Blog
/
Illumio Products

Little Known Features of Illumio ASP – Broadcast and Multicast Filters

Illumio Editorial
June 25, 2020
23 min. read
golf

Have you ever tried to find a golf ball in a bush, a ring at a beach, or something similar? If you have, you know how hard that can be. It takes time, requires lots of concentration, and the processes can be arduous.

Illumio’s Adaptive Security Platform (ASP) provides a real-time application dependency map, known as Illumination. The map draws a traffic line for every flow between any two workloads. These lines help users easily identify communications and quickly access details about the traffic between them.

Although this visibility helps users build policies, the map can be noisy with many traffic lines, particularly when broadcast and multicast traffic is present. That line density can make traffic identification difficult – like finding a golf ball in a bush.

Broadcast and multicast traffic can lower your application visibility

Today, enterprises rely on many connected applications and services to run their business. Some applications and services talk to one another through something known as a unicast, which sends traffic to only one peer at a time. Alternatively, others leverage broadcast and/or multicast to operate. Regardless of whether the traffic is unicast, broadcast, or multicast, Illumination visualizes traffic lines on its maps. This give users great traffic visibility in their environment.

That said, as mentioned above, the maps can become unnecessarily overcrowded with the presence of broadcast and multicast.

When a workload sends out broadcast traffic, all workloads in the broadcast domain receive it and report it to Illumio ASP. As a result, each received workload has traffic lines connecting workload activity. The total number of links depends on the size of a subnet. For example, in a fully populated /24 IP subnet, broadcast traffic from one workload can generate 253 traffic links.

Below are two views of Illumination. The first shows the map with only unicast traffic flows, and the second shows the map with unicast, broadcast, and multicast.

illuminationmap1
Figure 1 – An Illumination map with only unicast traffic lines

illuminationmap2
Figure 2 – An Illumination map with unicast, broadcast, and multicast traffic lines

Comparing the two maps, it is obvious that the second is much more crowded than the first, due to the visualization of broadcast and multicast traffic.

Imagine you are going to write policies to cover your applications that have nothing to do with the broadcast or multicast traffic. You would need to go through each of the links carefully, select the ones for your application, and ignore those broadcast and/or multicast traffic lines. What you need is a way to quickly filter out the broadcast and/or multicast traffic so you can visualize your data flow more easily.

But what if I don’t have broadcast or multicast applications?

This is a trick question. You may think you do not run any services using broadcast or multicast, and thus, you don’t face this overcrowding challenge. In fact, you may be surprised to find out that some services that come as part of server OS rely on broadcast and/or multicast traffic to operate – and enable this traffic by default. An example of this is Windows NetBIOS name services. This has been around for a long time, and many enterprise applications operate on a Windows OS. Those broadcast traffic links may reveal themselves in an application dependency map, therefore muddling the clarity of the map insights.

The simple, little known features: Broadcast and multicast features

To avoid your application visibility being clouded by broadcast and multicast traffic, Illumination provides broadcast and multicast map filters. Users can simply click on them to exclude or include broadcast/multicast traffic from their map. This improves visibility and usability, allows users to easily build policies, and saves time.

To access the filters, referring to the figure below, you can click on the Filter menu in the maps. From the drop-down, you can see the Broadcast and Multicast filter options. When they are checked, broadcast and multicast traffic is shown in the map. To hide them, simply unchecked those options. It’s that simple.

filter

Finding a golf ball in a bush is hard. Finding the right traffic for your application does not have to be hard.

If you have broadcast and/or multicast in your environment that overcrowds your Illumination maps, try out these simple but powerful broadcast and multicast filters. It makes allocating your application flows easier, allowing you to uncover meaningful insights and write policies faster.

For more information about Illumio ASP and how it works, visit: https://www.illumio.com/products/illumio-core

Related topics

No items found.

Related articles

Nano-segmentation℠: What is the fuss all about?
Illumio Products

Nano-segmentation℠: What is the fuss all about?

Nano-segmentation enables enterprises to segment applications to the most granular extent possible. Ideally reducing the need to “define fuss.”

Read more
Cloud Breach Response and Containment With Illumio CloudSecure
Illumio Products

Cloud Breach Response and Containment With Illumio CloudSecure

Learn why cloud breach response matters now and how to use Illumio CloudSecure to contain the next unavoidable cloud attack.

Read more
Fight Ransomware Fast With Enforcement Boundaries
Illumio Products

Fight Ransomware Fast With Enforcement Boundaries

You have two main ways to fight ransomware. You can either be proactive, working to block future attacks. Or you can be reactive, responding to an active breach.

Read more
No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more