The present invention relates to cloud-based computing, in which computer resources are provided in a scalable fashion as virtual machines executing on an array of computers, and in particular to a method of implementing “middlebox” functionality in such cloud-based systems with flexible scaling in a manner consistent with cloud-based computing.
“Middleboxes” are important components of large computer installations and service provider networks having multiple computers executing applications such as Web servers, application servers, file servers or databases or the like (enterprises). In this environment, middleboxes provide for network related functions such as protecting the network and its applications from attacks (e.g., intrusion detection systems (IDS) and firewalls) and enhancing network efficiency (e.g., load balancers, WAN optimizers, and the like). Most simply, middleboxes may be directly wired in the path of data to the enterprise computers with which they are associated. Middleboxes may be similarly installed by programming network switches used to control interconnections on the network joining the middleboxes and application computers.
Cloud computing provides a computer system architecture in which computing resources are provided on demand in the form of virtual and/or actual machines that are flexibly allocated to multiple enterprises as demand requires. A cloud application manages the machines so that users of the cloud can acquire additional machines at periods of high demand and return those machines when the demand drops. By aggregating many users, significant economy of scale may be realized in terms of maintenance of the hardware, provision of physical resources such as power and cooling, and smoothing of peak demands.
It is known how to implement middlebox functions on virtual machines implemented in a cloud computing system. Unlike the scaling of other processes, however, it can be difficult to scale middlebox functions in a way that satisfies performance standards (“service level agreements”) and minimizes operating costs without adversely affecting the accuracy of the middlebox functions.