公开(公告)号：US20220321536A1

公开(公告)日：2022-10-06

申请号：US17223956

申请日：2021-04-06

Applicant: VMware, Inc.

Inventor： Vignesh Raghuraman ,  Guolin Yang ,  Boon S. Ang ,  Prerit Rodney ,  Rajeev Nair ,  Ashwin Mahesh Shroff

IPC: H04L29/06 ,  H04L12/46

Abstract: Some embodiments of the invention provide a method of upgrading a firewall module executing on a host computer to process traffic sent to and from machines executing on the host computer. While a first version of the firewall module executes on the host computer to process the traffic to and from the machines, the method loads a second version of the firewall module alongside the first version of the firewall module. For each of multiple ports associated with machines executing on the host computer for which the firewall module processes traffic sent to and from the port, the method saves a runtime state of the first version that relates to the port, transfers association of a firewall filter associated with the port from the first version to the second version, and restores the saved runtime state for the port to the second version.

公开(公告)号：US11743234B2

公开(公告)日：2023-08-29

申请号：US17223956

申请日：2021-04-06

Applicant: VMware, Inc.

Inventor： Vignesh Raghuraman ,  Guolin Yang ,  Boon S. Ang ,  Prerit Rodney ,  Rajeev Nair ,  Ashwin Mahesh Shroff

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/0263 ,  H04L12/4633 ,  H04L63/0236 ,  H04L63/20

Abstract: Some embodiments of the invention provide a method of upgrading a firewall module executing on a host computer to process traffic sent to and from machines executing on the host computer. While a first version of the firewall module executes on the host computer to process the traffic to and from the machines, the method loads a second version of the firewall module alongside the first version of the firewall module. For each of multiple ports associated with machines executing on the host computer for which the firewall module processes traffic sent to and from the port, the method saves a runtime state of the first version that relates to the port, transfers association of a firewall filter associated with the port from the first version to the second version, and restores the saved runtime state for the port to the second version.

公开(公告)号：US20240028367A1

公开(公告)日：2024-01-25

申请号：US17871992

申请日：2022-07-25

Applicant: VMware, Inc.

Inventor： Subin Cyriac Mathew ,  Prerit Rodney ,  Chidambareswaran Raman

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45595

Abstract: Some embodiments provide a method of forwarding data messages between source and destination host computers that execute source and destination machines. At a source computer on which a source machine for a data message flow executes, the method in some embodiments identifies a source tunnel endpoint group (TEPG) associated with the source machine. For the flow, the method selects one TEP of the TEPG as the source TEP. The method then uses the selected source TEP to forward the flow to the destination computer on which the destination machine executes.

公开(公告)号：US11722336B2

公开(公告)日：2023-08-08

申请号：US16285143

申请日：2019-02-25

Applicant: VMware, Inc.

Inventor： Feng Gu ,  Subin Cyriac Mathew ,  Prerit Rodney ,  Chidambareswaran Raman

IPC: H04L12/46

CPC classification number: H04L12/4633

Abstract: Certain embodiments herein are directed to a method of by a source virtual tunnel endpoint (VTEP) for selecting a tunneling protocol for encapsulating a packet destined for a destination VTEP. In some embodiments, the method includes receiving the packet for transmission to the destination VTEP. The method further includes determining whether the destination VTEP is configured with a first tunneling protocol. Upon determining that the destination VTEP is configured with the first tunneling protocol, the method includes encapsulating the packet using the first tunneling protocol, and transmitting the encapsulated packet to the destination VTEP. Upon determining that the destination VTEP is not configured with the first tunneling protocol, encapsulating the packet using a second tunneling protocol, and transmitting the encapsulated packet to the destination VTEP.

公开(公告)号：US11271776B2

公开(公告)日：2022-03-08

申请号：US16520325

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Uday Shankar Nagaraj ,  Shyam Sambasivan Ramachandran ,  Natalia Tupy Jensen ,  Mansi Babbar ,  Prerit Rodney

IPC: H04L12/46 ,  H04L12/713 ,  H04L29/12 ,  G06F9/455 ,  H04L12/26 ,  H04L45/586 ,  H04L61/2592 ,  H04L43/08

Abstract: Example methods and computer systems are provided for logical overlay network monitoring. The method may comprise: obtaining egress metric information associated with egress encapsulated packets that are sent by a source virtual tunnel endpoint (VTEP) to a destination VTEP over a logical overlay network; and obtaining ingress metric information associated with ingress encapsulated packets that are received by the destination VTEP from the source VTEP over the logical overlay network. The method may also comprise: performing a comparison to identify a divergence between the egress metric information and the ingress metric information; and based on the divergence, detecting a performance issue affecting logical overlay network connectivity between the source VTEP and the destination VTEP.

公开(公告)号：US20240031291A1

公开(公告)日：2024-01-25

申请号：US17871994

申请日：2022-07-25

Applicant: VMware, Inc.

Inventor： Subin Cyriac Mathew ,  Prerit Rodney ,  Chidambareswaran Raman

IPC: H04L47/125 ,  H04L12/46

CPC classification number: H04L47/125 ,  H04L12/4633

Abstract: Some embodiments provide a method of forwarding data messages between source and destination host computers that execute source and destination machines. At a source computer on which a source machine for a data message flow executes, the method in some embodiments identifies a source tunnel endpoint group (TEPG) associated with the source machine. For the flow, the method selects one TEP of the TEPG as the source TEP. The method then uses the selected source TEP to forward the flow to the destination computer on which the destination machine executes.

公开(公告)号：US20230370429A1

公开(公告)日：2023-11-16

申请号：US18227713

申请日：2023-07-28

Applicant: VMware, Inc.

Inventor： Vignesh Raghuraman ,  Guolin Yang ,  Boon S. Ang ,  Prerit Rodney ,  Rajeev Nair ,  Ashwin Mahesh Shroff

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/0263 ,  H04L12/4633 ,  H04L63/0236 ,  H04L63/20

Abstract: Some embodiments of the invention provide a method of upgrading a firewall module executing on a host computer to process traffic sent to and from machines executing on the host computer. While a first version of the firewall module executes on the host computer to process the traffic to and from the machines, the method loads a second version of the firewall module alongside the first version of the firewall module. For each of multiple ports associated with machines executing on the host computer for which the firewall module processes traffic sent to and from the port, the method saves a runtime state of the first version that relates to the port, transfers association of a firewall filter associated with the port from the first version to the second version, and restores the saved runtime state for the port to the second version.

公开(公告)号：US20220317990A1

公开(公告)日：2022-10-06

申请号：US17223959

申请日：2021-04-06

Applicant: VMware, Inc.

Inventor： Vignesh Raghuraman ,  Guolin Yang ,  Boon S. Ang ,  Prerit Rodney ,  Rajeev Nair ,  Ashwin Mahesh Shroff

IPC: G06F8/65 ,  H04L29/06

Abstract: Some embodiments of the invention provide a method of upgrading software defined networking (SDN) modules executing on a host computer. While a first version of the SDN modules is executing on the host computer to perform traffic processing, the method loads a second version of the SDN modules alongside the first version of the SDN modules such that the first and second versions of the SDN modules are executing on the host computer at the same time. The method saves runtime states from the first version of the SDN modules, and transfers responsibility for performing traffic processing from the first version of the SDN modules to the second version of the SDN modules. The method then restores the saved runtime states to the second version of the SDN modules.

公开(公告)号：US12231262B2

公开(公告)日：2025-02-18

申请号：US17560284

申请日：2021-12-23

Applicant: VMware, Inc.

Inventor： Subin Cyriac Mathew ,  Chidambareswaran Raman ,  Prerit Rodney ,  Naveen Vijayan Kodakkal Puthiyaveettil

IPC: H04L29/12 ,  H04L12/46 ,  H04L43/0876

Abstract: Example methods and systems for virtual tunnel endpoint (VTEP) mapping for overlay networking are described. One example may involve a computer system monitoring multiple VTEPs that are configured for overlay networking. In response to detecting a state transition associated with a first VTEP from a healthy state to an unhealthy state, the computer system may identify mapping information that associates a virtualized computing instance with the first VTEP in the unhealthy state; and update the mapping information to associate the virtualized computing instance with a second VTEP in the healthy state. In response to detecting an egress packet from the virtualized computing instance to a destination, an encapsulated packet may be generated and sent towards the destination based on the updated mapping information. The encapsulated packet may include the egress packet and an outer header identifying the second VTEP to be a source VTEP.

公开(公告)号：US20240028366A1

公开(公告)日：2024-01-25

申请号：US17871991

申请日：2022-07-25

Applicant: VMware, Inc.

Inventor： Subin Cyriac Mathew ,  Prerit Rodney ,  Chidambareswaran Raman

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45595 ,  G06F2009/4557

Abstract: Some embodiments provide a method of forwarding data messages between source and destination host computers that execute source and destination machines. At a source computer on which a source machine for a data message flow executes, the method in some embodiments identifies a source tunnel endpoint group (TEPG) associated with the source machine. For the flow, the method selects one TEP of the TEPG as the source TEP. The method then uses the selected source TEP to forward the flow to the destination computer on which the destination machine executes.