公开(公告)号：US11848910B1

公开(公告)日：2023-12-19

申请号：US18098081

申请日：2023-01-17

Applicant: VMware, Inc.

Inventor： Tao Zou ,  Danting Liu ,  Salvatore Orlando ,  Wenfeng Liu ,  Donghai Han

IPC: H04L61/5007 ,  H04L41/0895 ,  H04L41/044

CPC classification number: H04L61/5007 ,  H04L41/044 ,  H04L41/0895

Abstract: Some embodiments provide a novel method for resiliently associating Internet Protocol (IP) addresses with pods that each have unique identifiers (IDs) in a managed cluster of worker nodes managed by a first set of one or more controllers of the managed cluster. The resilient association between IP addresses and pods is maintained even when pods are moved between worker nodes. At a second set of controllers, the method receives notification regarding deployment, on a first worker node, of a stateful pod associated with a particular ID. The method allocates an IP address to the stateful pod. The method creates a mapping between the IP address and the particular ID in order to maintain the allocation of the IP address to the stateful pod. The method provides the IP address to the first set of controllers to use for the stateful pod.

公开(公告)号：US09256746B2

公开(公告)日：2016-02-09

申请号：US13716038

申请日：2012-12-14

Applicant: VMware, Inc.

Inventor： Michael Ira Toback ,  David Ferguson ,  Maria del Carmen Hernandez-Villavicencio ,  Wenfeng Liu ,  Monty Ijzerman

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F21/57

Abstract: Exemplary methods, apparatuses, and systems receive data describing a first software component used by a software product and vulnerability data describing a vulnerability in the first software component. A vulnerability score is calculated for the software product based upon the vulnerability data for the first software component. The vulnerability score is recalculated for the software product based upon receiving an updated status of the vulnerability in the first software component from bug tracking software, a waiver of the vulnerability of a software component, the addition of another software component, or another update to the software product or component(s). The task of remediation of the vulnerability in the first software component can be assigned to a user and tracked. A user interface is provided to enable users to monitor the vulnerabilities of software products or components.

Abstract translation: 示例性方法，装置和系统接收描述由软件产品使用的第一软件组件的数据和描述第一软件组件中的漏洞的漏洞数据。 基于第一个软件组件的漏洞数据计算软件产品的漏洞得分。 基于从错误跟踪软件接收到第一软件组件中的漏洞的更新状态，软件组件的漏洞的豁免，另外的软件组件的添加或另一个更新到 软件产品或组件。 可以将修复第一个软件组件中的漏洞的任务分配给用户并进行跟踪。 提供了一个用户界面，使用户能够监视软件产品或组件的漏洞。

公开(公告)号：US20240244037A1

公开(公告)日：2024-07-18

申请号：US18178832

申请日：2023-03-06

Applicant: VMware, Inc.

Inventor： Lan Luo ,  Jianjun Shen ,  Jiajing Hu ,  Wenfeng Liu ,  Donghai Han

IPC: H04L9/40 ,  G06F9/455

CPC classification number: H04L63/029 ,  G06F9/45558 ,  G06F2009/45595

Abstract: Systems and methods for exchanging network information between member clusters include configuring a gateway pool of a member cluster, the gateway pool comprising a plurality of gateway nodes, the member cluster comprising the plurality of gateway nodes and one or more nodes, configuring a gateway node of the plurality of gateway nodes as an active gateway node for the member cluster, writing member cluster information to a storage, the member cluster information indicating address information of the gateway node, reading second member cluster information from the storage, the second member cluster information indicating address information of a gateway node of a second member cluster, establishing a tunnel between the gateway node and the second gateway node based on the second member cluster information, and communicating network traffic from at least one node of the member cluster to at least one node of the second member cluster via the tunnel.

公开(公告)号：US20240113968A1

公开(公告)日：2024-04-04

申请号：US17960126

申请日：2022-10-04

Applicant: VMware, Inc.

Inventor： Danting Liu ,  Qian Sun ,  Jianjun Shen ,  Wenfeng Liu ,  Donghai Han

IPC: H04L45/745 ,  H04L45/02 ,  H04L45/586

CPC classification number: H04L45/745 ,  H04L45/02 ,  H04L45/586

Abstract: Some embodiments provide an automated method for defining externally routable Pods within a Kubernetes cluster. In some embodiments, the Pod operates in a guest cluster has its own VPC (virtual private cloud) network in a datacenter with several other guest clusters that have their own VPC networks and their own set of managers. In some embodiments, a Pod within a GC can be made externally routable so that it can be directly addressable from an external client outside of the Pod's network by using two new Kubernetes CRDs (custom resource definitions), which are an IPPool CRD and a RouteSet CRD. Examples of such external clients include VMs or Pods in another GC or a supervisor cluster connected to the particular GC through a gateway, or from a machine outside of the network of all of the GCs or SC.

公开(公告)号：US11936544B2

公开(公告)日：2024-03-19

申请号：US17820328

申请日：2022-08-17

Applicant: VMware, Inc.

Inventor： Jianwei Sui ,  Danting Liu ,  Donghai Han ,  Wenfeng Liu ,  Jianjun Shen

IPC: G06F9/455 ,  G06F9/54 ,  H04L43/0876

CPC classification number: H04L43/0876 ,  G06F9/45558 ,  G06F9/547 ,  G06F2009/45595

Abstract: A system and method for capturing resource usage information in a network for namespaces in which pods operate are described herein. A data structure specifies a topology that includes a gateway and routing addresses in a network whose usage is to be captured. The data structure is provided to an API of a master node controlling the pods. A controller in the master node enforces the data structure and reports results back to the API.

公开(公告)号：US20240012664A1

公开(公告)日：2024-01-11

申请号：US17815609

申请日：2022-07-28

Applicant: VMware, Inc.

Inventor： Lan Luo ,  Wenfeng Liu ,  Donghai Han ,  Jianjun Shen

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45595

Abstract: The disclosure provides an approach for cross-cluster service resource discovery. A method includes obtaining, at a common store in a first node cluster in a cluster set information about a service resource of a second node cluster. The method includes creating a multi-cluster object associated with the service resource, wherein the multi-cluster object provides an association between the service resource and one or more endpoints on the second node cluster. The method includes storing the multi-cluster object in the common store, wherein the multi-cluster object is accessible in the common store by any of the plurality of node clusters in the cluster set to access the service resource on any of the one or more endpoints on the second node cluster.

公开(公告)号：US20230179484A1

公开(公告)日：2023-06-08

申请号：US18102700

申请日：2023-01-28

Applicant: VMware, Inc.

Inventor： Danting Liu ,  Jianjun Shen ,  Wenfeng Liu ,  Rui Cao ,  Ran Gu ,  Donghai Han

IPC: H04L41/08 ,  H04L12/46

CPC classification number: H04L41/0876 ,  H04L12/4641

Abstract: The method of some embodiments allocates a secondary network interface for a pod, which has a primary network interface, in a container network operating on an underlying logical network. The method receives an ND that designates a network segment. The method receives the pod, wherein the pod includes an identifier of the ND. The method then creates a secondary network interface for the pod and connects the secondary network interface to the network segment. In some embodiments, the pods include multiple ND identifiers that each identify a network segment. The method of such embodiments creates multiple secondary network interfaces and attaches the multiple network segments to the multiple secondary network interfaces.

公开(公告)号：US20240031268A1

公开(公告)日：2024-01-25

申请号：US17898351

申请日：2022-08-29

Applicant: VMware, Inc.

Inventor： Ran Gu ,  Wenfeng Liu ,  Donghai Han ,  Jianjun Shen ,  Zhengsheng Zhou

IPC: H04L43/10 ,  H04L45/64

CPC classification number: H04L43/10 ,  H04L45/64

Abstract: Some embodiments of the invention provide a method for performing data traffic monitoring for a system that includes a set of heterogeneous networks that includes at least an overlay first network layer that is built on top of an underlay second network layer. The method is performed at a federation controller for the system. The method directs (1) a first set of components in the overlay first network layer to perform a first trace operation to trace a packet exchanged between two machines and passing through network components defined in the overlay first network layer and underlay second network layer and (2) a second set of components in the underlay second network layer to perform a second trace operation to trace the packet. The method receives, from the first and second sets of components, first and second sets of trace data collected during the first and second trace operations. The collected trace data includes correlation data for correlating the first and second sets of data. The method uses the correlation data to correlate the first and second sets of trace data to generate a final trace report identifying a complete path traversed by the packet through the overlay first network layer and underlay second network layer.

公开(公告)号：US20220400053A1

公开(公告)日：2022-12-15

申请号：US17389305

申请日：2021-07-29

Applicant: VMware, Inc.

Inventor： Danting Liu ,  Jianjun Shen ,  Wenfeng Liu ,  Rui Cao ,  Ran Gu ,  Donghai Han

IPC: H04L12/24 ,  H04L12/46

Abstract: The method of some embodiments allocates a secondary network interface for a pod, which has a primary network interface, in a container network operating on an underlying logical network. The method receives an ND that designates a network segment. The method receives the pod, wherein the pod includes an identifier of the ND. The method then creates a secondary network interface for the pod and connects the secondary network interface to the network segment. In some embodiments, the pods include multiple ND identifiers that each identify a network segment. The method of such embodiments creates multiple secondary network interfaces and attaches the multiple network segments to the multiple secondary network interfaces.

公开(公告)号：US20210314240A1

公开(公告)日：2021-10-07

申请号：US16897704

申请日：2020-06-10

Applicant: VMware, Inc.

Inventor： Danting Liu ,  Jianjun Shen ,  Abhishek Raut ,  Wenfeng Liu ,  Donghai Han

IPC: H04L12/24 ,  H04L29/08 ,  G06F9/455 ,  H04L29/06 ,  G06F9/54

Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.