CPC H04L 47/20 (2013.01) [G06F 9/45558 (2013.01); H04L 41/046 (2013.01); H04L 45/12 (2013.01); H04L 45/38 (2013.01); H04L 45/586 (2013.01); H04L 47/2483 (2013.01); H04L 49/70 (2013.01); H04L 67/1097 (2013.01); G06F 2009/45595 (2013.01)] | 20 Claims |
1. A method for processing data packets and implementing policies in a software defined network (SDN) of a virtual computing environment, the method performed by a SDN appliance configured to disaggregate enforcement of policies of the SDN from hosts of the virtual computing environment, the hosts implemented on servers communicatively coupled to network interfaces of the SDN appliance, the servers hosting a plurality of virtual machines, the method comprising:
receiving, at the SDN appliance from a device that is remote from the virtual computing environment, a data packet addressed to an endpoint in a virtual network hosted by one of the virtual machines, the data packet comprising an identifier indicative of the remote device, wherein the SDN appliance comprises a plurality of smart network interface cards (sNICs) configured to implement functionality of the SDN appliance;
based on the identifier:
determining, by an sNIC of the SDN appliance, that the data packet is associated with the virtual network; and
mapping, by the sNIC of the SDN appliance, one of a plurality of policies to a data flow of the virtual network;
modifying, by the sNIC of the SDN appliance, the packet in accordance with the mapped policy; wherein the mapped policy is dynamically adjustable based on the data flow; and
forwarding, by the sNIC of the SDN appliance, the modified packet to the endpoint in the virtual network.
|