-
公开(公告)号:US20250119422A1
公开(公告)日:2025-04-10
申请号:US18481557
申请日:2023-10-05
Applicant: VMware, Inc.
Inventor: Wenying Dong , Jianjun Shen , Rahul Jain , Quan Tian , Mengdie Song , Xu Liu
IPC: H04L9/40 , G06F9/54 , H04L41/046
Abstract: The disclosure provides a method for authenticating a network agent deployed in a networking environment. The method generally includes receiving, by a network controller in the networking environment, a name of an external node where the network agent is running and a token associated with the external node; in response to receiving the name of the external node, obtaining, by the network controller, a secret associated with the token; parsing, by the network controller, the secret to determine an expected external node name corresponding to the token; comparing the expected external node name with the received external node name; and trusting the network agent when the expected external node name and the received external node name match.
-
公开(公告)号:US20250030663A1
公开(公告)日:2025-01-23
申请号:US18235772
申请日:2023-08-18
Applicant: VMware, Inc.
Inventor: Yang Ding , Jiahao Wu , Jianjun Shen , Lan Luo , Akshay Katrekar , Guna Singh Bagavath Singh Chidambaram Udhaya Singh
IPC: H04L9/40
Abstract: Techniques associated with exchanging data between clusters are disclosed. A data packet can be received from a first pod in a first cluster of a cluster set that targets a second pod or service in a second cluster of the cluster set. A label identity is determined for the first pod from a table of pods and label identities. The label identity for the first pod is added in a virtual network identifier field of a data packet header. The data packet is communicated from a first virtual switch to the second cluster through a tunnel interface and gateway node. Upon receipt of the data packet, the label identity is extracted from the data packet header, and an ingress rule associated with the label identity can be determined. Access to the second pod is controlled based on the rule.
-
3.发明申请公开(公告)号:US20250028548A1
公开(公告)日:2025-01-23
申请号:US18237387
申请日:2023-08-23
Applicant: VMware, Inc.
Inventor: Xiaopei Liu , Danting Liu , Wenfeng Liu , Jianjun Shen , Donghai Han
IPC: G06F9/455
Abstract: The disclosure provides a method for assigning containerized workloads to isolated network constructs within a networking environment associated with a container-based cluster. The method generally includes receiving, at the container-based cluster, a subnet port custom resource specification to initiate creation of a subnet port object to assign a node to a subnet within the networking environment, wherein one or more containerized workloads are running on the node, in response to receiving the subnet port custom resource specification, creating the subnet port object, and modifying a state of the container-based cluster to match a first intended state of the container-based cluster at least specified in the subnet port object, wherein modifying the state comprises assigning the node to the subnet in the networking environment.
-
公开(公告)号:US20240031267A1
公开(公告)日:2024-01-25
申请号:US17898344
申请日:2022-08-29
Applicant: VMware, Inc.
Inventor: Ran Gu , Wenfeng Liu , Donghai Han , Jianjun Shen , Zhengsheng Zhou
IPC: H04L43/10 , H04L43/062
CPC classification number: H04L43/10 , H04L43/062
Abstract: Some embodiments of the invention provide a method for performing data traffic monitoring for a system that includes a set of heterogeneous networks that includes at least an overlay first network layer that is built on top of an underlay second network layer. The method is performed at a federation controller for the system. The method directs (1) a first set of components in the overlay first network layer to perform a first trace operation to trace a packet exchanged between two machines and passing through network components defined in the overlay first network layer and underlay second network layer and (2) a second set of components in the underlay second network layer to perform a second trace operation to trace the packet. The method receives, from the first and second sets of components, first and second sets of trace data collected during the first and second trace operations. The collected trace data includes correlation data for correlating the first and second sets of data. The method uses the correlation data to correlate the first and second sets of trace data to generate a final trace report identifying a complete path traversed by the packet through the overlay first network layer and underlay second network layer.
-
公开(公告)号:US11805101B2
公开(公告)日:2023-10-31
申请号:US17223731
申请日:2021-04-06
Applicant: VMware, Inc.
Inventor: Li Sun , Parasuramji Rajendran , Yang Ping , Jianjun Shen
IPC: H04L9/40 , H04L61/103 , H04L101/622
CPC classification number: H04L63/0263 , H04L61/103 , H04L63/0236 , H04L63/20 , H04L2101/622
Abstract: Some embodiments provide a novel secure method for suppressing address discovery messaging. In some embodiments, the method receives an address discovery record that provides a network address associated with a machine connected to a network. The method then identifies a set of one or more rules for evaluating the received address discovery record to determine whether the address discovery record or its provided network address should be distributed to one or more hosts and/or devices associated with the network. The method then processes the set of rules to determine whether the received address discovery record violates a rule in the set of rules so as to prevent the distribution of its provided network address. When the address discovery record violates a rule, the method discards it in some embodiments. On the other hand, when the address discovery record does not violate any rule in the identified set of rules, the method distributes the address discovery record or its provided network address to one or more hosts and/or devices associated with the network.
-
Patent Agency Ranking
6.发明公开公开(公告)号:US20230342182A1
公开(公告)日:2023-10-26
申请号:US18336271
申请日:2023-06-16
Applicant: VMware, Inc.
Inventor: Da Wan , Jianjun Shen , Feng Pan , Pankaj Thakkar , Donghai Han
CPC classification number: G06F9/45558 , G06F9/5083 , G06F2009/4557 , G06F2009/45595
Abstract: In an embodiment, a computer-implemented method for dynamically exchanging runtime state data between datacenters with a gateway using a controller bridge is disclosed. In an embodiment, the method comprises: receiving one or more first runtime state data from one or more logical sharding central control planes (“CCPs”) controlling one or more logical sharding hosts; receiving one or more second runtime state data from a gateway that is controlled by a CCP that also controls one or more physical sharding hosts; aggregating to aggregated runtime state data, the one or more first runtime state data received from the one or more logical sharding CCPs and the one or more second runtime state data received from the gateway; determining updated runtime state data based on the aggregated runtime state data, the one or more first runtime state data, and the one or more second runtime state data; and transmitting the updated runtime state data to at least one of the one or more logical sharding CCPs and the gateway.
-
公开(公告)号:US20230179513A1
公开(公告)日:2023-06-08
申请号:US18102699
申请日:2023-01-28
Applicant: VMware, Inc.
Inventor: Jianjun Shen , Ran Gu , Quan Tian , Wenying Dong , Antonin Bas
Abstract: Some embodiments provide a method for an agent executing on a Kubernetes node in a cluster. The method instructs a forwarding element that also executes on the node to process a flow tracing packet. From the forwarding element, the method receives a message indicating a set of flow entries matched by the flow tracing packet as the forwarding element processes the flow tracing packet. For each flow entry of at least a subset of the flow entries matched by the flow tracing packet, the method generates mapping data that maps elements of the flow entry to Kubernetes concepts implemented in the cluster. The method reports data regarding the set of flow entries along with the generated mapping data.
-
公开(公告)号:US11671400B2
公开(公告)日:2023-06-06
申请号:US16897695
申请日:2020-06-10
Applicant: VMware, Inc.
Inventor: Zhengsheng Zhou , Abhishek Raut , Jianjun Shen , Donghai Han
IPC: H04L61/50 , H04L49/00 , H04L61/103 , H04L12/66 , H04L45/42 , G06F9/455 , G06F9/50 , G06F9/54 , H04L9/40 , H04L41/0893 , H04L41/18 , H04L41/5041 , H04L41/50 , H04L67/10 , H04L12/46 , H04L67/1001 , H04L45/586
CPC classification number: H04L61/50 , G06F9/45558 , G06F9/5083 , G06F9/54 , G06F9/547 , H04L12/4641 , H04L12/66 , H04L41/0893 , H04L41/18 , H04L41/5048 , H04L41/5077 , H04L45/42 , H04L45/586 , H04L49/70 , H04L61/103 , H04L63/0209 , H04L63/0218 , H04L63/0263 , H04L63/0272 , H04L63/20 , H04L67/10 , H04L67/1001 , G06F9/5077 , G06F2009/4557 , G06F2009/45562 , G06F2009/45595
Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML, files.
-
9.发明授权公开(公告)号:US11606254B2
公开(公告)日:2023-03-14
申请号:US17389305
申请日:2021-07-29
Applicant: VMware, Inc.
Inventor: Danting Liu , Jianjun Shen , Wenfeng Liu , Rui Cao , Ran Gu , Donghai Han
Abstract: The method of some embodiments allocates a secondary network interface for a pod, which has a primary network interface, in a container network operating on an underlying logical network. The method receives an ND that designates a network segment. The method receives the pod, wherein the pod includes an identifier of the ND. The method then creates a secondary network interface for the pod and connects the secondary network interface to the network segment. In some embodiments, the pods include multiple ND identifiers that each identify a network segment. The method of such embodiments creates multiple secondary network interfaces and attaches the multiple network segments to the multiple secondary network interfaces.
-
公开(公告)号:US20210314190A1
公开(公告)日:2021-10-07
申请号:US16897715
申请日:2020-06-10
Applicant: VMware, Inc.
Inventor: Danting Liu , Jianjun Shen , Kai Su , Qian Sun , Wenfeng Liu , Donghai Han
Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.
-
-
-
-
-
-
-
-
-
Search Results
65
records
(took 0.022 seconds)
