I am looking for possibilities (and their pros and cons) for protecting network traffic of the components of a a time-critical application in a data center. The aim is minimizing the damage an attacker can cause if he manages to compromose a VM. It shall be impossible to read the traffic between other (non-compromised) VMs. This could be achieved by encryption or by limiting the network access.
We have a VMware environment, several ESXi hosts and a Fortigate firewall. Parts of the internal traffic are not encrypted yet because the application opens several connections, one after the other. And there is a latency limit on the whole process.
Due to the latency limit the (trivial) usage for TLS for each connection is not an option. Maybe it could be done with proxies on all systems which keep the TLS connections open independent of what the application is doing.
I guess using a VPN between all involved systems (about 50) would be a management nightmare. We use keepalived which probably makes a VPN solution even worse.
I also think about using permanent ARP entries as a protection against ARP spoofing. VMware prevents MAC spoofing. This would not add any latency and should avoid the need for encryption. But it does not work well with the Fortigate and not with virtual IPs either.
I am interested in opinions about the mentioned approaches and other approaches which I am not aware of yet.
What do other organizations with microservices and timing restrictions do? I do not require a statement what the best solution is. I would like to know what has proven (not) to be feasible.