DISTRIBUTED FIREWALLS AND VIRTUAL NETWORK SERVICES USING NETWORK PACKETS WITH SECURITY TAGS

摘要

A method, system, and apparatus are provided for a distributed firewall and virtual network services on a network. In one example, the method includes storing a plurality of predefined security groups, wherein each predefined security group has a set of predefined security rules for network packets configured to be transmitted between virtual machines (VMs) within the network; associating each virtual machine (VM) within the network with one or more predefined security groups (SGs); filtering an outgoing network packet from a sending VM to a receiving VM in response to the predefined security rules associated with the predefined SGs associated with the sending VM to validate the communication desired in the outgoing network packet; forming a secured network packet by encapsulating a header, a security tag, and the outgoing network packet together; and transmitting the secured network packet into the network for delivery to the receiving VM.