| 摘要 |
A network gateway device includes an ingress interface, an egress interface, and a load balancing module coupled to the ingress and egress interfaces. The load balancing module configured to receive a packet from the ingress interface, determine a set of a plurality of processes corresponding to a connections session associated with the packet based on a policy. For each of the identified processes, the load balancing module is to identify a service processing module executed by a virtual machine that is capable of handling the identified process, and to send the packet to the identified service processing module to perform the identified process on the packet. The packet is then transmitted to the egress interface of the gateway device to be forwarded to a destination. |
| 主权项 |
1. A computer-implemented method, comprising:
receiving a packet at an ingress interface of a gateway device communicatively coupled to a local area network (LAN) and an external network; determining a first service and a second service corresponding to a connections session, the first service and the second service determined using a policy; identifying a first service processing module associated with the first service, the first service processing module being executed by a first virtual machine having a first guest operating system, the first virtual machine running on a first physical host being communicatively coupled to the gateway device, the first physical host having a first host operating system, the first host operating system providing a first hypervisor; sending the packet to the first service processing module, the first service processing module performing the first service on the packet to produce a first processed packet; determining whether the first service processing module has sufficient bandwidth to handle the first service; when the first service processing module does not have sufficient bandwidth to perform the first service on the packet:
allocating and launching a third service processing module; andalternatively sending the packet to the third service processing module, the third service processing module performing the first service on the packet to produce the first processed packet; identifying a second service processing module associated with the second service, the second service processing module being executed by a second virtual machine having a second guest operating system, the second virtual machine running on a second physical host being communicatively coupled to the gateway device, the second physical host having a second host operating system, the second host operating system providing a second hypervisor; sending the first processed packet to the second service processing module, the second service processing module performing the second service on the first processed packet to produce a second processed packet; and forwarding the second processed packet at an egress interface of the gateway device to a destination. |
