John Harrington of The Network Sherpa comments:
In a typical workflow, the network engineer will ask the service owner which ports they require open, and they often don’t know. A wasteful and extended back-and-forth debate continues until the rule is deployed. The key challenge here is that the service owner owns the requirement but doesn’t know what their service does at the network layer. The temptation is to insert wide rules, but the network engineer is accountable for the ruleset when the auditor knocks on the door.
Great perspective on a great Cisco Live Berlin presentation. John has some thoughts about how important microsegmentation can be for edge networking devices.
Read more at: East West Segmentation With ACI