公开(公告)号：US20190332408A1

公开(公告)日：2019-10-31

申请号：US15961900

申请日：2018-04-25

Applicant: VMware, Inc.

Inventor： Jingchun JIANG ,  Donghai HAN

IPC: G06F9/455 ,  H04L29/06

Abstract: Example methods are provided for a host to perform packet handling based on a microprocessor architecture configuration that includes a first node and a second node. One example method may comprise detecting, from a virtualized computing instance supported by the host, an egress packet for transmission to a destination via one of multiple physical network interface controllers (PNICs) of the host. The method may also comprise: identifying the first node assigned to the virtualized computing instance and selecting a first PNIC associated with the first node assigned to the virtualized computing instance. The multiple PNICs may include the first PNIC, and a second PNIC associated with the second node. The method may further comprise sending the egress packet to the destination via the first PNIC associated with the first node.

公开(公告)号：US20240244053A1

公开(公告)日：2024-07-18

申请号：US18185746

申请日：2023-03-17

Applicant: VMware, Inc.

Inventor： Quan TIAN ,  Wenfeng LIU ,  Jianjun SHEN ,  Donghai HAN

IPC: H04L9/40

CPC classification number: H04L63/0892 ,  H04L63/0245

Abstract: An example method of packet capture in a container orchestration (CO) system includes: receiving, from a user interface executing on a client device, a packet capture request from a user at a packet capture agent executing in a node of the CO system; authenticating and authorizing, by the packet capture agent in cooperation with an application programming interface (API) server executing in a master server of the CO system, the user specified in the packet capture request; capturing, by the packet capture agent, packets from at least one network interface based on the packet capture request; and returning information based on the packets as captured from the packet capture agent to the user interface.

公开(公告)号：US20240028358A1

公开(公告)日：2024-01-25

申请号：US17821232

申请日：2022-08-22

Applicant: VMware, Inc.

Inventor： Danting LIU ,  Qian SUN ,  Jianjun SHEN ,  Wenfeng LIU ,  Donghai HAN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45595 ,  G06F2009/4557

Abstract: Disclosed herein is a system and method for controlling network traffic among namespaces in which various entities, such as virtual machines, pod virtual machines, and a container orchestration system, such as Kubernetes, reside and operate. The entities have access to a network that includes one or more firewalls. The traffic that is permitted to flow over the network among and between the namespaces is defined by a security policy definition. The security policy definition is posted to a master node in a supervisor cluster that supports and provisions the namespaces. The master node invokes a network manager to generate a set of firewall rules and program the one or more firewalls in the network to enforce the rules.

公开(公告)号：US20200213184A1

公开(公告)日：2020-07-02

申请号：US16278198

申请日：2019-02-18

Applicant: VMware, Inc.

Inventor： Qiao HUANG ,  Donghai HAN ,  Qiong WANG ,  Benli YE ,  Xu WANG ,  Jia CHENG

IPC: H04L12/24 ,  H04L12/26

Abstract: Example methods are provided for a network management entity to perform query failure diagnosis in a software-defined networking (SDN) environment. The method may comprise receiving a request to diagnose a query failure; and generating and sending control information to a host to cause the host to inject, at a first network element, a diagnostic packet for transmission along a datapath to a query failure via multiple second network elements. The diagnostic packet may be a query configured according to a query protocol supported by the query server. The method may also comprise: receiving report information associated with the diagnostic packet from at least one of the following: the first network element, the multiple second network elements and the query failure; and based on the report information, determining a diagnosis result associated with the query failure.

公开(公告)号：US20250117236A1

公开(公告)日：2025-04-10

申请号：US18377824

申请日：2023-10-08

Applicant: VMware, Inc.

Inventor： Ziyou WANG ,  Donghai HAN

IPC: G06F9/455

Abstract: Site reliability engineering (SRE) may be provided as a service to software products, such as an on-premises software product residing at a first computing environment. A SRE service site may be hosted at a second computing environment that is remote and separate from the first computing environment. A SRE agent resides at the first computing environment to monitor the software product, and provides information, such as metric data or log information pertaining to the software product, to the SRE service site. A SRE service of the SRE service site performs analysis of the information to identify an issue with the software product, diagnosis to determine a cause of the issue, and identifies a remediation that may be applied by the SRE agent to address the issue.

公开(公告)号：US20250036444A1

公开(公告)日：2025-01-30

申请号：US18451532

申请日：2023-08-17

Applicant: VMware, Inc.

Inventor： Kejia CUI ,  Lele ZHANG ,  Honggang LIU ,  Qi WU ,  Donghai HAN

IPC: G06F9/455

Abstract: An example computing system includes software, executing on a hardware platform, configured to manage hypervisors and a distributed switch executing in a host cluster, the software including a control plane of the distributed switch, the hypervisors providing a data plane of the distributed switch, the host cluster including hosts, the distributed switch supporting features; a host membership manager of the software configured to track which of the hosts in the host cluster are members of a group that executes the distributed switch; a feature manager of the software configured to track which of the features of the distributed switch are enabled; and a compatibility checker of the software configured with compatibility data that relates the features of the distributed switch with hypervisor version requirements.

公开(公告)号：US20240251010A1

公开(公告)日：2024-07-25

申请号：US18185784

申请日：2023-03-17

Applicant: VMware, Inc.

Inventor： DongPing CHEN ,  Jingchun JIANG ,  Bo LIN ,  Xinyang LIU ,  Donghai HAN ,  Xiao LIANG ,  Yi ZENG

IPC: H04L67/101 ,  G06F9/455 ,  H04L67/1008

CPC classification number: H04L67/101 ,  G06F9/45558 ,  H04L67/1008 ,  G06F2009/45595

Abstract: An example method of distributed load balancing in a virtualized computing system includes: configuring, at a logical load balancer, a traffic detector to detect traffic to a virtual internet protocol address (VIP) of an application having a plurality of instances; detecting, at the traffic detector, a first request to the VIP from a client executing in a virtual machine (VM) supported by a hypervisor executing on a first host; sending, by a configuration distributor of the logical load balancer in response to the detecting, a load balancer configuration to a configuration receiver of a local load balancer executing in the hypervisor for configuring the local load balancer to perform load balancing for the VIP at the hypervisor using the load balancer configuration.

公开(公告)号：US20240205184A1

公开(公告)日：2024-06-20

申请号：US18105880

申请日：2023-02-06

Applicant: VMware, Inc.

Inventor： Kejia CUI ,  Lele ZHANG ,  Qi WU ,  Donghai HAN ,  Honggang LIU

IPC: H04L61/50 ,  H04L45/00

CPC classification number: H04L61/50 ,  H04L45/66 ,  H04L2101/622

Abstract: Example methods and systems for media access control (MAC) address assignment for virtual network interface cards (VNICs) are described. One example may involve a first computer system may determining a first MAC address portion that is uniquely associated with the first computer system. A first VNIC may be assigned with a first MAC address that includes (a) the first MAC address portion and (b) a third MAC address portion that is uniquely associated with the first VNIC on the first computer system. A second VNIC may be assigned with a second MAC address that includes (a) the first MAC address portion and (b) a fourth MAC address portion that is uniquely associated with the second VNIC on the first computer system. The first computer system may perform traffic handling by processing packets specifying the first MAC address or the second MAC address.

公开(公告)号：US20210328977A1

公开(公告)日：2021-10-21

申请号：US16852553

申请日：2020-04-20

Applicant: VMware, Inc.

Inventor： Ye LUO ,  Jinjun GAO ,  Qi WU ,  Donghai HAN

IPC: H04L29/06 ,  G06F9/455

Abstract: Example methods and systems for authentication for logical overlay network traffic are described. In one example, a first computer system may detect an inner packet and generate authentication information associated with the inner packet based on control information from a management entity. The authentication information may indicate that the inner packet originates from a trusted zone. The first computer system may further generate an encapsulated packet by encapsulating the inner packet with an outer header that specifies the authentication information, and send the encapsulated packet towards the second virtualized computing instance to cause a second computer system to verify that the inner packet originates from the trusted zone based on the authentication information.

公开(公告)号：US20200213246A1

公开(公告)日：2020-07-02

申请号：US16236282

申请日：2018-12-28

Applicant: VMware, Inc.

Inventor： Feng PAN ,  Xu WANG ,  Qiong WANG ,  Donghai HAN ,  Qi WU

IPC: H04L12/931 ,  G06F15/173

Abstract: Example methods are provided for port mirroring based on remote direct memory access (RDMA) in a software-defined networking (SDN) environment. One example method may comprise obtaining configuration information associated with a port mirroring session between a source logical port supported by a source host and a destination logical port supported by a destination host, and establishing an RDMA-based connection between the source and destination hosts. The method may also comprise: in response to detecting a packet passing through the source logical port, generating a mirrored packet based on the detected packet, and storing, in source memory associated with the source host, the mirrored packet in association with destination information identifying the destination logical port or destination host. The method may further comprise transferring the mirrored packet from the source memory to destination memory associated with the destination host via the RDMA-based connection.