Datacenter security is traditionally placed on the edge of the datacenter in order to intercept external attacks. Such security includes a firewall that limits connections to and from the datacenter to external endpoints, thus providing a line of defense against attacks. A common type of attack is a distributed denial of service (DDoS) attack which includes a multitude of endpoints sending an overwhelming amount of spurious traffic to the targeted endpoint. Various perimeter techniques have been developed to counter and overcome DDoS attacks such as filtering traffic that did not originate from the target.
As datacenters have expanded in size and complexity, attacks targeting an endpoint within the datacenter increasingly originate or are perpetuated from within the datacenter. Unlike external traffic which perimeter security can treat with skepticism, internal traffic is oftentimes high-value and trustworthy. Also, traditional DDoS techniques cause inefficiencies that are unacceptable within a datacenter which typically has high throughput requirements.