Techniques for load balancing secure network traffic are disclosed. A system, process, and/or computer program product for load balancing secure network traffic includes monitoring network traffic for one branch of a plurality of branches for an enterprise network, and splitting the network traffic of the one branch into a plurality of network segments based on a determination that the network traffic exceeds traffic capacity of at least one security processing node (SPN) of a plurality of SPNs using a network load balancer (NLB) in communication with a plurality of Network Processing Nodes (NPNs), the plurality of monitored branches being distributed to the plurality of SPNs via a plurality of tunnels.

Techniques for load balancing secure network traffic are disclosed. A system, process, and/or computer program product for load balancing secure network traffic includes monitoring network traffic for one branch of a plurality of branches for an enterprise network, and splitting the network traffic of the one branch into a plurality of network segments based on a determination that the network traffic exceeds traffic capacity of at least one security processing node (SPN) of a plurality of SPNs using a network load balancer (NLB) in communication with a plurality of Network Processing Nodes (NPNs), the plurality of monitored branches being distributed to the plurality of SPNs via a plurality of tunnels.

Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (overlay) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.

Techniques for load balancing secure network traffic are disclosed. A system, process, and/or computer program product for load balancing secure network traffic includes monitoring network traffic for one branch of a plurality of branches for an enterprise network, and splitting the network traffic of the one branch into a plurality of network segments based on a determination that the network traffic exceeds traffic capacity of at least one security processing node (SPN) of a plurality of SPNs using a network load balancer (NLB) in communication with a plurality of Network Processing Nodes (NPNs), the plurality of monitored branches being distributed to the plurality of SPNs via a plurality of tunnels.

Techniques for load balancing secure network traffic are disclosed. A system, process, and/or computer program product for load balancing secure network traffic includes monitoring network traffic for one branch of a plurality of branches for an enterprise network, and splitting the network traffic of the one branch into a plurality of network segments based on a determination that the network traffic exceeds traffic capacity of at least one security processing node (SPN) of a plurality of SPNs using a network load balancer (NLB) in communication with a plurality of Network Processing Nodes (NPNs), the plurality of monitored branches being distributed to the plurality of SPNs via a plurality of tunnels.

Techniques for load balancing secure network traffic are disclosed. A system, process, and/or computer program product for load balancing secure network traffic includes monitoring network traffic for one branch of a plurality of branches for an enterprise network, and splitting the network traffic of the one branch into a plurality of network segments based on a determination that the network traffic exceeds traffic capacity of at least one security processing node (SPN) of a plurality of SPNs using a network load balancer (NLB) in communication with a plurality of Network Processing Nodes (NPNs), the plurality of monitored branches being distributed to the plurality of SPNs via a plurality of tunnels.

Techniques for load balancing secure network traffic are disclosed. A system, process, and/or computer program product for load balancing secure network traffic includes monitoring network traffic for one branch of a plurality of branches for an enterprise network, and splitting the network traffic of the one branch into a plurality of network segments based on a determination that the network traffic exceeds traffic capacity of at least one security processing node (SPN) of a plurality of SPNs using a network load balancer (NLB) in communication with a plurality of Network Processing Nodes (NPNs), the plurality of monitored branches being distributed to the plurality of SPNs via a plurality of tunnels.

A network device in a distributed switch is provided. During operation, the network device receives information indicating allocation of a public Internet Protocol (IP) address and a subset of NAT ports available for a network address translation (NAT) instance deployed in the distributed switch. The network device maintains a first set of mappings of the public IP address and the subset of the NAT ports. The network device receives a packet destined to a public IP address and a first NAT port based on a forwarding rule. The network device replaces, using the NAT instance, the public IP address with a first private IP address of a user device and the first NAT port with a first protocol port in the packet based on a first mapping in the first set of mappings. The network device forwards the packet to the user device using the first private IP address.

A network device in a distributed switch is provided. During operation, the network device receives information indicating allocation of a public Internet Protocol (IP) address and a subset of NAT ports available for a network address translation (NAT) instance deployed in the distributed switch. The network device maintains a first set of mappings of the public IP address and the subset of the NAT ports. The network device receives a packet destined to a public IP address and a first NAT port based on a forwarding rule. The network device replaces, using the NAT instance, the public IP address with a first private IP address of a user device and the first NAT port with a first protocol port in the packet based on a first mapping in the first set of mappings. The network device forwards the packet to the user device using the first private IP address.