The present technology is directed to a system and method for implementing scalable namespace based VPN headends with context awareness to facilitate targeted and granular provision of security services within the cloud. The scalability aspect involves the creation or allocation of one or more namespaces as direct termination points for inbound VPN connections to the cloud. The namespace are created dynamically upon discovery of context information (metadata) associated with deployment of a new customer traffic/connection onto the cloud. This information will be attached to the namespace to implement context awareness so that customer traffic may be attached into upstream services in a service-discoverable way. In this way, upon deployment, upstream services will automatically know about the new customer traffic and can implement security enforcement in an isolated fashion. The disclosed technology also involves dynamic propagation of the customer traffic metadata to other datacenters across the cloud environment.
展开▼
