1. BYOSwerx Knowledge Base
  2. BYOS Management Console

Managing Zones

An overview about how Zones work in the Byos SL Overlay

Overview

The Byos Secure Lobby Overlay is an overlay network within the Byos platform. It enables Secure Edges to have secure communications between themselves and the Internet using Layer 2 Tunnels.

What is a Zone?

A Zone is a region within the Secure Lobby Overlay, that is used to segment and control traffic between Edges. The Default Zone within the Byos Overlay is set at 172.20.0.X/16

How does a Zone relate to a Policy Group?

Policy Groups are assigned to Zones, and thus a Policy Group’s Edges will will be governed by the Zone’s networking settings in the Byos Secure Lobby Overlay.

How do Zones and Edges Relate?

An Edge will be enrolled into a Policy Group, and the Zone will thus be inherited from the Group.

What is the Hierarchy of the Byos Network?

This is the hierarchy of terms within the Byos Solution:

  • Zones - Network zones within the Byos Secure Lobby Overlay, ability to be
  • Policy Group - A group of Edges, with an assigned set of policies, configured in the Management Console
  • Edge - A Byos Secure Edge device
  • Microsegment - The internal network created by the Byos Edge, isolated from any the outer WAN side of the Edge.
  • Asset - Any Device connected to the Byos Edge, inside the microsegment

Here is a brief graphic representation of How Zones, Policy Groups, Edges, and Assets Works together:

  • Zone 1
    • Only allowed to access Zone 2 outbound
  • Zone 2
    • allows inbound Access From Zone 1 & Zone 3
    • Is allowed to access Zone 3 outbound
  • Zone 3
    • Bidirectional (inbound and outbound) traffic to and from Zone 2
Notion Image

Viewing the Zones In your Byos Secure Lobby Overlay

Notion Image

Creating a Zone

  1. Names the Zone.
  1. Select the Network and CIDR for the Zone.
     
     
    ⚠️ Note: the CIDR will impact the amount of Hosts available within the Zone. CIDR: 16 - 65534 Hosts CIDR: 24 - 254 Hosts CIDR: 25 - 126 Hosts CIDR: 26 - 62 Hosts CIDR: 27 - 30 Hosts CIDR: 28 - 14 Hosts CIDR: 29 - 6 Hosts
     
  1. Select which Policy Groups will belong to the Zone.
  1. Select the other Zones that will have inbound access to this newly created Zone.
  1. Select the other Zones this newly created Zone will have outbound access to.
Notion Image

Updating a Zone

When a Zone is clicked on, the side bar will display it’s information. All Zone settings can be modified:

  • Zones Name
  • Zone Network ID & CIDR
  • Inbound and Outbound Connections between Zones
  • Which Policy Groups belong to the Zone
Notion Image
 

Deleting a Zone

When a Zone is deleted, all Policy Groups in that Zone will be moved back to the Default Policy Group. They can be re-assigned once the Zone is deleted.

ℹ️The Default Zone is not able to be deleted.

Zone Conflicts

When creating Zones, it is necessary for each zone to have a unique Network ID to avoid routing conflicts within the Overlay.

Notion Image

Internal Microsegment Network IDs set at the Policy Group level also need to be unique so that there are not conflicts between Microsegments and Zones.