	US 11,711,292 B2
	Pre-filtering of traffic subject to service insertion
Sudesh Pawar, Pune (IN); Pierluigi Rolando, Palo Alto, CA (US); and Rahul Mishra, Palo Alto, CA (US)
Assigned to VMware, Inc., Palo Alto, CA (US)
Filed by VMWARE, INC., Palo Alto, CA (US)
Filed on Mar. 17, 2020, as Appl. No. 16/820,750.
Claims priority of application No. 202041002094 (IN), filed on Jan. 17, 2020.
Prior Publication US 2021/0226883 A1, Jul. 22, 2021
Int. Cl. H04L 45/00 (2022.01); H04L 45/122 (2022.01); H04L 45/745 (2022.01); H04L 45/42 (2022.01); H04L 9/40 (2022.01); H04L 69/22 (2022.01); G06F 9/455 (2018.01); H04L 45/586 (2022.01)

CPC H04L 45/20 (2013.01) [G06F 9/45558 (2013.01); H04L 45/122 (2013.01); H04L 45/42 (2013.01); H04L 45/586 (2013.01); H04L 45/745 (2013.01); H04L 63/0245 (2013.01); H04L 69/22 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45595 (2013.01)]

20 Claims

1. A computer-implemented method for pre-filtering traffic in a logical network, comprising:

receiving, by a hypervisor, a packet from a virtual computing instance (VCI);

determining, by the hypervisor, a service path for the packet based on a service table;

setting, by the hypervisor, a pre-filter component as a next hop for the packet based on the service path;

receiving, by the pre-filter component, the packet;

making a determination, by the pre-filter component, of whether the packet requires processing by a security component;

performing, by the pre-filter component, based on the determination, one of:

forwarding the packet to its destination and bypassing the security component; or

forwarding the packet to the security component; and

determining, by the pre-filter component, based on the packet, whether to perform one or more actions to reconfigure the hypervisor to bypass the pre-filter component for subsequent packets in a flow associated with the packet.