公开(公告)号：US11424958B2

公开(公告)日：2022-08-23

申请号：US16866621

申请日：2020-05-05

Applicant: VMWARE, INC.

Inventor： Sarthak Ray ,  Sourabh Bhattacharya ,  Awan Kumar Sharma ,  Yong Wang

IPC: H04L12/46 ,  H04L7/00 ,  H04L69/16 ,  H04L12/66 ,  H04L9/40 ,  H04L47/36 ,  H04L9/06

Abstract: Described herein are systems, methods, and software to manage maximum segment size (MSS) values associated with multiple tunnels according to an implementation. In one implementation, a gateway may obtain a Transmission Control Protocol (TCP) synchronize (SYN) packet from a computing node. The gateway may identify a tunnel associated with the TCP SYN packet, determine a maximum segment size (MSS) value based on the overhead associated with the tunnel, and replace a first MSS value in the TCP SYN packet with the MSS value determined by the gateway. Once added, the gateway may encapsulate the TCP SYN packet and communicate the packet to a second gateway.

公开(公告)号：US11277382B2

公开(公告)日：2022-03-15

申请号：US16517670

申请日：2019-07-22

Applicant: VMware, Inc.

Inventor： Peng Li ,  Guolin Yang ,  Yong Wang ,  Wenyi Jiang ,  Boon Seong Ang

IPC: H04L29/06 ,  G06F9/455

Abstract: Example methods and computer systems are provided for filter-based packet handling at a virtual network adapter. The method may comprise: receiving an ingress packet destined for the virtualized computing instance that is supported by the host and connected to the virtual network adapter; and matching the ingress packet to one of multiple filters configured for the virtual network adapter. The multiple filters may include a first filter specifying one or more first packet characteristics and a second filter specifying one or more second packet characteristics. The method may also comprise: in response to matching the ingress packet to the first filter, assigning the ingress packet to a first packet queue; and in response to matching the ingress packet to the second filter, assigning the ingress packet to a second packet queue.

公开(公告)号：US11102186B2

公开(公告)日：2021-08-24

申请号：US15963187

申请日：2018-04-26

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Xinhua Hong ,  Kai-Wei Fan

IPC: H04L29/06 ,  H04L12/24

Abstract: Example methods are provided for a network device to perform packet capture in a software-defined networking (SDN) environment. One example method may comprise detecting an egress packet that includes an inner header addressed from a first node to a second node; and identifying a security policy applicable to the egress packet by comparing one or more fields in the inner header with one or more match fields specified by the security policy. The method may further comprise: based on the security policy, capturing the egress packet in an unencrypted form; performing encryption on the egress packet to generate an encrypted packet that includes the egress packet in an encrypted form; and sending the encrypted packet to the second node.

公开(公告)号：US20210255903A1

公开(公告)日：2021-08-19

申请号：US16795376

申请日：2020-02-19

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Mani Kancherla ,  Kevin Li ,  Sreeram Ravinoothala ,  Mochi Xue

IPC: G06F9/50 ,  G06F9/54

Abstract: Some embodiments provide a method for updating a core allocation among processes of a gateway datapath executing on a gateway computing device having multiple cores. The gateway datapath processes include a first set of data message processing processes to which a first set of the cores are allocated and a second set of processes to which a second set of the cores are allocated in a first core allocation. Based on data regarding usage of the cores, the method determines a second core allocation that allocates a third set of the cores to the first set of processes and a fourth set of the cores to the second set of processes. The method updates a load balancing operation to load balance received data messages over the third set of cores rather than the first set of cores. The method reallocates the cores from the first allocation to the second allocation.

公开(公告)号：US10778544B2

公开(公告)日：2020-09-15

申请号：US16105420

申请日：2018-08-20

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Eduard Serra Miralles ,  David James LeRoy

IPC: H04L12/863 ,  H04L12/931 ,  H04L12/26 ,  H04L12/24

Abstract: Described herein are systems, methods, and software to enhance network traffic management. In one implementation, upon initialization of a computing system, the computing system may select one or more processing queues from a plurality of processing of processing queues to filter control packets of at least one software defined network. The computing system may further configure a network interface to filter the control packets to the identified one or more processing queues.

公开(公告)号：US20160182382A1

公开(公告)日：2016-06-23

申请号：US14574336

申请日：2014-12-17

Applicant: VMware, Inc.

Inventor： Lenin Singaravelu ,  Jin Heo ,  Jui-Ting Weng ,  Ayyappan Veeraiyan ,  Yong Wang

IPC: H04L12/815 ,  H04L29/08 ,  H04L12/26

CPC classification number: H04L67/16 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L49/70

Abstract: A method of optimizing network processing in a system comprising a physical host and a set of physical network interface controllers (PNICs) is provided. The physical host includes a forwarding element. The method includes determining that a set of conditions is satisfied to bypass the forwarding element for exchanging packets between a particular data compute node (DCN) and a particular PNIC. The set of conditions includes the particular DCN being the only DCN connected to the forwarding element and the particular PNIC being the only PNIC connected to the forwarding element. The method exchanges packets between the particular DCN and the particular PNIC bypassing the forwarding element. The method determines that at least one condition in said set of conditions is not satisfied. The method utilizes the forwarding element to exchange packets between the particular DCN and the particular PNIC.

Abstract translation: 提供了一种在包括物理主机和一组物理网络接口控制器（PNIC）的系统中优化网络处理的方法。 物理主机包括转发元素。 该方法包括确定满足一组条件以绕过用于在特定数据计算节点（DCN）和特定PNIC之间交换分组的转发元件。 该组条件包括特定DCN是连接到转发元件的唯一DCN，特定的PNIC是连接到转发元件的唯一PNIC。 该方法在特定DCN和绕过转发元件的特定PNIC之间交换数据包。 该方法确定不满足所述条件集合中的至少一个条件。 该方法利用转发元件在特定DCN和特定PNIC之间交换分组。

公开(公告)号：US11824780B2

公开(公告)日：2023-11-21

申请号：US17502081

申请日：2021-10-15

Applicant: VMWARE, INC.

Inventor： Yong Wang ,  Awan Kumar Sharma ,  Xinhua Hong ,  Abhishek Goliya

IPC: H04L12/747 ,  H04L12/66 ,  H04L12/46 ,  H04L45/74

CPC classification number: H04L45/742 ,  H04L12/4633 ,  H04L12/66 ,  H04L2212/00

Abstract: Described herein are systems, methods, and software to manage the selection of an edge gateway or edge for processing a packet. In one implementation, a first edge may receive a packet and hash addressing information in the packet to select a second edge to process the packet. The first edge may further forward the packet to the second edge, permitting the second edge to process the packet. Once processed, the second edge may forward the packet to a destination host computing system and notify the host computing system to use the second edge for response packets directed at a source internet protocol (IP) address in the packet.

公开(公告)号：US20230143157A1

公开(公告)日：2023-05-11

申请号：US17564274

申请日：2021-12-29

Applicant: VMWARE, INC.

Inventor： Deepika Solanki ,  Yong Wang ,  Sarthak Ray

IPC: H04L9/40

CPC classification number: H04L63/029 ,  H04L63/162 ,  H04L63/0428

Abstract: The disclosure provides an approach for logical switch level load balancing of Layer 2 virtual private network (L2VPN) traffic. A method of securing communications with a peer gateway generally includes establishing, at a virtual tunnel interface of a local gateway, a plurality of security tunnels with the peer gateway. Each of the plurality of security tunnels is associated with a different set of one or more layer 2 segments and with one or more security associations (SAs) with the peer gateway. The method generally includes receiving a packet, at the local gateway, via a first L2 segment. The method generally includes selecting one of the plurality of security tunnels and an SA associated with the selected security tunnel based on the L2 segment via which the packet was received. The method generally includes encrypting and encapsulating the packet based on the selected security tunnel and SA.

公开(公告)号：US11599395B2

公开(公告)日：2023-03-07

申请号：US16795376

申请日：2020-02-19

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Mani Kancherla ,  Kevin Li ,  Sreeram Ravinoothala ,  Mochi Xue

IPC: G06F9/46 ,  G06F9/50 ,  G06F9/54

Abstract: Some embodiments provide a method for updating a core allocation among processes of a gateway datapath executing on a gateway computing device having multiple cores. The gateway datapath processes include a first set of data message processing processes to which a first set of the cores are allocated and a second set of processes to which a second set of the cores are allocated in a first core allocation. Based on data regarding usage of the cores, the method determines a second core allocation that allocates a third set of the cores to the first set of processes and a fourth set of the cores to the second set of processes. The method updates a load balancing operation to load balance received data messages over the third set of cores rather than the first set of cores. The method reallocates the cores from the first allocation to the second allocation.

公开(公告)号：US20230037171A1

公开(公告)日：2023-02-02

申请号：US17507832

申请日：2021-10-22

Applicant: VMWARE, INC.

Inventor： JAYANT JAIN ,  Xinhua Hong ,  Yong Wang ,  Abhishek Goliya ,  Kai-Wei Fan

IPC: H04L9/40 ,  H04L12/66 ,  H04L45/586 ,  H04L61/5007 ,  H04L45/02 ,  H04L45/28

Abstract: Described herein are systems, methods, and software to manage state information and failover between edge gateways (edges) in a computing environment. In one example, a first edge receives state information associated with one or more logical routers on a second edge. The first edge further identifies a failure in association with the second edge and, in response to the failure, make one or more logical routers available in the first edge to operate in place of the one or more logical routers in the second edge based on the state information.