Virtualization is a technology which allows one computer to do the job of multiple computers by sharing resources of a single physical computer system across multiple virtual systems. Through the use of virtualization, multiple operating systems and applications run on the same computer at the same time, thereby increasing utilization and flexibility of hardware. Virtualization allows servers to be decoupled from underlying hardware, thus resulting in multiple virtual machines sharing the same physical server hardware. In a virtual machine environment, a virtual switch provides network connectivity between virtual network interfaces on multiple virtualized systems and a physical network interfaces on a server.
In virtualized server environments, services such as firewall, intrusion prevention systems (IPS), intrusion detection systems (IDS), and monitoring services are becoming virtualized and are being deployed as virtual machines (VMs). A service virtual machine (SVM) may be configured to provide such services to each of the virtual machines running on the server. Services may also be run as a cluster of VMs in a collection of servers.
In some cases, users may desire to configure a virtualized switch to apply certain network policies (e.g., a redirect or span (mirror) policy) to frames forwarded to the virtual machines connected to that switch). Current mechanisms of specifying destination port explicitly based on port identification (ID) is cumbersome, since a destination port has to be specified per server per service. Similarly, when new servers are added to the network, a network administrator may need to configure a network policy to include the service ports of the services on the new server.