| CPC H04L 61/2528 (2013.01) [H04L 45/68 (2013.01); H04L 61/2514 (2013.01); H04L 2101/622 (2022.05); H04L 2101/668 (2022.05)] | 40 Claims |
|
1. A cloud computing network configured to send packets between a network address translation (NAT) gateway and a second virtual device, via a virtual bump-in-the-wire (BITW) device, the cloud computing network comprising:
one or more processors;
the NAT gateway, wherein the NAT gateway is configured to interface between a public network and the cloud computing network;
the virtual BITW device, comprising:
a first interface having a private Internet Protocol (IP) address in a first subnet;
a second interface having a private IP address in a second subnet; and
a fast path between the first interface and the second interface and configured to apply packet-filtering logic to traffic received by the virtual BITW device; and
the second virtual device,
wherein the NAT gateway is configured to:
receive first packets indicating a public IP address of the second virtual device as a destination IP address;
modify the destination IP address of the first packets to be the private IP address of the first interface of the virtual BITW device; and
send the first packets to the first interface of the virtual BITW device, and
wherein the virtual BITW device is configured to:
receive, via the first interface, the first packets from the NAT gateway;
modify the destination IP address of the first packets to be a private IP address of the second virtual device; and
apply, using the fast path, the packet-filtering logic to the first packets received via the first interface; and
send, based on the packet-filtering logic and via the second interface, at least a portion of the first packets, and
wherein a cloud routing table of the cloud computing network is configured to cause second packets, sent by the second virtual device and destined for a host outside the cloud computing network, to be received by the second interface of the virtual BITW device.
|