A computer network provides connectivity among a set of nodes. The set of nodes are connected by a set of links. The nodes may be local to and/or remote from each other. The nodes are connected by one or more links. Examples of links include a coaxial cable, an unshielded twisted cable, a copper cable, an optical fiber, and a virtual link.
A subset of nodes implements the computer network. Such nodes may be referred to as “service nodes.” Examples of such nodes include a switch, a router, a firewall, and a network address translator (NAT). Each node performs one or more functions, such as but not limited to routing data, filtering data, inspecting data, processing data, and/or storing data. Each node may be implemented by a function-specific hardware device and/or a generic machine.
Another subset of nodes uses the computer network. Such nodes may be referred to as “hosts” or “host nodes.” Hosts may execute a client process and/or a server process. A client process makes a request for a computing service (such as, execution of a particular application, and/or storage of a particular amount of data). A server process responds by executing the requested service and/or returning corresponding data.
A computer network may provide connectivity between clients and network resources. Network resources include hardware and/or software configured to execute server processes. Examples of network resources include a processor, a data storage, a virtual machine, a container, and/or a software application. Network resources are shared amongst multiple clients. Clients request computing services from a computer network independently of each other. Network resources are dynamically assigned to the requests and/or clients on an on-demand basis. Such a computer network may be referred to as a “cloud network.”
A computer network may be shared amongst multiple entities that are independent from each other (also referred to as “tenants” or “customers”). The computer network and the network resources thereof are accessed by clients corresponding to different tenants. Such a computer network may be referred to as a “multi-tenant computer network.” Different tenants may demand different network requirements for the computer network. The same computer network may need to implement different network requirements demanded by the different tenants.
An entity, such as an individual or company, may request utilization of a computer network including a particular arrangement of digital devices in order to achieve various security, performance, and/or resiliency goals. As data traverses the particular arrangement of digital devices, the digital devices perform respective functions associated with the data. As an example, a security goal of a computer network may be to filter out spam mail. A digital device performing a mail filtering function may be included in the computer network. The digital device may be configured for filtering mail received by the computer network. The digital device may inspect the incoming mail to determine whether the incoming mail includes any spam mail. The digital device filters out the spam mail while forwarding the remaining mail to destinations within the computer network.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.