Channel data encapsulation system and method for use with client-server data channels
First Claim
1. A method comprising:
- receiving, by a first security microservice, a first channel data encapsulation packet encapsulating a first encapsulation context and a first encapsulated data;
performing a security service on the first encapsulated data using the first encapsulation context, wherein the security service is one of a plurality of microservices used to secure traffic passing between applications and servers through a routing network;
receiving, by the first security microservice, a response from the second security microservice comprising a second security microservice context, a second timestamp, and a second load;
generating, by the first security microservice, a first timestamp and a first load, wherein the timestamps represent the duration of processing performed by the first and second microservices and the first and second loads represent the loading of the first and second microservices processing the encapsulated channel data, the loading being represented in either relative or absolute terms; and
transmitting, by the first security microservice, a response to the first channel data encapsulation packet, wherein the response includes the first timestamp and first load generated by the first security microservice, wherein the timestamp and load values are recorded to be used in load balancing decisions for future security service requests among microservices; and
wherein the first and second security microservices are implemented with computer-readable instructions stored in memory on a network security server, the memory coupled to one or more hardware processors executing the first and second security microservices.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed that relate to network security to monitor and report threats in network traffic of a datacenter. For example, one embodiment discloses a method of receiving, by a first security microservice, a first channel data encapsulation packet encapsulating a first encapsulation context and a first encapsulated data, performing a security service on the first encapsulated data using the first encapsulation context, transmitting by the first security microservice a second channel data encapsulation packet to a second security microservice, wherein the second channel encapsulation packet comprises a request for security services, receiving by the first security microservice a response from the second security microservice comprising a second security microservice context, a second security microservice timestamp, and a second security microservice load. The first security microservice further generates a timestamp and a load included in a response to the first channel data encapsulation packet.
20 Citations
20 Claims
-
1. A method comprising:
-
receiving, by a first security microservice, a first channel data encapsulation packet encapsulating a first encapsulation context and a first encapsulated data; performing a security service on the first encapsulated data using the first encapsulation context, wherein the security service is one of a plurality of microservices used to secure traffic passing between applications and servers through a routing network; receiving, by the first security microservice, a response from the second security microservice comprising a second security microservice context, a second timestamp, and a second load; generating, by the first security microservice, a first timestamp and a first load, wherein the timestamps represent the duration of processing performed by the first and second microservices and the first and second loads represent the loading of the first and second microservices processing the encapsulated channel data, the loading being represented in either relative or absolute terms; and transmitting, by the first security microservice, a response to the first channel data encapsulation packet, wherein the response includes the first timestamp and first load generated by the first security microservice, wherein the timestamp and load values are recorded to be used in load balancing decisions for future security service requests among microservices; and wherein the first and second security microservices are implemented with computer-readable instructions stored in memory on a network security server, the memory coupled to one or more hardware processors executing the first and second security microservices. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a memory; and a processor to execute instructions to implement a first security microservice, the first security microservice to; receive a first channel data encapsulation packet encapsulating a first encapsulation context and a first encapsulated data; perform a security service on the first encapsulated data using the first encapsulation context, wherein the security service is one of a plurality of microservices used to secure traffic passing between applications and servers through a routing network; transmit a second channel data encapsulation packet to a second security microservice, wherein the second channel data encapsulation packet comprises a request for security services; receive a response from the second security microservice comprising a second security microservice context, a second timestamp, and a second load; generate a first timestamp and a first load, wherein the timestamps represent the duration of processing performed by the first and second microservices and the loads represent the loading of the first and second microservices processing the encapsulated channel data, the loading being represented in either relative or absolute terms; and transmit a response to the first channel data encapsulation packet, the response including the first timestamp and first load, wherein the timestamp and load values are recorded to be used in load balancing decisions for future security service requests among microservices, and wherein the first and second security microservices are implemented with computer-readable instructions stored in memory on a network security server, the memory coupled to one or more hardware processors executing the first and second security microservices. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method comprising:
-
receiving, by a first security microservice, a first channel data encapsulation packet encapsulating a first encapsulation context and a first encapsulated data; performing a security service on the first encapsulated data using the first encapsulation context, wherein the security service is one of a plurality of microservices used to secure traffic passing between applications and servers through a routing network; transmitting, by the first security microservice, a second channel data encapsulation packet to a second security microservice, wherein the second channel data encapsulation packet comprises a request for security services; receiving by the first security microservice a response from the second security microservice comprising a second security microservice context, a second timestamp, and a second load; generating, by the first security microservice, a first timestamp and a first load, wherein the timestamps represent the duration of processing performed by the first and second microservices and the first and second loads represent the loading of the first and second microservices processing the encapsulated channel data, the loading being represented in either relative or absolute terms; and transmitting, by the first security microservice, a response to the first channel data encapsulation packet, wherein the response includes the first timestamp and first load generated by the first security microservice, wherein the timestamp and load values are recorded to be used in load balancing decisions for future security service requests among microservices; and wherein the first and second security microservices are implemented with computer-readable instructions stored in memory on a network security server, the memory coupled to one or more hardware processors executing the first and second security microservices. - View Dependent Claims (17, 18, 19, 20)
-
Specification