公开(公告)号：US10944691B1

公开(公告)日：2021-03-09

申请号：US16742917

申请日：2020-01-15

Applicant: VMware, Inc.

Inventor： Abhishek Raut ,  Kai Su ,  Jianjun Shen ,  Salvatore Orlando ,  Tong Liu ,  Shih-Hao Li

IPC: H04L12/26 ,  H04L12/911

Abstract: Example methods and systems for container-based network policy configuration in a software-defined networking (SDN) environment are disclosed. One example method may comprise: in response to detecting a first request to assign a container-based resource with a first label via a container orchestration system, assigning a logical network element associated with the container-based resource with a second label. The example method may also comprise: in response to detecting a second request to configure a container-based network policy associated with the container-based resource via the container orchestration system, identifying the logical network element by mapping the first label to the second label; and configuring the container-based network policy to be applicable to network traffic that is forwarded via the logical network element.

公开(公告)号：US11570146B2

公开(公告)日：2023-01-31

申请号：US16897704

申请日：2020-06-10

Applicant: VMware, Inc.

Inventor： Danting Liu ,  Jianjun Shen ,  Abhishek Raut ,  Wenfeng Liu ,  Donghai Han

IPC: H04L12/24 ,  H04L29/08 ,  G06F9/455 ,  H04L29/06 ,  G06F9/54 ,  H04L12/803 ,  H04L12/06 ,  G06F15/16 ,  H04L15/16 ,  H04L61/50 ,  H04L49/00 ,  H04L45/42 ,  G06F9/50 ,  H04L9/40 ,  H04L61/103 ,  H04L41/0893 ,  H04L41/18 ,  H04L41/5041 ,  H04L41/50 ,  H04L67/10 ,  H04L12/46 ,  H04L12/66 ,  H04L67/1001

Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.

公开(公告)号：US11671400B2

公开(公告)日：2023-06-06

申请号：US16897695

申请日：2020-06-10

Applicant: VMware, Inc.

Inventor： Zhengsheng Zhou ,  Abhishek Raut ,  Jianjun Shen ,  Donghai Han

IPC: H04L61/50 ,  H04L49/00 ,  H04L61/103 ,  H04L12/66 ,  H04L45/42 ,  G06F9/455 ,  G06F9/50 ,  G06F9/54 ,  H04L9/40 ,  H04L41/0893 ,  H04L41/18 ,  H04L41/5041 ,  H04L41/50 ,  H04L67/10 ,  H04L12/46 ,  H04L67/1001 ,  H04L45/586

CPC classification number: H04L61/50 ,  G06F9/45558 ,  G06F9/5083 ,  G06F9/54 ,  G06F9/547 ,  H04L12/4641 ,  H04L12/66 ,  H04L41/0893 ,  H04L41/18 ,  H04L41/5048 ,  H04L41/5077 ,  H04L45/42 ,  H04L45/586 ,  H04L49/70 ,  H04L61/103 ,  H04L63/0209 ,  H04L63/0218 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1001 ,  G06F9/5077 ,  G06F2009/4557 ,  G06F2009/45562 ,  G06F2009/45595

Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML, files.

公开(公告)号：US20230171291A1

公开(公告)日：2023-06-01

申请号：US17570354

申请日：2022-01-06

Applicant: VMware, Inc.

Inventor： Abhishek Raut ,  Yang Ding ,  Kai Su ,  Donghai Han ,  Zhengsheng Zhou ,  Wenfeng Liu

IPC: H04L9/40

CPC classification number: H04L63/20

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing access to network security policies. One of the methods includes determining, for a policy access request i) received from a device and ii) that requests access to a network security policy that defines a rule for controlling network traffic, whether there is an entitlement for the network security policy, wherein the entitlement indicates one or more types of operations that a subset of user accounts can perform on the network security policy; in response to determining that there is an entitlement, determining, using a mapping for the entitlement that identifies the subset of user accounts that have access to the network security policy, whether a user account for the device is included in the subset of user accounts; and selectively allowing or denying the policy access request using the entitlement and a result of the determination.

公开(公告)号：US11190424B2

公开(公告)日：2021-11-30

申请号：US16742919

申请日：2020-01-15

Applicant: VMware, Inc.

Inventor： Abhishek Raut ,  Kai Su ,  Jianjun Shen ,  Salvatore Orlando ,  Tong Liu ,  Shih-Hao Li

IPC: G06F15/173 ,  H04L12/26 ,  H04L12/713 ,  H04L29/06 ,  H04L12/931 ,  H04L12/825 ,  H04L12/751 ,  H04L12/715

Abstract: Example methods and systems for container-based connectivity check in a software-defined networking (SDN) environment are disclosed. One example method may comprise detecting, a request for a connectivity check between a first container-based resource and a second container-based resource; identifying a first logical network element and a second logical network element; and injecting a connectivity check packet at the first logical network element for forwarding towards the second logical network element. The example method also may comprise: obtaining report information associated with one or more intermediate logical network elements located along a path that is traversed by the connectivity check packet; and determining a connectivity status associated with the first container-based resource and the second container-based resource based on the report information.

公开(公告)号：US20210314388A1

公开(公告)日：2021-10-07

申请号：US16897640

申请日：2020-06-10

Applicant: VMware, Inc.

Inventor： Zhengsheng Zhou ,  Jianjun Shen ,  Abhishek Raut ,  Yang Liu

IPC: H04L29/08 ,  H04L29/12 ,  G06F9/50 ,  G06F9/54

Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.

公开(公告)号：US20210314361A1

公开(公告)日：2021-10-07

申请号：US16897695

申请日：2020-06-10

Applicant: VMware, Inc.

Inventor： Zhengsheng Zhou ,  Abhishek Raut ,  Jianjun Shen ,  Donghai Han

IPC: H04L29/06 ,  H04L29/12

Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML, files.

公开(公告)号：US20210314240A1

公开(公告)日：2021-10-07

申请号：US16897704

申请日：2020-06-10

Applicant: VMware, Inc.

Inventor： Danting Liu ,  Jianjun Shen ,  Abhishek Raut ,  Wenfeng Liu ,  Donghai Han

IPC: H04L12/24 ,  H04L29/08 ,  G06F9/455 ,  H04L29/06 ,  G06F9/54

Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.