| 主权项 |
1. A method comprising:
receiving a packet, wherein
the packet is received at an egress device,the egress device is configured to receive the packet from an ingress device via a tunnel,the tunnel comprises a path from the ingress device to the egress device,the packet comprises a tunnel identifier and a destination address, andthe destination address corresponds to a destination of the packet; identifying a security group identifier (SGI) based, at least in part, on a tunnel identifier of the tunnel, wherein
the tunnel is associated with only a single security group, andthe SGI is configured to identify the single security group; assigning the SGI to the packet, wherein the assigning comprises storing the SGI in a memory, and
overriding a default SGI assigned to the packet, wherein the overriding comprises
determining at which network layer the default SGI is to be overridden, andreplacing the default SGI with a replacement SGI in response to the determining, wherein
the replacement SGI is assigned to the packet based on a source address of the packet; and determining whether forwarding the packet to the destination is permissible based, at least in part, on the SGI. |
