CPC H04L 45/38 (2013.01) [H04L 45/302 (2013.01); H04L 45/566 (2013.01); H04L 45/586 (2013.01); H04L 45/74 (2013.01)] | 20 Claims |
1. A computer system comprising:
a virtual network of a customer, wherein the virtual network is hosted on a substrate network and comprises a compute instance;
a first network virtualization device of the substrate network, wherein the first network virtualization device comprises one or more processors and one or more memories storing computer-readable instructions that, upon execution by the one or more processors, configure the first network virtualization device to:
receive a packet generated by the compute instance;
determine, based on a flow packet rule associated with the compute instance, a network boundary defining a set of one or more networks such that a first packet having a destination within the network boundary can flow and such that a second packet having a destination outside of the network boundary is to be dropped;
determine that a flow of the packet is within the network boundary;
generate data indicating that the flow of the packet is permitted within the network boundary;
include the data in the packet; and
send, to a second network virtualization device and based on the flow, the packet that includes the data.
|