DISTRIBUTED DEEP PACKET INSPECTION

摘要

Exemplary methods, apparatuses, and systems receive a copy of or make a copy of one or more packets of a flow of packets between a source and a destination. While or after the one or more packets are forwarded to the destination, the content of the one or more packets is compared to a policy to determine if the flow of packets triggers a policy response. A map of devices within a datacenter cluster of devices is maintained and used to select one or more available devices when packet inspection is distributed.

主权项

1. A computer-implemented method, comprising:
receiving, by an inspection module running within a kernel layer of a first host computer, one or more packets of a flow of packets from a source to a destination, wherein the source or the destination is a first virtual machine running on the first host computer; determining, by the inspection module, from a comparison of the content of the one or more packets to a policy while or after the a copy of the one or more packets are forwarded to the destination, that the flow of packets triggers a policy response; and performing, by the inspection module, the policy response in response to said determination, wherein the policy response has an impact on the flow of packets to or from the first virtual machine.