Multi Network Segmentation

Netmaker enables you to design and operate multiple independent overlay networks within a single control plane. Each network functions as its own isolated security domain with dedicated policies, access controls, and routing behaviour.

This architecture allows enterprises to enforce strict segmentation across environments, tenants, business units, or compliance zones — without deploying separate physical infrastructure.

Create Multiple Isolated Networks by Design

Unlike traditional segmentation models that divide a single network into subzones, Netmaker allows you to create entirely separate overlay networks, each with:

• Independent peer membership

• Dedicated access control policies

• Separate DNS configuration

• Custom routing and egress rules

• Distinct security boundaries

Each overlay network is logically isolated and cryptographically independent, ensuring clear operational separation across environments.

Environment Separation Without Infrastructure Duplication

Design dedicated networks for:

• Production

• Staging

• Development

• QA

• Customer environments

• Partner access

• Compliance-regulated workloads

All networks remain centrally managed while maintaining strict isolation.

This enables:

• Reduced lateral movement risk

• Clear blast-radius containment

• Simplified governance

• Predictable security enforcement

Multi-Tenant & MSP-Ready Architecture

For enterprises, OEMs, and managed service providers, multi-network capability is critical.

Netmaker supports:

• Customer-isolated overlay networks

• Per-tenant policy enforcement

• Role-based access is scoped per network

• Centralised observability across all networks

This allows organisations to operate multiple secure domains from a unified platform while preserving tenant isolation.

Zero Trust Segmentation Within and Across Networks

Segmentation operates at two levels:

1. Between networks — full logical isolation

2. Within networks — granular peer-to-peer policy enforcement

This layered model strengthens Zero Trust architecture by ensuring:

• No implicit trust based on location

• Explicit authorization for all connectivity

• Default-deny policy support

• Conditional and Just-In-Time access controls

Hybrid & Multi-Region Consistency

Each overlay network can span:

• Cloud providers (AWS, Azure, GCP)

• On-prem data centres

• Edge deployments

• Global regions

Segmentation policies apply consistently across environments without relying on physical topology.

Observability Across Multiple Networks

Manage and monitor all overlay networks from a centralised control plane.

Gain visibility into:

• Network-level traffic flows

• Cross-segment communication

• Policy enforcement events

• Administrative actions

Operate multiple secure domains without sacrificing clarity or governance.

Why Multiple Networks Matter

Modern infrastructure is not a single flat network.

Enterprises require:

• Separation of duties

• Regulatory boundaries

• Tenant isolation

• Environment partitioning

• Independent security domains

Netmaker’s multi-overlay architecture provides these capabilities natively, without introducing routing complexity or centralised bottlenecks.