公开(公告)号：US20240388559A1

公开(公告)日：2024-11-21

申请号：US18212674

申请日：2023-06-21

Applicant: VMware, Inc.

Inventor： Quan Tian ,  Jianjun Shen ,  Donghai Han ,  Shuyang Xin ,  Wenqi Qiu

IPC: H04L61/103 ,  H04L9/40

Abstract: Systems and methods for configuring an egress node for an egress pod set comprising one or more pods are provided. The egress pod set may be allocated one or more egress internet protocol (IP) addresses. The egress node may be selected among nodes of a cluster including the one or more pods. The egress node may be configured as the routing destination for an egress IP address selected among the one or more egress internet protocol (IP) addresses.

公开(公告)号：US20250119422A1

公开(公告)日：2025-04-10

申请号：US18481557

申请日：2023-10-05

Applicant: VMware, Inc.

Inventor： Wenying Dong ,  Jianjun Shen ,  Rahul Jain ,  Quan Tian ,  Mengdie Song ,  Xu Liu

IPC: H04L9/40 ,  G06F9/54 ,  H04L41/046

Abstract: The disclosure provides a method for authenticating a network agent deployed in a networking environment. The method generally includes receiving, by a network controller in the networking environment, a name of an external node where the network agent is running and a token associated with the external node; in response to receiving the name of the external node, obtaining, by the network controller, a secret associated with the token; parsing, by the network controller, the secret to determine an expected external node name corresponding to the token; comparing the expected external node name with the received external node name; and trusting the network agent when the expected external node name and the received external node name match.

公开(公告)号：US20230179513A1

公开(公告)日：2023-06-08

申请号：US18102699

申请日：2023-01-28

Applicant: VMware, Inc.

Inventor： Jianjun Shen ,  Ran Gu ,  Quan Tian ,  Wenying Dong ,  Antonin Bas

IPC: H04L45/00 ,  H04L45/02

CPC classification number: H04L45/38 ,  H04L45/66 ,  H04L45/02 ,  H04L45/46

Abstract: Some embodiments provide a method for an agent executing on a Kubernetes node in a cluster. The method instructs a forwarding element that also executes on the node to process a flow tracing packet. From the forwarding element, the method receives a message indicating a set of flow entries matched by the flow tracing packet as the forwarding element processes the flow tracing packet. For each flow entry of at least a subset of the flow entries matched by the flow tracing packet, the method generates mapping data that maps elements of the flow entry to Kubernetes concepts implemented in the cluster. The method reports data regarding the set of flow entries along with the generated mapping data.

公开(公告)号：US20240388523A1

公开(公告)日：2024-11-21

申请号：US18212677

申请日：2023-06-21

Applicant: VMware, Inc.

Inventor： Quan Tian ,  Jianjun Shen ,  Donghai Han ,  Shuyang Xin ,  Wenqi Qiu

IPC: H04L45/02 ,  H04L9/40

Abstract: Systems and methods for configuring an egress node for an egress pod set comprising one or more pods are provided. The egress pod set may be allocated one or more egress internet protocol (IP) addresses. The egress node may be selected among nodes of a cluster including the one or more pods. The egress node may be configured as the routing destination for an egress IP address selected among the one or more egress internet protocol (IP) addresses.

公开(公告)号：US20220038501A1

公开(公告)日：2022-02-03

申请号：US17006846

申请日：2020-08-30

Applicant: VMware, Inc.

Inventor： Jianjun Shen ,  Wenying Dong ,  Quan Tian ,  Antonin Bas ,  Srikar Tati

IPC: H04L29/06 ,  G06F9/50 ,  H04L12/26

Abstract: Some embodiments provide a method for a module executing on a Kubernetes node in a cluster. The method retrieves data regarding ongoing connections processed by a forwarding element executing on the node. The method maps the retrieved data to Kubernetes concepts implemented in the cluster. The method exports the retrieved data along with the Kubernetes concepts to an aggregator that receives data regarding ongoing connections from a plurality of nodes in the cluster.

公开(公告)号：US20240243942A1

公开(公告)日：2024-07-18

申请号：US18126325

申请日：2023-03-24

Applicant: VMware, Inc.

Inventor： Bin Liu ,  Wenying Dong ,  Ruochen Shen ,  Quan Tian ,  Jianjun Shen

IPC: H04L12/18 ,  H04L45/16

CPC classification number: H04L12/185 ,  H04L45/16

Abstract: The disclosure provides approaches for managing multicast group membership at a node. An approach includes policing whether a pod can join a multicast group based on one or more rules. The approach further includes updating forwarding tables of a virtual switch based on whether the pod is allowed to join the multicast group.

公开(公告)号：US11558426B2

公开(公告)日：2023-01-17

申请号：US17006846

申请日：2020-08-30

Applicant: VMware, Inc.

Inventor： Jianjun Shen ,  Wenying Dong ,  Quan Tian ,  Antonin Bas ,  Srikar Tati

IPC: G06F15/173 ,  H04L9/40 ,  G06F9/50 ,  H04L43/045 ,  H04L43/10

Abstract: Some embodiments provide a method for a module executing on a Kubernetes node in a cluster. The method retrieves data regarding ongoing connections processed by a forwarding element executing on the node. The method maps the retrieved data to Kubernetes concepts implemented in the cluster. The method exports the retrieved data along with the Kubernetes concepts to an aggregator that receives data regarding ongoing connections from a plurality of nodes in the cluster.

公开(公告)号：US11196628B1

公开(公告)日：2021-12-07

申请号：US17006847

申请日：2020-08-30

Applicant: VMware, Inc.

Inventor： Jianjun Shen ,  Wenying Dong ,  Quan Tian ,  Antonin Bas

IPC: H04L12/24 ,  H04L12/935

Abstract: Some embodiments provide a method that receives a request for flow entries associated with a particular Kubernetes concept. The method identifies flow entries that match the request. For each flow entry that matches the request, the method generates mapping data that maps elements of the flow entry to additional Kubernetes concepts. The method provides the flow entries with the mapping data in response to the request.

公开(公告)号：US11595303B2

公开(公告)日：2023-02-28

申请号：US16538855

申请日：2019-08-13

Applicant: VMware, Inc.

Inventor： Yusheng Wang ,  Donghai Han ,  Danting Liu ,  Quan Tian

IPC: H04L45/00 ,  H04L45/64 ,  G06F9/455 ,  H04L47/125

Abstract: Example methods and systems for packet handling in a software-defined networking (SDN) environment are disclosed. One example method may comprise detecting an egress application-layer message from a first logical endpoint supported by a first host; and identifying a second logical endpoint supported by the second host for which the egress application-layer message is destined. The method may also comprise generating an egress packet that includes the egress application-layer message and metadata associated with the second logical endpoint, but omits one or more headers that are addressed from the first logical endpoint to the second logical endpoint. The method may further comprise sending the egress packet to the second host to cause the second host to identify the second logical endpoint based on the metadata, and to send the egress application-layer message to the second logical endpoint.

公开(公告)号：US11570090B2

公开(公告)日：2023-01-31

申请号：US17006845

申请日：2020-08-30

Applicant: VMware, Inc.

Inventor： Jianjun Shen ,  Ran Gu ,  Quan Tian ,  Wenying Dong

IPC: H04L45/00 ,  H04L45/02

Abstract: Some embodiments provide a method for an agent executing on a Kubernetes node in a cluster. The method instructs a forwarding element that also executes on the node to process a flow tracing packet. From the forwarding element, the method receives a message indicating a set of flow entries matched by the flow tracing packet as the forwarding element processes the flow tracing packet. For each flow entry of at least a subset of the flow entries matched by the flow tracing packet, the method generates mapping data that maps elements of the flow entry to Kubernetes concepts implemented in the cluster. The method reports data regarding the set of flow entries along with the generated mapping data.