Dynamic, load-based, auto-scaling network security microservices architecture
First Claim
1. A computer-implemented method comprising:
- creating a first security microservice of a first level of a hierarchy of security microservices to scale up the first level of the hierarchy, wherein there exists, prior to a creation of the first security microservice, a microservice of a same hierarchy level as the first microservice;
configuring data plane connectivity between the first security microservice and a second security microservice of a second, higher-level of a hierarchy of security microservices, wherein any new security microservice of the hierarchy is configured to use the data plane;
configuring data plane connectivity between the first security microservice and a third security microservice of a third, lower-level of the hierarchy of security microservices;
configuring at least one microservice of the third, lower-level of the hierarchy of security microservices to include information from the first microservice in load balancing decisions to the first level of the hierarchy of security microservices; and
processing a packet from a flow of packets with a security microservice of the third, lower-level of the hierarchy;
passing the processed packet from the security microservice of the third, lower-level of the hierarchy to the first security microservice; and
processing a processed packet with the first security microservice, wherein each level of the hierarchy of security microservices performs a different security operation.
4 Assignments
0 Petitions
Accused Products
Abstract
System, methods, and apparatuses used to monitor network traffic of a datacenter and report security threats are described. For example, one embodiment scales out a hierarchy of microservices in a security system. In particular, the embodiment calls for scaling out a hierarchy of microservices in such a security system, creating a new microservice of a first hierarchy, configuring data plane connectivity between the new microservice and a microservice of a second, higher-level hierarchy; configuring data plane connectivity between the new microservice and a microservice of a third, lower-level hierarchy; and configuring the microservices of the third level of hierarchy to include the new microservice in load balancing decisions to the first hierarchy.
-
Citations
16 Claims
-
1. A computer-implemented method comprising:
-
creating a first security microservice of a first level of a hierarchy of security microservices to scale up the first level of the hierarchy, wherein there exists, prior to a creation of the first security microservice, a microservice of a same hierarchy level as the first microservice; configuring data plane connectivity between the first security microservice and a second security microservice of a second, higher-level of a hierarchy of security microservices, wherein any new security microservice of the hierarchy is configured to use the data plane; configuring data plane connectivity between the first security microservice and a third security microservice of a third, lower-level of the hierarchy of security microservices; configuring at least one microservice of the third, lower-level of the hierarchy of security microservices to include information from the first microservice in load balancing decisions to the first level of the hierarchy of security microservices; and processing a packet from a flow of packets with a security microservice of the third, lower-level of the hierarchy; passing the processed packet from the security microservice of the third, lower-level of the hierarchy to the first security microservice; and processing a processed packet with the first security microservice, wherein each level of the hierarchy of security microservices performs a different security operation. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium storing instructions, which when executed by a hardware processor cause the processor to perform a method, the method comprising:
-
creating a first security microservice of a first level of a hierarchy of security microservices to scale up the first level of the hierarchy, wherein there exists, prior to a creation of the first security microservice, a microservice of a same hierarchy level as the first microservice; configuring data plane connectivity between the first security microservice and a second security microservice of a second, higher-level of a hierarchy of security microservices, wherein any new security microservice of the hierarchy is configured to use the data plane; configuring data plane connectivity between the first security microservice and a third security microservice of a third, lower-level of the hierarchy of security microservices; configuring at least one microservice of the third, lower-level of the hierarchy of security microservices to include information from the first microservice in load balancing decisions to the first level of the hierarchy of security microservices; and processing a packet from a flow of packets with a security microservice of the third, lower-level of the hierarchy; passing the processed packet from the security microservice of the third, lower-level of the hierarchy to the first security microservice; and processing a processed packet with the first security microservice, wherein each level of the hierarchy of security microservices performs a different security operation. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. An apparatus comprising:
-
a hardware processor to execute instructions; and memory coupled to the processor, the memory to store instructions which when executed by the processor cause; creating a first security microservice of a first level of a hierarchy of security microservices to scale up the first level of the hierarchy, wherein there exists, prior to a creation of the first security microservice, a microservice of a same hierarchy level as the first microservice; configuring data plane connectivity between the first security microservice and a second security microservice of a second, higher-level of a hierarchy of security microservices, wherein any new security microservice of the hierarchy is configured to use the data plane; configuring data plane connectivity between the first security microservice and a third security microservice of a third, lower-level of the hierarchy of security microservices; configuring at least one microservice of the third, lower-level of the hierarchy of security microservices to include information from the first microservice in load balancing decisions to the first level of the hierarchy of security microservices; and processing a packet from a flow of packets with a security microservice of the third, lower-level of the hierarchy; passing the processed packet from the security microservice of the third, lower-level of the hierarchy to the first security microservice; and processing a processed packet with the first security microservice, wherein each level of the hierarchy of security microservices performs a different security operation. - View Dependent Claims (15, 16)
-
Specification