公开(公告)号：US20220400070A1

公开(公告)日：2022-12-15

申请号：US17347706

申请日：2021-06-15

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Rick Lund ,  Russell Lu ,  Sushruth Gopal ,  Subrahmanyam Manuguri

IPC: H04L12/26

Abstract: The method of some embodiments samples data flows. The method samples a first set of flows during a first time interval using a first logical port window for the first time interval. The first logical port window identifies a first set of non-contiguous layer 4 (L4) values in an L4 port range that are candidate values for sampling the flows during the first time interval. The method also samples a second set of flows during a second time interval using a second logical port window for the second time interval. The second logical port window identifies a second set of non-contiguous L4 values in an L4 port range that are candidate values for sampling the flows during the second time interval.

公开(公告)号：US20210026830A1

公开(公告)日：2021-01-28

申请号：US16520232

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Russell Lu ,  Ly Loi ,  Rick Lund ,  Arnold Poon

IPC: G06F16/23 ,  G06F16/22

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. The analysis appliance, in some embodiments, receives definitions of keys and provides them to the host computers. In some embodiments, existing keys are modified based on the analysis. Additionally, or alternatively, new keys are provided based on the analysis. In some embodiments, the analysis appliance receives the flow group records (e.g., sets of attributes) based on the keys and the configuration data from each host computer.

公开(公告)号：US11882196B2

公开(公告)日：2024-01-23

申请号：US17874127

申请日：2022-07-26

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Rick Lund ,  Mike Parsa ,  Brenden Blanco ,  Anirban Sengupta

IPC: H04L67/56 ,  H04L15/16 ,  H04L67/143 ,  H04L67/01 ,  H04L67/1001 ,  G06F9/455 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L67/56 ,  G06F9/45558 ,  H04L67/01 ,  H04L67/1001 ,  H04L67/143 ,  G06F2009/45595

Abstract: In some embodiments, a method instantiates a proxy that stores first state information for first workloads running on a first computing device. The first computing device receives a migrated workload from a second computing device and second state information for a session associated with the migrated workload. The second state information is generated by a proxy on the second computing device that processed one or more packets for the migrated workload on the second computing device. The method stories the second state information for the proxy on the first computing device and resumes the session associated with the migrated workload using the proxy on the first computing device.

公开(公告)号：US20220360643A1

公开(公告)日：2022-11-10

申请号：US17874127

申请日：2022-07-26

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Rick Lund ,  Mike Parsa ,  Brenden Blanco ,  Anirban Sengupta

IPC: H04L67/56 ,  H04L67/143 ,  G06F9/455 ,  H04L67/01 ,  H04L67/1001

Abstract: In some embodiments, a method instantiates a proxy that stores first state information for first workloads running on a first computing device. The first computing device receives a migrated workload from a second computing device and second state information for a session associated with the migrated workload. The second state information is generated by a proxy on the second computing device that processed one or more packets for the migrated workload on the second computing device. The method stories the second state information for the proxy on the first computing device and resumes the session associated with the migrated workoad using the proxy on the first computing device.

公开(公告)号：US20220188140A1

公开(公告)日：2022-06-16

申请号：US17122192

申请日：2020-12-15

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Rick Lund

IPC: G06F9/455 ,  G06F9/445

Abstract: Some embodiments provide a method for performing services on a host computer that executes several machines in a datacenter. The method configures a first set of one or more service containers for a first machine executing on the host computer, and a second set of one or more service containers for a second machine executing on the host computer. Each configured service container performs a service operation (e.g., a middlebox service operation, such as firewall, load balancing, encryption, etc.) on data messages associated with a particular machine (e.g., on ingress and/or egress data messages to and/or from the particular machine). For each particular machine, the method also configures a module along the particular machine's datapath to identify a subset of service operations to perform on a set of data messages associated with the particular machine, and to direct the set of data messages to a set of service containers configured for the particular machine to perform the identified set of service operations on the set of data messages. In some embodiments, the first and second machines are part of one logical network or one virtual private cloud that is deployed over a common physical network in the datacenter.

公开(公告)号：US11188570B2

公开(公告)日：2021-11-30

申请号：US16520224

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Russell Lu ,  Ly Loi ,  Rick Lund ,  Sushruth Gopal

IPC: G06F17/00 ,  G06F16/28 ,  G06N20/00 ,  G06N5/04 ,  G06F16/2455 ,  G06F9/455 ,  G06F21/55

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Each host computer, in some embodiments, is responsible for collecting and reporting attributes of data flows associated with machines executing on a host computer. The host computer, in some embodiments, first eliminates duplicative flow group records and then aggregates the flow data according to a set of received keys that specify attributes that define the aggregation. For example, a simple key that specifies a set of machine identifiers (e.g., a VM ID) as attribute values will, for each machine identifier, aggregate all flows with that machine identifier into a single aggregated flow group record. In some embodiments, the host computer includes a flow exporter that processes and publishes flow data to the analysis appliance.

公开(公告)号：US20210026870A1

公开(公告)日：2021-01-28

申请号：US16520224

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Russell Lu ,  Ly Loi ,  Rick Lund ,  Sushruth Gopal

IPC: G06F16/28 ,  G06N20/00 ,  G06N5/04 ,  G06F16/2455

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Each host computer, in some embodiments, is responsible for collecting and reporting attributes of data flows associated with machines executing on a host computer. The host computer, in some embodiments, first eliminates duplicative flow group records and then aggregates the flow data according to a set of received keys that specify attributes that define the aggregation. For example, a simple key that specifies a set of machine identifiers (e.g., a VM ID) as attribute values will, for each machine identifier, aggregate all flows with that machine identifier into a single aggregated flow group record. In some embodiments, the host computer includes a flow exporter that processes and publishes flow data to the analysis appliance.

公开(公告)号：US10735541B2

公开(公告)日：2020-08-04

申请号：US16207031

申请日：2018-11-30

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Rick Lund ,  Mike Parsa ,  Brenden Blanco ,  Anirban Sengupta

IPC: H04L29/08 ,  H04L29/06 ,  G06F9/455

Abstract: In some embodiments, a first proxy is instantiated on the first computing device. and receives packets that are intercepted by a hypervisor. The packets are sent between a workload and another device and the proxy includes a first session between the proxy and the another device and a second session between the proxy and the workload. State information is extracted for the packets that are sent in the first session or the second session at the first proxy and the state information is stored. The first computing device migrates the workload to a second computing device. When the workload is migrated to the second computing device, the state information for the workload is migrated to a second proxy that is instantiated on the second computing device. The second proxy then resumes the first session with the another device and the second session with the proxy using the state information.

公开(公告)号：US11734043B2

公开(公告)日：2023-08-22

申请号：US17122192

申请日：2020-12-15

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Rick Lund

IPC: G06F9/455 ,  G06F9/445

CPC classification number: G06F9/45558 ,  G06F9/44505 ,  G06F9/45545 ,  G06F2009/45562 ,  G06F2009/45579 ,  G06F2009/45595

Abstract: Some embodiments provide a method for performing services on a host computer that executes several machines in a datacenter. The method configures a first set of one or more service containers for a first machine executing on the host computer, and a second set of one or more service containers for a second machine executing on the host computer. Each configured service container performs a service operation (e.g., a middlebox service operation, such as firewall, load balancing, encryption, etc.) on data messages associated with a particular machine (e.g., on ingress and/or egress data messages to and/or from the particular machine). For each particular machine, the method also configures a module along the particular machine's datapath to identify a subset of service operations to perform on a set of data messages associated with the particular machine, and to direct the set of data messages to a set of service containers configured for the particular machine to perform the identified set of service operations on the set of data messages. In some embodiments, the first and second machines are part of one logical network or one virtual private cloud that is deployed over a common physical network in the datacenter.

公开(公告)号：US20220191304A1

公开(公告)日：2022-06-16

申请号：US17122153

申请日：2020-12-15

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Rick Lund

IPC: H04L29/08 ,  G06F9/455

Abstract: Some embodiments provide a method for performing services on a host computer that executes several machines in a datacenter. The method configures a first set of one or more service containers for a first machine executing on the host computer, and a second set of one or more service containers for a second machine executing on the host computer. Each configured service container performs a service operation on data messages associated with a particular machine. For each particular machine, the method also configures a module along the particular machine's datapath to identify a subset of service operations to perform on a set of data messages associated with the particular machine, and to direct the set of data messages to a set of service containers configured for the particular machine to perform the identified set of service operations on the set of data messages.