# Multi Network Segmentation {% embed url="" %} Netmaker enables you to design and operate multiple independent overlay networks within a single control plane.\ Each network functions as its own isolated security domain with dedicated policies, access controls, and routing behaviour. This architecture allows enterprises to enforce strict segmentation across environments, tenants, business units, or compliance zones — without deploying separate physical infrastructure. *** ### Create Multiple Isolated Networks by Design Unlike traditional segmentation models that divide a single network into subzones, Netmaker allows you to create entirely separate overlay networks, each with: * Independent peer membership
* Dedicated access control policies
* Separate DNS configuration
* Custom routing and egress rules
* Distinct security boundaries
Each overlay network is logically isolated and cryptographically independent, ensuring clear operational separation across environments. *** ### Environment Separation Without Infrastructure Duplication Design dedicated networks for: * Production
* Staging
* Development
* QA
* Customer environments
* Partner access
* Compliance-regulated workloads
All networks remain centrally managed while maintaining strict isolation. This enables: * Reduced lateral movement risk
* Clear blast-radius containment
* Simplified governance
* Predictable security enforcement *** ### Multi-Tenant & MSP-Ready Architecture For enterprises, OEMs, and managed service providers, multi-network capability is critical. Netmaker supports: * Customer-isolated overlay networks
* Per-tenant policy enforcement
* Role-based access is scoped per network
* Centralised observability across all networks
This allows organisations to operate multiple secure domains from a unified platform while preserving tenant isolation. *** ### Zero Trust Segmentation Within and Across Networks Segmentation operates at two levels: 1. Between networks — full logical isolation
2. Within networks — granular peer-to-peer policy enforcement
This layered model strengthens Zero Trust architecture by ensuring: * No implicit trust based on location
* Explicit authorization for all connectivity
* Default-deny policy support
* Conditional and Just-In-Time access controls
*** ### Hybrid & Multi-Region Consistency Each overlay network can span: * Cloud providers (AWS, Azure, GCP)
* On-prem data centres
* Edge deployments
* Global regions
Segmentation policies apply consistently across environments without relying on physical topology. *** ### Observability Across Multiple Networks Manage and monitor all overlay networks from a centralised control plane. Gain visibility into: * Network-level traffic flows
* Cross-segment communication
* Policy enforcement events
* Administrative actions
Operate multiple secure domains without sacrificing clarity or governance. *** ### Why Multiple Networks Matter Modern infrastructure is not a single flat network. Enterprises require: * Separation of duties
* Regulatory boundaries
* Tenant isolation
* Environment partitioning
* Independent security domains
Netmaker’s multi-overlay architecture provides these capabilities natively, without introducing routing complexity or centralised bottlenecks.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://learn.netmaker.io/features/multi-network-segmentation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.