公开(公告)号：US12301475B2

公开(公告)日：2025-05-13

申请号：US18372627

申请日：2023-09-25

Applicant: VMware LLC

Inventor： Jayant Jain ,  Raju Koganty ,  Anirban Sengupta

IPC: H04L47/70 ,  G06F9/50 ,  H04L41/50 ,  H04L41/5041 ,  H04L41/5051

Abstract: A novel method for dynamic network service allocation that maps generic services into specific configurations of service resources in a network is provided. An application that is assigned to be performed by computing resources in the network is associated with a set of generic services, and the method maps the set of generic services to the service resources based on the assignment of the application to the computing resources. The mapping of generic services is further based on a level of service that is chosen for the application, where the set of generic services are mapped to different sets of network resources according to different levels of services.

公开(公告)号：US11902050B2

公开(公告)日：2024-02-13

申请号：US16941473

申请日：2020-07-28

Applicant: VMware LLC

Inventor： Sami Boutros ,  Anirban Sengupta ,  Mani Kancherla ,  Jerome Catrouillet ,  Sri Mohana Singamsetty

IPC: H04L12/28 ,  H04L12/46 ,  H04L61/251 ,  H04L69/22 ,  H04L9/40 ,  G06F9/455

CPC classification number: H04L12/4641 ,  G06F9/45558 ,  H04L61/251 ,  H04L63/1416 ,  H04L69/22 ,  G06F2009/4557 ,  G06F2009/45595 ,  H04L2212/00

Abstract: Some embodiments of the invention provide a novel network architecture for providing edge services of a virtual private cloud (VPC) at host computers hosting machines of the VPC. The host computers in the novel network architecture are reachable from external networks through a gateway router of an availability zone (AZ). The gateway router receives a data message from the external network addressed to one or more data compute nodes (DCNs) in the VPC and forwards the data message to a particular host computer identified as providing a distributed edge service for the VPC. The particular host computer, upon receiving the forwarded data message, performs the distributed edge service and provides the serviced data message to a destination DCN.

公开(公告)号：US12166816B2

公开(公告)日：2024-12-10

申请号：US18123314

申请日：2023-03-19

Applicant: VMware LLC

Inventor： Jayant Jain ,  Anand Parthasarathy ,  Mani Kancherla ,  Anirban Sengupta

IPC: H04L67/1023 ,  H04L12/46 ,  H04L12/66 ,  H04L47/125 ,  H04L47/20 ,  H04L67/1027 ,  H04L101/622

Abstract: Some embodiments of the invention provide a method for forwarding data messages between a client and a server (e.g., between client and server machines and/or applications). In some embodiments, the method receives a data message that a load balancer has directed from a particular client to a particular server after selecting the particular server from a set of several candidate servers for the received data message's flow. The method stores an association between an identifier associated with the load balancer and a flow identifier associated with the message flow, and then forwards the received data message to the particular server. The method subsequently uses the load balancer identifier in the stored association to forward to the particular load balancer a data message that is sent by the particular server. The method of some embodiments is implemented by an intervening forwarding element (e.g., a router) between the load balancer set and the server set.

公开(公告)号：US12058108B2

公开(公告)日：2024-08-06

申请号：US17723191

申请日：2022-04-18

Applicant: VMware LLC

Inventor： Jingmin Zhou ,  David Lorenzo ,  Subrahmanyam Manuguri ,  Anirban Sengupta

IPC: H04L9/40 ,  G06F9/455 ,  G06F16/901

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  G06F16/9024 ,  H04L63/0218 ,  G06F2009/45587

Abstract: In some embodiments, a method receives a packet at an instance of a distributed firewall associated with one of a plurality of workloads running on a hypervisor. Each of the plurality of workloads has an associated instance of the distributed firewall. An index table is accessed for the workload where the index table includes a set of references to a set of rules in a rules table. Each workload in the plurality of workloads is associated with an index table that references rules that are applicable to each respective workload. The method then accesses at least one rule in a set of rules associated with the set of references from the rules table and compares one or more attributes for the packet to information stored for the at least one rule in the set of rules to determine a rule in the set of rules to apply to the packet.

公开(公告)号：US12301479B2

公开(公告)日：2025-05-13

申请号：US18431813

申请日：2024-02-02

Applicant: VMware LLC

Inventor： Jayant Jain ,  Ganesan Chandrashekhar ,  Anirban Sengupta ,  Pankaj Thakkar ,  Alexander Tessmer

IPC: H04L49/00 ,  H04L12/46 ,  H04L41/0803 ,  H04L45/00 ,  H04L45/64

Abstract: Described herein are systems, methods, and software to enhance network traffic management. In one implementation, a first host identifies a packet to be transferred from a first virtual machine on the first host to a second virtual machine on a second host. In response to identifying the packet, the first host identifies a source logical port for the first virtual machine, and transferring a communication to the second host, wherein the communication encapsulates the data packet and the source logical port. Once the packet is received by the second host, the second host may use the source logical port to determine a forwarding action for the packet.

公开(公告)号：US12250194B2

公开(公告)日：2025-03-11

申请号：US18102697

申请日：2023-01-28

Applicant: VMware LLC

Inventor： Sami Boutros ,  Mani Kancherla ,  Jayant Jain ,  Anirban Sengupta

IPC: H04L61/256 ,  H04L12/66 ,  H04L45/745 ,  H04L61/2592 ,  H04L61/5007 ,  H04L101/659

Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPV6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

公开(公告)号：US11954005B2

公开(公告)日：2024-04-09

申请号：US18196367

申请日：2023-05-11

Applicant: VMware LLC

Inventor： Jingmin Zhou ,  Subrahmanyam Manuguri ,  Jayant Jain ,  Anirban Sengupta

IPC: G06F9/44 ,  G06F11/30 ,  G06F40/205 ,  G06V10/94

CPC classification number: G06F11/3072 ,  G06F40/205 ,  G06V10/955

Abstract: In some embodiments, a method stores a plurality of identifiers for a plurality of rules. The plurality of rules each include a set of patterns, and a rule and a pattern combination is associated with an identifier in the plurality of identifiers. Information being sent on a network is scanned and the method determines when a pattern in the information matches a pattern for a rule. The method identifies an identifier for the pattern where the identifier identifies a rule and a pattern combination. Then, the method identifies the rule and the pattern combination based on the identifier. The set of patterns for the rule is found in the information based on determining that the rule and the pattern combinations for the rule have been found in the information.