公开(公告)号：US20200236047A1

公开(公告)日：2020-07-23

申请号：US16251083

申请日：2019-01-18

Applicant: VMware, Inc.

Inventor： Mukesh HIRA ,  Rahul JAIN

IPC: H04L12/741 ,  H04L12/46 ,  H04L12/715 ,  H04L12/931 ,  H04L29/06 ,  G06F9/455

Abstract: Example methods are provided a network device to perform service insertion in a public cloud environment that includes a first virtual network and a second virtual network. In one example method, in response to receiving a first encapsulated packet from a first virtualized computing instance located in the first virtual network, the network device may generate a decapsulated packet by performing decapsulation to remove, from the first encapsulated packet. The method may also comprise identifying a service path specified by a service insertion rule, and sending the decapsulated packet to the service path to cause the service path to process the decapsulated packet according to one or more services. The method may further comprise: in response to the network device receiving the decapsulated packet processed by the service path, sending the decapsulated packet, or generating and sending a second encapsulated packet, towards a destination address.

公开(公告)号：US20220197687A1

公开(公告)日：2022-06-23

申请号：US17559004

申请日：2021-12-22

Applicant: VMware, Inc.

Inventor： Brian Masao OKI ,  Mukesh HIRA ,  Konstantinos ROUSSOS ,  Gayathri VUPPULURI

IPC: G06F9/455 ,  G06F9/54 ,  G06F11/14 ,  H04L41/08

Abstract: An example method of data protection in a virtualized computing system, the virtualized computing system including a host cluster, a virtualization management server connected, and a network manager coupled to a physical network, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts, is described. The method includes: receiving a backup request; executing, in response to the backup request, a coupled backup of the virtualization management server and the network manager, including: creating a backup of a first database in the virtualization management server, the first database storing first configuration data for a virtual infrastructure (VI) control plane of the host cluster; creating a backup of a second database in the network manager, the second database storing second configuration data for a logical network deployed in the host cluster; and storing the coupled backup in remote storage.

公开(公告)号：US20210036889A1

公开(公告)日：2021-02-04

申请号：US16525426

申请日：2019-07-29

Applicant: VMware, Inc.

Inventor： Rahul JAIN ,  Mukesh HIRA

IPC: H04L12/46 ,  H04L12/713 ,  H04L12/715 ,  H04L29/12

Abstract: A system and method for connecting virtual computer networks in a public cloud computing environment using a transit virtual computer network uses a cloud gateway device in the transit virtual computer network that includes a first-tier logical router and a plurality of second-tier logical routers connected to the virtual computer networks. A source Internet Protocol (IP) address of outgoing data packets from a particular virtual computer network is translated at a particular second-tier logical router of the cloud gateway device from an IP address of the particular virtual computer network to an internal IP address from a particular pool of IP addresses. The outgoing data packets are then routed to the first-tier logical router of the cloud gateway device, where the outgoing data packets are transmitted a destination network from a particular interface of the first-tier logical router of the cloud gateway device.

公开(公告)号：US20210021486A1

公开(公告)日：2021-01-21

申请号：US16515026

申请日：2019-07-18

Applicant: VMware, Inc.

Inventor： Rahul JAIN ,  Mukesh HIRA ,  Su WANG

IPC: H04L12/24 ,  H04L29/08 ,  H04L12/46

Abstract: Example methods and computer systems are provided for east-west service insertion in a public cloud environment. An example method may comprise detecting an egress packet that is destined for a second endpoint located in the same virtual network as a first endpoint. The method may also comprise: in response to determination that service insertion is required, identifying a service path based on a service insertion rule; generating an encapsulated packet by encapsulating the egress packet with an outer header that is addressed from the first endpoint to a network device; and sending the encapsulated packet to cause the network device to send the egress packet towards the service path, thereby steering the egress packet towards the service path for processing.

公开(公告)号：US20200274802A1

公开(公告)日：2020-08-27

申请号：US16384666

申请日：2019-04-15

Applicant: VMware, Inc.

Inventor： Da WAN ,  Mukesh HIRA ,  Feng GU ,  Jianjun SHEN ,  Pankaj THAKKAR ,  Donghai HAN ,  Wen Feng LIU ,  Tao MA

IPC: H04L12/715 ,  H04L12/46 ,  H04L12/931 ,  H04L12/933

Abstract: Systems and methods of communicating between a plurality of hosts comprising one or more first hosts controlled by a first control plane and one or more second hosts controlled by a second control plane are disclosed herein. Each of the one or more first hosts runs at least one tunneling endpoint of one or more first tunneling endpoints, and each of the one or more second hosts runs at least one tunneling endpoint of one or more second tunneling endpoint. The method includes storing, at each of the one or more first hosts, a global list identifying at least the one or more second tunneling endpoints. The method further includes receiving a packet at one of the one or more first tunneling endpoints. The method further includes replicating, encapsulating, and transmitting the packet to each of the one or more second tunneling endpoints based on the global list.

公开(公告)号：US20220197688A1

公开(公告)日：2022-06-23

申请号：US17559019

申请日：2021-12-22

Applicant: VMware, Inc.

Inventor： Brian Masao OKI ,  Mukesh HIRA ,  Konstantinos ROUSSOS ,  Gayathri VUPPULURI

IPC: G06F9/455

Abstract: An example method of data protection in a virtualized computing system, which includes host clusters, a virtualization management server, and a network manager coupled to a physical network, each host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts, is described. The method includes receiving, at the virtualization management server, a restore request; executing, at the virtualization management server in response to the restore request, restoration of a coupled backup of the virtualization management server and the network manager, the coupled backup including a backup of a first database of the virtualization management server and a backup of a second database of the network manager, the restoration including: restoring at least one of the first database and the second database from the coupled backup; repairing runtime state of at least one of the host clusters to make the runtime state consistent with the restoration.

公开(公告)号：US20200236046A1

公开(公告)日：2020-07-23

申请号：US16251080

申请日：2019-01-18

Applicant: VMware, Inc.

Inventor： Rahul JAIN ,  Kantesh MUNDARAGI ,  Pierluigi ROLANDO ,  Jayant JAIN ,  Mukesh HIRA

IPC: H04L12/741 ,  H04L12/46 ,  H04L12/931 ,  G06F9/455

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US20200220793A1

公开(公告)日：2020-07-09

申请号：US16240792

申请日：2019-01-07

Applicant: VMware, Inc.

Inventor： Mukesh HIRA

IPC: H04L12/26

Abstract: Example methods are provided a first host to perform packet flow monitoring in a software-defined networking (SDN) environment. One example may comprise the first host receiving a request to monitor a packet flow and triggering a telemetry process based on a predetermined event associated with the packet flow. The method may also comprise: in response to the triggered telemetry process and detecting an egress packet associated with the packet flow, generating an encapsulated packet by encapsulating the egress packet with an outer header; configuring a telemetry instruction in the outer header; and sending the encapsulated packet with the telemetry instruction to the second host via one or more intermediate network devices. The telemetry instruction may be configured to cause the one or more intermediate network devices to add, to the encapsulated packet, metadata associated with a network state experienced by the encapsulated packet.