| CPC H04L 65/613 (2022.05) [H04L 9/3242 (2013.01); H04L 43/0876 (2013.01); H04L 45/7453 (2013.01); H04L 61/2503 (2013.01); H04L 65/80 (2013.01); H04L 67/1001 (2022.05); H04L 69/16 (2013.01); H04L 69/22 (2013.01)] | 20 Claims |
|
1. A computer-implemented method of increasing available bandwidth for processing of packets by a security service in a dynamic service chain of services running on one or more servers, including:
a controller monitoring available bandwidth of the security service, taking into account a number of instances of the security service currently running;
the controller detecting a traffic volume through a data center and being processed by the security service that has exceeded a configurable threshold and responsively signaling a workload orchestrator to provision a new instance of the security service, thereby increasing the available bandwidth of the security service;
upon successful provisioning of the new instance, the controller putting the new instance into service including updating a consistent hash table (CHT) used to implement distributed routing and load balancing over multiple instances of the security service in the dynamic service chain;
the controller distributing the updated CHT to instances of an other service that is upstream in the dynamic service chain from the security service; and
a first instance of the other service routing at least one new stream to be processed by the security service downstream of the other service, by using the updated CHT to assign an instance of the security service based on an affinity code of packets in the new stream, thereby selecting an affinity-based route that includes an instance of the security service for the new stream.
|