公开(公告)号：US20220103487A1

公开(公告)日：2022-03-31

申请号：US17114994

申请日：2020-12-08

Applicant: VMware, Inc.

Inventor： Boon S. Ang ,  Wenyi Jiang ,  Guolin Yang ,  Jin Heo ,  Srividya Murali

IPC: H04L12/927 ,  H04L12/911 ,  H04L12/721 ,  H04L12/935

Abstract: Some embodiments of the invention provide a method for configuring a physical network card or physical network controller (pNIC) to provide flow processing offload (FPO) for a host computer connected to the pNIC. The host computers host a set of compute nodes in a virtual network. The set of compute nodes are each associated with a set of interfaces that are each assigned a locally-unique virtual port identifier (VPID) by a flow processing and action generator. The pNIC includes a set of interfaces that are assigned physical port identifiers (PPIDs) by the pNIC. The method includes providing the pNIC with a set of mappings between VPIDs and PPIDs. The method also includes sending updates to the mappings as compute nodes migrate, connect to different interfaces of the pNIC, are assigned different VPIDs, etc. In some embodiments, the flow processing and action generator executes on processing units of the host computer, while in other embodiments, the flow processing and action generator executes on a set of processing units of a pNIC that includes flow processing hardware and a set of programmable processing units.

公开(公告)号：US20230370429A1

公开(公告)日：2023-11-16

申请号：US18227713

申请日：2023-07-28

Applicant: VMware, Inc.

Inventor： Vignesh Raghuraman ,  Guolin Yang ,  Boon S. Ang ,  Prerit Rodney ,  Rajeev Nair ,  Ashwin Mahesh Shroff

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/0263 ,  H04L12/4633 ,  H04L63/0236 ,  H04L63/20

Abstract: Some embodiments of the invention provide a method of upgrading a firewall module executing on a host computer to process traffic sent to and from machines executing on the host computer. While a first version of the firewall module executes on the host computer to process the traffic to and from the machines, the method loads a second version of the firewall module alongside the first version of the firewall module. For each of multiple ports associated with machines executing on the host computer for which the firewall module processes traffic sent to and from the port, the method saves a runtime state of the first version that relates to the port, transfers association of a firewall filter associated with the port from the first version to the second version, and restores the saved runtime state for the port to the second version.

公开(公告)号：US11750532B2

公开(公告)日：2023-09-05

申请号：US16934020

申请日：2020-07-21

Applicant: VMware, Inc.

Inventor： Wenyi Jiang ,  Boon Seong Ang ,  Guolin Yang ,  Ying Gross

IPC: H04L49/00 ,  H04L12/46 ,  H04L45/74

CPC classification number: H04L49/3009 ,  H04L12/4641 ,  H04L45/74 ,  H04L49/3063 ,  H04L2212/00

Abstract: Example methods and systems for logical network packet handling are described. In one example, a physical network interface controller (PNIC) may receive an ingress encapsulated packet associated with a packet flow via a physical network. The ingress encapsulated packet may include an outer header and an inner packet that is destined for a virtualized computing instance. The ingress encapsulated packet may be steered towards a processing pipeline for processing to generate a processed packet. The processing pipeline may include (a) retrieving a logical network policy associated with the packet flow from a datastore on the PNIC; and (b) performing decapsulation to remove the outer header and one or more actions on the inner packet according to the logical network policy. The processed packet may be forwarded towards the virtualized computing instance via a virtual function supported by the PNIC or a physical network connected to the PNIC.

公开(公告)号：US20230198833A1

公开(公告)日：2023-06-22

申请号：US17560153

申请日：2021-12-22

Applicant: VMware, Inc.

Inventor： Boon S. Ang ,  Wenyi Jiang ,  Guolin Yang ,  Jin Heo

IPC: H04L41/0803 ,  G06F9/455

CPC classification number: H04L41/0803 ,  G06F9/45558 ,  G06F2009/45595

Abstract: Some embodiments provide a method for a first smart NIC of multiple smart NICs of a host computer. Each of the smart NICs is for performing virtual networking operations for a set of data compute machines executing on the host computer. The method determines that the first smart NIC is elected to communicate with a network management and control system that configures the virtual networking operations. The method receives a set of configuration data for the virtual networking operations from the network management and control system. The method provides the received set of configuration data to the other smart NICs of the host computer.

公开(公告)号：US11606310B2

公开(公告)日：2023-03-14

申请号：US17114975

申请日：2020-12-08

Applicant: VMware, Inc.

Inventor： Boon S. Ang ,  Wenyi Jiang ,  Guolin Yang ,  Jin Heo ,  Srividya Murali

IPC: H04L12/801 ,  H04L47/80 ,  H04L49/00 ,  H04L45/00 ,  H04L47/78 ,  H04L47/12 ,  H04L49/109

Abstract: Some embodiments of the invention provide a method for providing flow processing offload (FPO) for a host computer at a physical network interface card (pNIC) connected to the host computer. A set of compute nodes executing on the host computer are each associated with a set of interfaces that are each assigned a locally-unique virtual port identifier (VPID) by a flow processing and action generator. The pNIC includes a set of interfaces that are assigned physical port identifiers (PPIDs) by the pNIC. The method includes receiving a data message at an interface of the pNIC and matching the data message to a stored flow entry that specifies a destination using a VPID. The method also includes identifying, using the VPID, a PPID as a destination of the received data message by performing a lookup in a mapping table storing a set of VPIDs and a corresponding set of PPIDs and forwarding the data message to an interface of the pNIC associated with the identified PPID.

公开(公告)号：US20220317990A1

公开(公告)日：2022-10-06

申请号：US17223959

申请日：2021-04-06

Applicant: VMware, Inc.

Inventor： Vignesh Raghuraman ,  Guolin Yang ,  Boon S. Ang ,  Prerit Rodney ,  Rajeev Nair ,  Ashwin Mahesh Shroff

IPC: G06F8/65 ,  H04L29/06

Abstract: Some embodiments of the invention provide a method of upgrading software defined networking (SDN) modules executing on a host computer. While a first version of the SDN modules is executing on the host computer to perform traffic processing, the method loads a second version of the SDN modules alongside the first version of the SDN modules such that the first and second versions of the SDN modules are executing on the host computer at the same time. The method saves runtime states from the first version of the SDN modules, and transfers responsibility for performing traffic processing from the first version of the SDN modules to the second version of the SDN modules. The method then restores the saved runtime states to the second version of the SDN modules.

公开(公告)号：US11340932B2

公开(公告)日：2022-05-24

申请号：US16751193

申请日：2020-01-23

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Boon Seong Ang ,  Guolin Yang ,  Wenyi Jiang

IPC: G06F15/16 ,  G06F9/455 ,  G06F9/50 ,  H04L43/0817 ,  H04L43/16 ,  H04L12/46 ,  G06F9/54

Abstract: Example methods and systems for packet handling based on a multiprocessor architecture configuration are provided. One example method may comprise: in response to receiving a first ingress packet that requires processing by a first virtual central processing unit (VCPU) running on the first node, steering the first ingress packet towards a first receive (RX) queue and performing local memory access on the first node to access the first ingress packet from the first RX queue. The method may also comprise: in response to receiving a second ingress packet that requires processing by a second VCPU running on the second node, steering the second ingress packet towards a second RX queue and performing local memory access on the second node to access the second ingress packet from the second RX queue.

公开(公告)号：US11196651B2

公开(公告)日：2021-12-07

申请号：US16661879

申请日：2019-10-23

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Boon Ang ,  Guolin Yang ,  Wenyi Jiang

IPC: H04L12/26 ,  H04L12/46 ,  H04L12/24 ,  H04L29/08

Abstract: Some embodiments provide a method for monitoring the status of a network connection between first and second host computers. The method is performed in some embodiments by a tunnel monitor executing on the first host computer that also separately executes a machine, where the machine uses a tunnel to send and receive messages to and from the second host computer. The method establishes a liveness channel with the machine to iteratively determine whether the first machine is operational. The method further establishes a monitoring session with the second host computer to iteratively determine whether the tunnel is operational. When a determination is made through the liveness channel that the machine is no longer operational, the method terminates the monitoring session with the second host computer. When a determination is made that the tunnel is no longer operational, the method notifies the machine through the liveness channel.

公开(公告)号：US11811559B2

公开(公告)日：2023-11-07

申请号：US16934019

申请日：2020-07-21

Applicant: VMware, Inc.

Inventor： Wenyi Jiang ,  Boon Seong Ang ,  Guolin Yang ,  Ying Gross

IPC: H04L12/46 ,  H04L41/0893 ,  H04L43/028 ,  H04L49/00 ,  G06F9/455

CPC classification number: H04L12/4645 ,  G06F9/45558 ,  H04L12/4633 ,  H04L41/0893 ,  H04L43/028 ,  H04L49/70 ,  G06F2009/45579 ,  G06F2009/45595

Abstract: Example methods and systems for logical network packet handling are described. In one example, a physical network interface controller (PNIC) may receive an egress packet associated with a packet flow via a first virtual function supported by the PNIC. The PNIC may steer the egress packet towards a processing pipeline by applying a filter associated with the first virtual function or content of the egress packet, or both. The egress packet may be processed using the processing pipeline to generate a processed packet by (a) retrieving a logical network policy associated with the packet flow from a datastore on the PNIC and (b) performing one or more actions according to the logical network policy. The processed packet may be forwarded towards the destination via a second virtual function supported by the PNIC or a physical network connected to the PNIC.

公开(公告)号：US11740887B2

公开(公告)日：2023-08-29

申请号：US17223959

申请日：2021-04-06

Applicant: VMware, Inc.

Inventor： Vignesh Raghuraman ,  Guolin Yang ,  Boon S. Ang ,  Prerit Rodney ,  Rajeev Nair ,  Ashwin Mahesh Shroff

IPC: G06F8/65 ,  H04L9/40

CPC classification number: G06F8/65 ,  H04L63/02

Abstract: Some embodiments of the invention provide a method of upgrading software defined networking (SDN) modules executing on a host computer. While a first version of the SDN modules is executing on the host computer to perform traffic processing, the method loads a second version of the SDN modules alongside the first version of the SDN modules such that the first and second versions of the SDN modules are executing on the host computer at the same time. The method saves runtime states from the first version of the SDN modules, and transfers responsibility for performing traffic processing from the first version of the SDN modules to the second version of the SDN modules. The method then restores the saved runtime states to the second version of the SDN modules.