公开(公告)号：US11936612B2

公开(公告)日：2024-03-19

申请号：US17877247

申请日：2022-07-29

Applicant: VMware, Inc.

Inventor： Jia Yu ,  Xinhua Hong ,  Yong Wang

IPC: H04L61/103 ,  H04L45/00 ,  H04L45/44 ,  H04L45/586 ,  H04L45/745 ,  H04L101/00 ,  H04L101/622

CPC classification number: H04L61/103 ,  H04L45/44 ,  H04L45/586 ,  H04L45/66 ,  H04L45/745 ,  H04L2101/00 ,  H04L2101/622

Abstract: Example methods for a network device to perform address resolution handling. The method may comprise: in response to a first distributed router (DR) port of a first DR instance detecting an address resolution request from a second DR port of a second DR instance, generating a modified address resolution request that is addressed from a first address associated with the first DR port instead of a second address associated with the second DR port. The modified address resolution request may be broadcasted within a logical network that is connected to the first DR instance through network extension. The method may also comprise: in response to detecting an address resolution response that includes protocol-to-hardware address mapping information associated with an endpoint located on the logical network, generating and sending a modified address resolution response towards the second DR port of the second DR instance.

公开(公告)号：US20240015105A1

公开(公告)日：2024-01-11

申请号：US18371454

申请日：2023-09-22

Applicant: VMware, Inc.

Inventor： Dexiang Wang ,  Sreeram Kumar Ravinoothala ,  Yong Wang ,  Jerome Catrouillet

IPC: H04L43/0894 ,  H04L47/2416

CPC classification number: H04L43/0894 ,  H04L47/2416

Abstract: A network system that implements quality of service (QoS) by rate limiting at a logical network entity is provided. The logical network entity includes multiple transport nodes for transporting network traffic in and out of the logical network entity. The system monitors traffic loads of the multiple transport nodes of the logical network entity. The system allocates a local CR and a local BS to each of the multiple transport nodes. The allocated local CR and the local BS are determined based on the CR and BS parameters of the logical network entity and based on the monitored traffic loads. Each transport node of the logical network entity in turn controls an amount of data being processed by the transport node based on a token bucket value that is computed based on the local CR and the local BS of the transport node.

公开(公告)号：US20230396587A1

公开(公告)日：2023-12-07

申请号：US17747969

申请日：2022-05-18

Applicant: VMware, Inc.

Inventor： Deepika Kunal Solanki ,  Yong Wang

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/0263 ,  H04L63/061 ,  H04L63/029 ,  H04L12/4633

Abstract: Some embodiments of the invention provide a method for transmitting data messages via secure tunnels in a network. The method is performed at a gateway device. The method determines that a data message received at the gateway device should be sent via a secure interface of the gateway device. The method matches the data message to a firewall rule that maps to a particular secure tunnel used by the secure interface, with multiple different firewall rules mapping to multiple different secure tunnels used by the secure interface. The method encapsulates the data message with a header that comprises an indicator value specifying the particular secure tunnel and forwards the encapsulated data message to a destination interface.

公开(公告)号：US20230262022A1

公开(公告)日：2023-08-17

申请号：US17672190

申请日：2022-02-15

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Xinhua Hong ,  Kai-Wei Fan

IPC: H04L61/256 ,  H04L61/2517 ,  H04L61/103 ,  H04L101/622 ,  H04L45/24 ,  G06F9/455

CPC classification number: H04L61/256 ,  H04L61/2517 ,  H04L61/103 ,  H04L61/6022 ,  H04L45/24 ,  G06F9/45558 ,  G06F2009/45595

Abstract: Some embodiments provide a method for forwarding data messages at multiple edge nodes of a logical network that process data messages between a logical network and an external network. At a particular one of the edge nodes, the method receives a data message sent from a source machine in the logical network. The method performs network address translation to translate a source network address of the data message corresponding to the source machine into an anycast network address that is shared among the edge nodes. The method sends the data message with the anycast network address as a source network address to the external network. Each edge node receives data messages from source machines in the logical network and translates the source addresses of the data messages into the same anycast public network address prior to sending the data messages to the external network.

公开(公告)号：US20230239378A1

公开(公告)日：2023-07-27

申请号：US17581674

申请日：2022-01-21

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Guolin Yang ,  Eduard Serra Miralles ,  Dexiang Wang ,  Qing Chang

IPC: H04L69/22 ,  H04L47/62 ,  H04L47/78 ,  H04L47/31

CPC classification number: H04L69/22 ,  H04L47/6235 ,  H04L47/78 ,  H04L47/31

Abstract: Described herein are systems, methods, and software to manage the identification of control packets in an encapsulation header. In one implementation, a computing system may receive a Geneve packet at a network interface and determine that the Geneve packet includes an Operations and Management (OAM) flag. Once the OAM flag is identified, the computing system can select a processing queue from a plurality of processing queues for a main processing system of the computing system based on the OAM flag and assign the Geneve packet to the processing queue.

公开(公告)号：US20230168947A1

公开(公告)日：2023-06-01

申请号：US18103515

申请日：2023-01-31

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Mani Kancherla ,  Kevin Li ,  Sreeram Ravinoothala ,  Mochi Xue

IPC: G06F9/50 ,  G06F9/54

CPC classification number: G06F9/5083 ,  G06F9/546

Abstract: Some embodiments provide a method for updating a core allocation among processes of a gateway datapath executing on a gateway computing device having multiple cores. The gateway datapath processes include a first set of data message processing processes to which a first set of the cores are allocated and a second set of processes to which a second set of the cores are allocated in a first core allocation. Based on data regarding usage of the cores, the method determines a second core allocation that allocates a third set of the cores to the first set of processes and a fourth set of the cores to the second set of processes. The method updates a load balancing operation to load balance received data messages over the third set of cores rather than the first set of cores. The method reallocates the cores from the first allocation to the second allocation.

公开(公告)号：US20230130529A1

公开(公告)日：2023-04-27

申请号：US18088562

申请日：2022-12-24

Applicant: VMware, Inc.

Inventor： Dexiang Wang ,  Yong Wang ,  Jerome Catrouillet ,  Sreeram Kumar Ravinoothala

IPC: H04L47/2466 ,  H04L12/66 ,  H04L69/22 ,  H04L9/40 ,  H04L69/326 ,  H04L61/5007

Abstract: Some embodiments provide a method for a gateway datapath that executes on a gateway device to implement logical routers for a set of logical networks and process traffic between the logical networks and an external network. The method receives a data message at the gateway device. To process the data message, the method executes a set of processing stages that includes a processing stage for a particular logical router. As part of the processing stage for the particular logical router, the method (i) uses an access control list (ACL) table to determine whether the data message is subject to rate limiting controls defined for the particular logical router and (ii) only when the data message is subject to rate limiting controls, determines whether to allow the data message according to a rate limiting mechanism for the particular logical router.

公开(公告)号：US20230028837A1

公开(公告)日：2023-01-26

申请号：US17384206

申请日：2021-07-23

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Cheng-Chun Tu ,  Sreeram Kumar Ravinoothala ,  Yu Ying

IPC: H04L12/24

Abstract: Some embodiments of the invention provide a method for implementing an edge device that handles data traffic between a logical network and an external network. The method monitors resource usage of a node pool that includes multiple nodes that each executes a respective set of pods. Each of the pods is for performing a respective set of data message processing operations for at least one of multiple logical routers. The method determines that a particular node in the node pool has insufficient resources for the particular node's respective set of pods to adequately perform their respective sets of data message processing operations. Based on the determination, the method automatically provides additional resources to the node pool by instantiating at least one additional node in the node pool.

公开(公告)号：US11539633B2

公开(公告)日：2022-12-27

申请号：US17008576

申请日：2020-08-31

Applicant: VMware, Inc.

Inventor： Dexiang Wang ,  Yong Wang ,  Jerome Catrouillet ,  Sreeram Ravinoothala

IPC: H04L47/2466 ,  H04L12/66 ,  H04L69/22 ,  H04L9/40 ,  H04L69/326 ,  H04L61/5007 ,  H04L101/686

Abstract: Some embodiments provide a method for a gateway datapath that executes on a gateway device to implement logical routers for a set of logical networks and process traffic between the logical networks and an external network. The method receives a data message at the gateway device. To process the data message, the method executes a set of processing stages that includes a processing stage for a particular logical router. As part of the processing stage for the particular logical router, the method (i) uses an access control list (ACL) table to determine whether the data message is subject to rate limiting controls defined for the particular logical router and (ii) only when the data message is subject to rate limiting controls, determines whether to allow the data message according to a rate limiting mechanism for the particular logical router.

公开(公告)号：US20220393983A1

公开(公告)日：2022-12-08

申请号：US17569276

申请日：2022-01-05

Applicant: VMware, Inc.

Inventor： Dexiang Wang ,  Sreeram Kumar Ravinoothala ,  Yong Wang ,  Jerome Catrouillet

IPC: H04L47/2416 ,  H04L47/2425 ,  H04L47/125 ,  H04L47/122 ,  H04L47/78 ,  H04L43/0888

Abstract: A network system that implements quality of service (QoS) by rate limiting at a logical network entity is provided. The logical network entity includes multiple transport nodes for transporting network traffic in and out of the logical network entity. The system monitors traffic loads of the multiple transport nodes of the logical network entity. The system allocates a local CR and a local BS to each of the multiple transport nodes. The allocated local CR and the local BS are determined based on the CR and BS parameters of the logical network entity and based on the monitored traffic loads. Each transport node of the logical network entity in turn controls an amount of data being processed by the transport node based on a token bucket value that is computed based on the local CR and the local BS of the transport node.