A firewall is typically configured to prevent unauthorized access to or from a private network. The firewall may be arranged to the isolate the private network from the Internet by controlling access to resources within the private network. For example, the firewall may be configured to prevent unauthorized Internet users from accessing resources within the private network. Packets entering and leaving the private network may be forwarded to the firewall. The firewall may block packets that do not meet specified security criteria.
An organization may have several departments, with each department having its own firewall. Typically, packets sent to a host in a department are first sent to the firewall for that department before being routed to the destination host. Similarly, a packet sent from a host is generally sent to the firewall for the department to which the host belongs before being routed elsewhere. A packet may then be routed from the firewall to a gateway router. If the packet is destined for a host in another department within the organization, the packet may then be routed from the gateway router to the firewall for that department.
Embodiments of the invention generally provide a network device for inter-domain communications. The device may include a transceiver configured to transmit and receive packets over a network based, in part, on a network protocol. The device may further include a processor that is configured to create a virtual switch that is configured to receive a packet at one of a plurality of interfaces associated with the virtual switch, wherein the plurality of interfaces includes a plurality of virtual interfaces, and wherein the virtual switch is configured to be associated with at least three virtual interfaces, and to provide the packet at another of the plurality of interfaces.
Embodiments of the invention may further provide a computer program for inter-domain communications embodied on a computer-readable storage medium, the program including components that are configured to enable actions to be performed. The program may control actions that include configuring a processor to create a virtual switch that is configured to be associated with at least one of a plurality of interfaces that includes at least three virtual interfaces. Further, the program may control, if a packet is received by the virtual switch at one of the plurality of interfaces, employing the virtual switch to provide the packet to another of the plurality of interfaces.