US Patent 10073971 Traffic processing for network performance and security

Aspects of the subject disclosure are directed towards protecting machines, such as virtual machines in a cloud datacenter, from receiving unwanted traffic, and also reducing bandwidth by eliminating redundant data transmissions. In one aspect, an agent intercepts packets from a source, and determines whether the destination is allowed to receive packets from the source, based upon a communication group membership. The agent also may drop packets based upon malware/fraud signatures. The agent also attempts to reduce bandwidth by replacing redundant content with identifiers (e.g., hashcodes), which a destination machine uses to rebuild the original content. A destination-side agent may perform the same or similar communication group membership and malware/fraud signature filtering operations, and reassemble redundancy-reduced content from received identifiers as needed.