Cloud computing is a type of network-based computing architecture that provides shared resources, data, and services on demand. In a cloud-based computing platform, pools of configurable computing resources (e.g., processors, memory, storage, applications, services, etc.) are shared by client devices as needed.
In traditional virtual machine-based cloud computing architecture, multiple instances of virtual machines execute on a physical host. Each virtual machine instance runs its own copy of the operating system in which one or more application/service instances execute and can consume a significant amount of processing and memory resources. In response, container-based cloud computing architecture has been developed. The container-based architecture is a highly efficient type of cloud computing solution. Unlike the traditional virtual machine-based architecture, in a container-based cloud computing architecture, a single instance of an operating system supports multiple containers in a single physical host. A single microservice can be implemented using multiple instances of containers that are not necessarily on the same host.
Containers themselves do not require Internet Protocol (IP) addresses when transmitting data packets with other containers. Further, in some cases, a container can have a virtual IP address that is behind a Network Address Translation (NAT) layer therefore not visible to routers and switches outside the host. These characteristics of container traffic make it difficult to inspect packets between different applications and containers using traditional network management and security tools (such as network probes on routers or switches that detect traffic). As a result, monitoring, provisioning, and protecting container-based cloud computing platforms can be difficult using traditional tools that rely on inspecting IP addresses of packet headers.