North-south traffic describes network communication between client and server — or traffic flowing into an organization's internal network from the outside. Often called "external" traffic as a result, north-south traffic is generated when devices within an organization communicate with devices or services elsewhere. This can also include communication with cloud-based services.
This internal-external communication necessitates the need for clear network boundaries, defined by a networking perimeter. Traffic attempting to enter the internal network from outside must often pass through gateways or firewalls to help prevent malicious payloads from slipping through. This is where the castle-and-moat approach to networking can come into play.
What are some examples of north-south traffic?
Web browsing and emailing are good examples of north-south communication, as is consumption of cloud services. Any device physically or virtually located within a datacenter that talks with another outside of the datacenter generates north-south traffic.
In other words, any device or service that connects to the internet to communicate externally fits this definition. Our functional idea of the "worldwide web" is built upon north-south traffic flows. This can also include the concept of Kubernetes ingress, where routing external clients into the cluster is critical to accessing virtual services.
What are some unique considerations around north-south traffic?
Since organizations are accepting traffic from external clients across the web, cybersecurity remains a key concern for DevSecOps teams. As with any system that handles sensitive data, preventing unwanted access, lockout, theft, or loss — and doing so without impacting network performance — is highly important.
That often means setting up network perimeters and similar security measures. It also requires understanding the challenge of managing endpoints that aren't as well-defined or limited in number as they once were.
Does HAProxy support north-south traffic?
Yes! HAProxy One — the world's fastest application delivery and security platform — is built to handle (and provide WAF plus DoS protection to) all types of external traffic from web applications, APIs, and AI services. You can deploy HAProxy in any multi-cloud, hybrid-cloud, or on-premises environment, while HAProxy Fusion helps you easily manage traffic flowing through your HAProxy Enterprise clusters.