| CPC H04Q 11/0071 (2013.01) [H04Q 11/0062 (2013.01); H04L 67/1097 (2013.01); H04Q 2011/0041 (2013.01); H04Q 2011/0058 (2013.01); H04Q 2011/0086 (2013.01); H04Q 2011/0096 (2013.01); H04Q 2213/1301 (2013.01)] | 11 Claims |
|
1. A network interface card (NIC), comprising:
a programmable switching ASIC (application-specific integrated circuit),
wherein the switching ASIC functions as a switch that manipulates data traffic within the NIC,
wherein the NIC is configured to route a Synchronize (SYN) packet to a destination virtual machine (VM) and to return the SYN packet to a first software engine,
wherein the NIC operates a software engine configured to: (i) install rules that route the SYN packet from a source VM through the software engine, (ii) append a signed cookie to the SYN packet, (iii) verify that a policy represented by the signed cookie appended to the SYN packet matches a policy of a destination VM, and (iv) return the SYN packet to the source VM which establishes a connection between the source VM and the destination VM, and
wherein verification that the policy represented by the signed cookie appended to the SYN packet matches the policy of the destination VM occurs after: the SYN packet with the appended cookie (i) is routed by the NIC to the destination VM, (ii) examined in hardware of the destination VM, and (iii) returned by the NIC to the software engine.
|