Methods and apparatus for providing inline network traffic monitoring

摘要

Methods and apparatus for providing inline network traffic monitoring such as intrusion detection to clients of a provider network. A client can configure new or existing components and specify that traffic monitoring be added on or at the components in the client's configuration on the provider network. Traffic monitoring is automatically and transparently added to the client's configuration on or at the components. Traffic to the client's configuration passes through the traffic monitoring technology. Traffic monitoring technology may be implemented on a resource in the client's configuration that implements other technology, such as a load balancer component. Alternatively, traffic monitoring technology may be implemented on separate components upstream or downstream of a resource that implements other technology. Traffic monitoring may be implemented at a network substrate level rather than at an overlay network level.

主权项

1. A method, comprising:
receiving, by a component on a provider network, data packets directed to a client configuration on the provider network, wherein the client configuration is specified by a client external to the provider network, and wherein the provider network provides resources for use by a plurality of other clients external to the provider network; applying network traffic monitoring to the data packets according to network traffic monitoring technology implemented on the component; and routing or forwarding the data packets to at least one component in the client configuration on the provider network; wherein the provider network implements an overlay network level, wherein implementing the overlay network level includes the data packets being encapsulated at the overlay network level and being communicated at a network substrate level to a substrate level destination where the encapsulation is removed from the data packets, and the data packets being communicated to an overlay network level destination after the encapsulation is removed, wherein the client configuration operates at the overlay network level of the provider network, and wherein the network traffic monitoring technology provides network traffic monitoring of the encapsulated data packets being communicated at the substrate level of the provider network for the client configuration, wherein the substrate level of the provider network is hidden from the client configuration at the overlay network level.