公开(公告)号：US11853463B1

公开(公告)日：2023-12-26

申请号：US16293513

申请日：2019-03-05

申请人： Styra, Inc.

发明人： Timothy L. Hinrichs ,  Teemu Koponen

IPC分类号： G06F21/62 ,  H04L9/40 ,  H04L67/561

CPC分类号： G06F21/629 ,  H04L63/0807 ,  H04L63/10 ,  H04L67/561 ,  H04L2463/082

摘要： Some embodiments provide a method for enforcing policies for authorizing API (Application Programming Interface) calls to an application operating on a host machine. The method receives a request to authenticate a client attempting to gain access to the application, and authenticates the client based on a first set of parameters associated with the request. Using a second set of parameters associated with the request, the method evaluates a set of one or more policies associated with a set of one or more API calls to the application. Based on the evaluated policies, the method defines a third set of one or more authentication field parameters that control the API calls that the client is authorized to make to the application. The method sends an authentication reply message with the defined third set of authentication field parameters in order to control the API calls that the client is authorized to make.

公开(公告)号：US11838206B2

公开(公告)日：2023-12-05

申请号：US17384211

申请日：2021-07-23

申请人： VMware, Inc.

发明人： Yong Wang ,  Cheng-Chun Tu ,  Sreeram Kumar Ravinoothala ,  Yu Ying

IPC分类号： H04L45/58

CPC分类号： H04L45/58

摘要： Some embodiments of the invention provide a system for implementing multiple logical routers. The system includes a Kubernetes cluster that includes multiple nodes, with each node executing a set of pods. The set of pods include a first pod for performing a first set of data message processing operations for the multiple logical routers and at least one respective separate pod for each respective logical router of the multiple logical routers. Each respective pod is for performing a respective second set of data message processing operations for the respective logical router.

公开(公告)号：US11836551B2

公开(公告)日：2023-12-05

申请号：US17860090

申请日：2022-07-07

申请人： VMware, Inc.

发明人： Giridhar Subramani Jayavelu ,  Amit Singh

IPC分类号： G06F9/54 ,  G06F11/34 ,  G06F11/20 ,  H04L41/40 ,  H04L41/122

CPC分类号： G06F9/546 ,  G06F11/2028 ,  G06F11/3409 ,  H04L41/122 ,  H04L41/40

摘要： To provide a low latency near RT RIC, some embodiments separate the RIC's functions into several different components that operate on different machines (e.g., execute on VMs or Pods) operating on the same host computer or different host computers. Some embodiments also provide high speed interfaces between these machines. Some or all of these interfaces operate in non-blocking, lockless manner in order to ensure that critical near RT RIC operations (e.g., datapath processes) are not delayed due to multiple requests causing one or more components to stall. In addition, each of these RIC components also has an internal architecture that is designed to operate in a non-blocking manner so that no one process of a component can block the operation of another process of the component. All of these low latency features allow the near RT RIC to serve as a high speed IO between the E2 nodes and the xApps.

公开(公告)号：US11831414B2

公开(公告)日：2023-11-28

申请号：US18102687

申请日：2023-01-28

申请人： VMware, Inc.

发明人： Israel Cidon ,  Prashanth Venugopal ,  Aran Bergman ,  Chen Dar ,  Alex Markuze ,  Eyal Zohar

IPC分类号： H04L49/354 ,  H04L49/25 ,  H04L45/00 ,  H04L45/42 ,  H04L67/1097 ,  H04L43/06 ,  H04L43/08 ,  H04L12/46 ,  H04L12/66 ,  H04L41/046 ,  H04L41/0806 ,  H04L43/045 ,  H04L43/0811 ,  H04L45/50 ,  H04L67/10 ,  H04L41/0813 ,  H04L41/142 ,  H04L45/24 ,  H04L49/20 ,  H04L43/026 ,  H04L67/101 ,  H04L41/0803 ,  H04L47/70 ,  H04L61/4511 ,  H04L12/70

CPC分类号： H04L49/354 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/66 ,  H04L41/046 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0813 ,  H04L41/142 ,  H04L43/026 ,  H04L43/045 ,  H04L43/06 ,  H04L43/08 ,  H04L43/0811 ,  H04L45/24 ,  H04L45/38 ,  H04L45/42 ,  H04L45/50 ,  H04L47/827 ,  H04L49/20 ,  H04L49/252 ,  H04L61/4511 ,  H04L67/10 ,  H04L67/101 ,  H04L67/1097 ,  H04L2012/562 ,  H04L2012/5612 ,  H04L2012/5623

摘要： Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

公开(公告)号：US11824931B2

公开(公告)日：2023-11-21

申请号：US17145322

申请日：2021-01-09

申请人： VMware, Inc.

发明人： Shoby A Cherian ,  Anjaneya P. Gondi ,  Hemanth Kalluri ,  Sanjay Vasudev Acharya ,  Marcus Armando Benedetto Campi

IPC分类号： H04L67/1097 ,  H04L69/16 ,  H04L49/10 ,  H04L49/90 ,  G06F3/06 ,  H04L67/12 ,  H04L69/00 ,  G06F16/11 ,  G06F16/182 ,  G06F9/455 ,  H04L49/253 ,  H04L49/00 ,  H04L49/901 ,  G06F13/42 ,  G06F13/10 ,  H04L67/131 ,  H04L67/00 ,  H04L49/111

CPC分类号： H04L67/1097 ,  G06F3/0604 ,  G06F3/067 ,  G06F3/0641 ,  G06F3/0649 ,  G06F3/0664 ,  G06F3/0665 ,  G06F9/455 ,  G06F9/4552 ,  G06F9/45554 ,  G06F9/45558 ,  G06F13/4282 ,  G06F16/116 ,  G06F16/1824 ,  G06F16/1827 ,  H04L49/10 ,  H04L49/253 ,  H04L49/70 ,  H04L49/90 ,  H04L49/901 ,  H04L67/12 ,  H04L69/16 ,  H04L69/26 ,  G06F3/0661 ,  G06F13/102 ,  G06F13/4221 ,  G06F2009/45579 ,  G06F2009/45595 ,  G06F2213/0026 ,  H04L49/111 ,  H04L67/131 ,  H04L67/34

摘要： Some embodiments provide a method of providing distributed storage services to a host computer from a network interface card (NIC) of the host computer. At the NIC, the method accesses a set of one or more external storages operating outside of the host computer through a shared port of the NIC that is not only used to access the set of external storages but also for forwarding packets not related to an external storage. In some embodiments, the method accesses the external storage set by using a network fabric storage driver that employs a network fabric storage protocol to access the external storage set. The method presents the external storage as a local storage of the host computer to a set of programs executing on the host computer. In some embodiments, the method presents the local storage by using a storage emulation layer on the NIC to create a local storage construct that presents the set of external storages as a local storage of the host computer.

公开(公告)号：US11805056B2

公开(公告)日：2023-10-31

申请号：US17902879

申请日：2022-09-04

申请人： Nicira, Inc.

发明人： Jayant Jain ,  Anirban Sengupta

IPC分类号： H04L12/741 ,  H04L45/74 ,  H04L67/10 ,  H04L45/302 ,  H04L12/46 ,  H04L49/20

CPC分类号： H04L45/74 ,  H04L12/4633 ,  H04L45/306 ,  H04L49/20 ,  H04L67/10 ,  H04L12/4641 ,  H04L2212/00

摘要： The disclosure herein describes a system, which provides service switching in a datacenter environment. The system can include a service switching gateway, which can identify a service tag associated with a received packet. During operation, the service switching gateway determines a source client, a requested service, or both for the packet based on the service tag, identifies a corresponding service portal based on the service tag, and forwards the packet toward the service portal. The service switching gateway can optionally maintain a mapping between the service tag and one or more of: a source client, a required service, the service portal, and a tunnel encapsulation. The service switching gateway can encapsulate the packet based on an encapsulation mechanism supported by the service portal and forward the packet based on the mapping.

公开(公告)号：US11805036B2

公开(公告)日：2023-10-31

申请号：US17346255

申请日：2021-06-13

申请人： Nicira, Inc.

发明人： Sami Boutros ,  Stephen Tan ,  Rahul Mishra ,  Kantesh Mundaragi ,  Jayant Jain ,  Akhila Naveen

IPC分类号： H04L12/24 ,  H04L12/26 ,  H04L43/0805 ,  H04L41/0668 ,  H04L43/10

CPC分类号： H04L43/0805 ,  H04L41/0668 ,  H04L43/10

摘要： Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.

公开(公告)号：US11799784B2

公开(公告)日：2023-10-24

申请号：US17569276

申请日：2022-01-05

申请人： VMware, Inc.

发明人： Dexiang Wang ,  Sreeram Kumar Ravinoothala ,  Yong Wang ,  Jerome Catrouillet

IPC分类号： H04L47/2416 ,  H04L47/2425 ,  H04L43/0888 ,  H04L47/122 ,  H04L47/78 ,  H04L47/125

CPC分类号： H04L47/2416 ,  H04L43/0888 ,  H04L47/122 ,  H04L47/125 ,  H04L47/2433 ,  H04L47/781

摘要： A network system that implements quality of service (QoS) by rate limiting at a logical network entity is provided. The logical network entity includes multiple transport nodes for transporting network traffic in and out of the logical network entity. The system monitors traffic loads of the multiple transport nodes of the logical network entity. The system allocates a local CR and a local BS to each of the multiple transport nodes. The allocated local CR and the local BS are determined based on the CR and BS parameters of the logical network entity and based on the monitored traffic loads. Each transport node of the logical network entity in turn controls an amount of data being processed by the transport node based on a token bucket value that is computed based on the local CR and the local BS of the transport node.

公开(公告)号：US11799775B2

公开(公告)日：2023-10-24

申请号：US17361284

申请日：2021-06-28

申请人： Nicira, Inc.

发明人： Vivek Agarwal ,  Ganesan Chandrashekhar ,  Rahul Korivi Subramaniyam ,  Howard Wang ,  Ram Dular Singh

IPC分类号： H04L12/741 ,  H04L45/74 ,  G06F9/455 ,  H04L45/00 ,  H04L12/46 ,  H04L45/02 ,  H04L45/586 ,  H04L47/33 ,  H04L69/325 ,  H04L41/0893 ,  H04L45/44 ,  H04L49/00

CPC分类号： H04L45/74 ,  G06F9/45558 ,  H04L12/4641 ,  H04L41/0893 ,  H04L45/04 ,  H04L45/38 ,  H04L45/44 ,  H04L45/586 ,  H04L45/66 ,  H04L47/33 ,  H04L69/325 ,  G06F2009/45595 ,  H04L49/70

摘要： A LRE (logical routing element) that have LIFs that are active in all host machines spanned by the LRE as well as LIFs that are active in only a subset of those spanned host machines is provided. A host machine having an active LIF for a particular L2 segment would perform the L3 routing operations for network traffic related to that L2 segment. A host machine having an inactive LIF for the particular L2 segment would not perform L3 routing operations for the network traffic of the L2 segment.

公开(公告)号：US11799761B2

公开(公告)日：2023-10-24

申请号：US17571409

申请日：2022-01-07

申请人： VMware, Inc.

发明人： Yong Wang ,  Xinhua Hong ,  Hongwei Zhu

IPC分类号： H04L45/24 ,  H04L45/02 ,  H04L12/46 ,  H04L47/2441 ,  H04L45/7453

CPC分类号： H04L45/24 ,  H04L12/4641 ,  H04L45/02 ,  H04L45/7453 ,  H04L47/2441

摘要： Some embodiments provide a method for forwarding data messages between edge nodes that perform stateful processing on flows between a logical network and an external network. At a particular edge node, the method receives a data message belonging to a flow. The edge nodes use a deterministic algorithm to select one of the edge nodes to perform processing for each flow. The method identifies a first edge node to perform processing for the flow in a previous configuration and a second edge node to perform processing for the flow in a new configuration according to the algorithm. When the first and second edge nodes are different, the method uses a probabilistic filter and a stateful connection tracker to determine whether the flow existed prior to a particular time. When the flow did not exist prior to that time, the method selects the second edge node for the received data message.