One of the most important challenges in today's computer networks (both public and private) is the network security. A good example of a private network is a hosting system network. Each host machine of a hosting system includes a hypervisor, which creates and runs a set of virtual machines for each tenant of the hosting system and presents the tenant's operating systems with a virtual operating platform that manages the execution of the tenant's operating systems. Each hypervisor of each host machine of the hosting system, however, performs security check on the data packets received by or sent out from the host machine separately. As an example, a particular virtual machine (VM), in a host machine, is assigned as a security VM to perform the necessary security checks on the packets that are exchanged with other VMs of the host machine. The security rules are configured in this particular security VM and all other VMs residing in the same host machine are protected by the security VM. The hypervisor of the host machine forwards the network traffic to the security VM first, and after the security VM performs the necessary security checks, the packets will be sent back to the hypervisor to be forwarded to their destinations.
Implementing the network security in this manner causes the network performance to be highly dependent on the performance of the security VM of each host machine. For instance, when the network traffic load is heavy, having one security VM to check the traffic would impact the network performance and introduce network latency. Additionally, each of the hypervisors of several host machines that host the VMs of the same tenant needs to deploy a separate security VM, while the security rules that are configured on these security VMs are all the same.