Patent attributes
Systems and methods of interface-based ACLs in a virtual Layer-2 network. The method can include sending a packet from source compute instance in a virtual network to a destination compute instance via a destination virtual network interface card (destination VNIC) within a first virtual layer 2 network and evaluating an access control list (ACL) for the packet with a source virtual network interface card (source VNIC). ACL information relevant to the packet can be embedded in the packet. The VSRS can receive the packet and can identify the destination VNIC within the first virtual layer 2 network for delivery of the packet based on information received with the packet and mapping information contained within a mapping table. The VSRS can access ACL information from the packet and can apply the ACL information to the packet.
