and subnets by grouping them under meaningful, human-readable identifiers. This approach transforms how enterprises define, manage, and scale network segmentation policies—especially in dynamic environments like Kubernetes, hybrid cloud, and multi-cloud infrastructures.
Why Use Named Networks?
In today’s fast-paced, scalable environments, creating IP-based segmentation policies can be cumbersome and error-prone.
Named Networks simplifies policy creation and management by offering an intuitive and dynamic approach to managing network communications:
✅ Logical Grouping
Named Networks allow administrators to group related IP addresses or subnets under a descriptive, meaningful name (e.g., the named network k8s-cluster-02-node-pools is configured with the IP address 192.168.42.1/24, which represents the node pool in that cluster). This abstraction simplifies policy creation and management.
✅ Policy Simplification
Instead of crafting segmentation rules for individual IP addresses or ranges, administrators can reference a Named Network. This reduces complexity, minimizes errors, and improves consistency across environments.
✅ Dynamic Updates
Named Networks can be centrally updated — adding, removing, or modifying IP addresses — without the need to rewrite every policy. This decouples policy logic from static IP dependencies, enabling faster and safer changes.
✅ Segment Association
Named Networks can be explicitly associated with one or more Segments in Xshield, creating a powerful mapping between logical application or service tiers and the underlying network configuration.
Pre-Configured Named Networks for AWS Services
The XShield Security Platform includes a comprehensive set of pre-configured named networks tailored specifically for Amazon Web Services (AWS). These named networks represent well-known AWS services—such as Amazon API Gateway, Amazon Connect, and others—across various AWS regions.
These predefined network entities can be directly assigned to policy templates and segmentation rules, significantly simplifying the policy creation process for operators. By abstracting complex service endpoints into easily identifiable named networks, XShield enables faster, more accurate policy configurations while reducing the risk of misconfiguration.
🎯 Benefits of Using Named Networks
| Benefit | Description |
|---|---|
| Simplified Management | Manage policies using names instead of raw IPs, reducing the chance of errors. |
| Reduced Policy Count | Fewer individual policies needed when referencing grouped IPs. |
| Improved Readability | Policies are easier to understand and audit with human-readable references. |
| Centralized Updates | Modify IP mappings in one place without having to touch all dependent policies. |
| Scalability | Ideal for dynamic infrastructures such as Kubernetes, cloud-native apps, and multi-cloud environments. |
| Faster Policy Deployment | Simplifies the rollout of segmentation policies across distributed systems. |
| Enhanced Visibility | Provides a high-level view of network communications, making it easier to monitor and troubleshoot. |
Use Case Examples
-
Kubernetes Environments Challenge: IPs of pods and services change frequently. Solution: Group dynamic IPs under logical names like frontend-pods, backend-services, or db-nodes. Benefit: Simplifies network policy creation and ensures consistent segmentation even as workloads scale or shift.
-
Hybrid and Multi-Cloud Infrastructure Challenge: Managing IPs across AWS, Azure, GCP, and on-premises environments. Solution: Use Named Networks to abstract cloud-specific IPs into unified labels like prod-database, dev-api, or shared-services. Benefit: Enables centralized policy management across diverse infrastructures
-
Compliance and Auditing Challenge: Demonstrating network segmentation for regulatory frameworks (e.g., PCI-DSS, HIPAA). Solution: Named Networks provide clear, auditable labels for policy enforcement. Benefit: Simplifies reporting and ensures alignment with compliance requirements.
Summary
Named Networks are a foundational feature for building scalable, clear, and dynamic segmentation policies in ColorTokens Xshield. By shifting from static IP references to named abstractions, security teams gain agility, reduce operational overhead, and improve policy accuracy.