-
公开(公告)号:US20230041869A1
公开(公告)日:2023-02-09
申请号:US17971591
申请日:2022-10-22
Applicant: VMware, Inc.
Inventor: Yong Wang , Xinhua Hong , Sreeram Kumar Ravinoothala , Dexiang Wang
Abstract: Some embodiments provide, for a gateway datapath that executes on a gateway device to implement tenant logical routers for multiple different tenant logical networks and process traffic between the tenant logical networks and an external network, a method for managing QoS for the plurality of tenant logical networks. The method receives a data message for a particular tenant logical network. The method executes a set of processing stages to process the data message. The set of processing stages includes a processing stage for a particular tenant logical router of the particular tenant logical network. As part of the processing stage for the particular tenant logical router, the method uses a QoS data structure specific to the particular tenant logical router to determine whether to allow the data message. The gateway device stores at least one separate QoS data structure for each of a set of the tenant logical routers.
-
公开(公告)号:US11483246B2
公开(公告)日:2022-10-25
申请号:US16741457
申请日:2020-01-13
Applicant: VMware, Inc.
Inventor: Yong Wang , Xinhua Hong , Sreeram Ravinoothala , Dexiang Wang
Abstract: Some embodiments provide, for a gateway datapath that executes on a gateway device to implement tenant logical routers for multiple different tenant logical networks and process traffic between the tenant logical networks and an external network, a method for managing QoS for the plurality of tenant logical networks. The method receives a data message for a particular tenant logical network. The method executes a set of processing stages to process the data message. The set of processing stages includes a processing stage for a particular tenant logical router of the particular tenant logical network. As part of the processing stage for the particular tenant logical router, the method uses a QoS data structure specific to the particular tenant logical router to determine whether to allow the data message. The gateway device stores at least one separate QoS data structure for each of a set of the tenant logical routers.
-
公开(公告)号:US11303619B2
公开(公告)日:2022-04-12
申请号:US16893450
申请日:2020-06-05
Applicant: VMware, Inc.
Inventor: Dexiang Wang , Yong Wang
Abstract: Example methods and computer systems for encapsulated encrypted packet handling for receive-side scaling (RSS). One example may comprise a first computer system performing encryption and encapsulation on a first inner packet to generate a first encapsulated encrypted packet that includes (a) a first security protocol header and (b) a first outer header configured based on a first security association (SA). The first encapsulated encrypted packet may be forwarded to cause receive-side processing using a first core of a second computer system based on the first outer header. The first computer system may further perform encryption and encapsulation on a second inner packet to generate a second encapsulated encrypted packet that includes (a) a second security protocol header (b) a second outer header configured based on a second SA. The second encapsulated encrypted packet may be forwarded to cause receive-side processing using a second core based on the second outer header.
-
公开(公告)号:US20220070102A1
公开(公告)日:2022-03-03
申请号:US17008576
申请日:2020-08-31
Applicant: VMware, Inc.
Inventor: Dexiang Wang , Yong Wang , Jerome Catrouillet , Sreeram Ravinoothala
IPC: H04L12/855 , H04L12/66 , H04L29/06 , H04L29/08 , H04L29/12
Abstract: Some embodiments provide a method for a gateway datapath that executes on a gateway device to implement logical routers for a set of logical networks and process traffic between the logical networks and an external network. The method receives a data message at the gateway device. To process the data message, the method executes a set of processing stages that includes a processing stage for a particular logical router. As part of the processing stage for the particular logical router, the method (i) uses an access control list (ACL) table to determine whether the data message is subject to rate limiting controls defined for the particular logical router and (ii) only when the data message is subject to rate limiting controls, determines whether to allow the data message according to a rate limiting mechanism for the particular logical router.
-
公开(公告)号:US20210218677A1
公开(公告)日:2021-07-15
申请号:US16741457
申请日:2020-01-13
Applicant: VMware, Inc.
Inventor: Yong Wang , Xinhua Hong , Sreeram Ravinoothala , Dexiang Wang
IPC: H04L12/851 , H04L12/66
Abstract: Some embodiments provide, for a gateway datapath that executes on a gateway device to implement tenant logical routers for multiple different tenant logical networks and process traffic between the tenant logical networks and an external network, a method for managing QoS for the plurality of tenant logical networks. The method receives a data message for a particular tenant logical network. The method executes a set of processing stages to process the data message. The set of processing stages includes a processing stage for a particular tenant logical router of the particular tenant logical network. As part of the processing stage for the particular tenant logical router, the method uses a QoS data structure specific to the particular tenant logical router to determine whether to allow the data message. The gateway device stores at least one separate QoS data structure for each of a set of the tenant logical routers.
-
Patent Agency Ranking
16.发明授权公开(公告)号:US11063903B2
公开(公告)日:2021-07-13
申请号:US15950983
申请日:2018-04-11
Applicant: VMWARE, INC.
Inventor: Daniel G. Wing , Dexiang Wang , Nidheesh Dubey
Abstract: The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.
-
17.发明授权公开(公告)号:US11936613B2
公开(公告)日:2024-03-19
申请号:US17371490
申请日:2021-07-09
Applicant: VMware, Inc.
Inventor: Daniel G. Wing , Dexiang Wang , Nidheesh Dubey
IPC: H04L61/256 , G06F9/455 , H04L9/08 , H04L9/40 , H04L12/46 , H04L61/2557 , H04L61/2592 , H04L67/563
CPC classification number: H04L61/256 , G06F9/45558 , H04L9/0861 , H04L12/4633 , H04L61/2557 , H04L61/2592 , H04L63/029 , H04L63/0428 , H04L63/061 , H04L67/563 , G06F2009/45595
Abstract: The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.
-
公开(公告)号:US20240015105A1
公开(公告)日:2024-01-11
申请号:US18371454
申请日:2023-09-22
Applicant: VMware, Inc.
Inventor: Dexiang Wang , Sreeram Kumar Ravinoothala , Yong Wang , Jerome Catrouillet
IPC: H04L43/0894 , H04L47/2416
CPC classification number: H04L43/0894 , H04L47/2416
Abstract: A network system that implements quality of service (QoS) by rate limiting at a logical network entity is provided. The logical network entity includes multiple transport nodes for transporting network traffic in and out of the logical network entity. The system monitors traffic loads of the multiple transport nodes of the logical network entity. The system allocates a local CR and a local BS to each of the multiple transport nodes. The allocated local CR and the local BS are determined based on the CR and BS parameters of the logical network entity and based on the monitored traffic loads. Each transport node of the logical network entity in turn controls an amount of data being processed by the transport node based on a token bucket value that is computed based on the local CR and the local BS of the transport node.
-
公开(公告)号:US20230239378A1
公开(公告)日:2023-07-27
申请号:US17581674
申请日:2022-01-21
Applicant: VMware, Inc.
Inventor: Yong Wang , Guolin Yang , Eduard Serra Miralles , Dexiang Wang , Qing Chang
CPC classification number: H04L69/22 , H04L47/6235 , H04L47/78 , H04L47/31
Abstract: Described herein are systems, methods, and software to manage the identification of control packets in an encapsulation header. In one implementation, a computing system may receive a Geneve packet at a network interface and determine that the Geneve packet includes an Operations and Management (OAM) flag. Once the OAM flag is identified, the computing system can select a processing queue from a plurality of processing queues for a main processing system of the computing system based on the OAM flag and assign the Geneve packet to the processing queue.
-
公开(公告)号:US11700166B2
公开(公告)日:2023-07-11
申请号:US17107170
申请日:2020-11-30
Applicant: VMware, Inc.
Inventor: Xinhua Hong , Dexiang Wang , Sharath Bhat , Xinghua Hu , Jia Yu
IPC: H04L41/0668 , H04L43/0817 , H04L12/18 , H04L12/46
CPC classification number: H04L41/0668 , H04L12/1868 , H04L12/4679 , H04L43/0817
Abstract: In an embodiment, a computer-implemented method for a MAC addresses synchronization mechanism for a bridge port failover is disclosed. In an embodiment, the method comprises: upon detecting a failover of a previously active bridge node, a standby bridge node performing: detecting a failover of a previously active bridge node; sending a request to one or more hosts to cause the one or more hosts to remove, from one or more corresponding forwarding tables, one or more MAC addresses, of one or more virtual machines, that the one or more hosts learned based on communications tunnels established with the previously active bridge node; for each MAC address stored in a MAC-SYNC table maintained by the standby bridge node: generating a first-type reverse address resolution protocol (“RARP”) packet having a source MAC address retrieved from the MAC-SYNC table; broadcasting the first RARP message to a virtual extensible LAN (“VXLAN”) switch via a bridge port of the VXLAN switch for the VXLAN switch to register the MAC address on the bridge port; storing an association of the MAC address and an identifier of the bridge port in a forwarding table maintained by the standby bridge node; for each MAC address that is stored in the forwarding table, but not in the MAC-SYNC table: generating a second-type RARP packet with such a MAC address to be the source MAC address; broadcasting the second RARP message from the VXLAN switch to a VLAN switch causing a physical switch to update a forwarding table maintained by the physical switch; and starting to forward traffic, via the bridge port, as an active bridge node.
-
-
-
-
-
-
-
-
-
Search Results
27
records
(took 0.021 seconds)
