公开(公告)号：US20150058968A1

公开(公告)日：2015-02-26

申请号：US14070360

申请日：2013-11-01

Applicant: VMware, Inc.

Inventor： Hua Wang ,  Jianjun Shen ,  Donghai Han ,  Caixia Jiang ,  Wei Lu ,  Rahul Korivi Subramaniyam

IPC: H04L29/06

CPC classification number: H04L63/0281 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L51/12 ,  H04L61/103 ,  H04L61/2015 ,  H04L61/6013 ,  H04L61/6022 ,  H04L63/0236 ,  H04L63/1441 ,  H04L63/1466

Abstract: Some embodiments use proxies on host devices to suppress broadcast traffic in a network. Each host in some embodiments executes one or more virtual machines (VMs). In some embodiments, a proxy operates on each host between each VM and the underlying network. For instance, in some of these embodiments, a VM's proxy operates between the VM and a physical forwarding element executing on the VM's host. The proxy monitors the VM's traffic, and intercepts broadcast packets when it knows how to deal with them. The proxy connects to a set of one or more controllers that provides a directory service that collects and maintains global information of the network. By connecting to the controller cluster, the proxy can obtain information that it can use to resolve broadcast requests. In some embodiments, the connection between the proxy and the controller cluster is encrypted and authenticated, to enhance the security. Also, in some embodiments, the connection is an indirect connection through an agent that executes on the host device and connects the proxies of the host device with the controller cluster.

Abstract translation: 一些实施例使用主机设备上的代理来抑制网络中的广播流量。 在一些实施例中，每个主机执行一个或多个虚拟机（VM）。 在一些实施例中，代理在每个VM和底层网络之间的每个主机上运行。 例如，在这些实施例中的一些实施例中，VM的代理在VM和在VM主机上执行的物理转发元件之间运行。 代理监视虚拟机的流量，并在知道如何处理广播数据包时拦截广播数据包。 代理连接到一组一个或多个控制器，提供收集和维护网络的全局信息的目录服务。 通过连接到控制器集群，代理可以获取可用于解决广播请求的信息。 在一些实施例中，代理和控制器集群之间的连接被加密和认证，以增强安全性。 而且，在一些实施例中，连接是通过在主机设备上执行并将主机设备的代理与控制器集群连接的代理的间接连接。

公开(公告)号：US20240243942A1

公开(公告)日：2024-07-18

申请号：US18126325

申请日：2023-03-24

Applicant: VMware, Inc.

Inventor： Bin Liu ,  Wenying Dong ,  Ruochen Shen ,  Quan Tian ,  Jianjun Shen

IPC: H04L12/18 ,  H04L45/16

CPC classification number: H04L12/185 ,  H04L45/16

Abstract: The disclosure provides approaches for managing multicast group membership at a node. An approach includes policing whether a pod can join a multicast group based on one or more rules. The approach further includes updating forwarding tables of a virtual switch based on whether the pod is allowed to join the multicast group.

公开(公告)号：US20230300002A1

公开(公告)日：2023-09-21

申请号：US17724433

申请日：2022-04-19

Applicant: VMware, Inc.

Inventor： Jianjun Shen ,  Ran Gu ,  Caixia Jiang ,  Yves Fauser

IPC: H04L12/46 ,  H04L41/122 ,  H04L41/0803 ,  G06F9/54

CPC classification number: H04L12/4645 ,  H04L41/122 ,  H04L41/0803 ,  G06F9/547

Abstract: Some embodiments of the invention provide a method for adding routable subnets to a logical network that connects multiple machines and is implemented by a software defined network (SDN). The method receives an intent-based API that includes a request to add a routable subnet to the logical network. The method defines (i) a VLAN (virtual local area network) tag associated with the routable subnet, (ii) a first identifier associated with a first logical switch to which at least a first machine in the multiple machines that executes a set of containers belonging to the routable subnet attaches, and (iii) a second identifier associated with a second logical switch designated for the routable subnet. The method generates an API call that maps the VLAN tag and the first identifier to the second identifier. The method provides the API call to a management and control cluster of the SDN to direct the management and control cluster to implement the routable subnet.

公开(公告)号：US11698805B2

公开(公告)日：2023-07-11

申请号：US16532098

申请日：2019-08-05

Applicant: VMware, Inc.

Inventor： Da Wan ,  Jianjun Shen ,  Feng Pan ,  Pankaj Thakkar ,  Donghai Han

IPC: G06F9/455 ,  G06F9/50

CPC classification number: G06F9/45558 ,  G06F9/5083 ,  G06F2009/4557 ,  G06F2009/45595

Abstract: In an embodiment, a computer-implemented method for dynamically exchanging runtime state data between datacenters with a gateway using a controller bridge is disclosed. In an embodiment, the method comprises: receiving one or more first runtime state data from one or more logical sharding central control planes (“CCPs”) controlling one or more logical sharding hosts; receiving one or more second runtime state data from a gateway that is controlled by a CCP that also controls one or more physical sharding hosts; aggregating to aggregated runtime state data, the one or more first runtime state data received from the one or more logical sharding CCPs and the one or more second runtime state data received from the gateway; determining updated runtime state data based on the aggregated runtime state data, the one or more first runtime state data, and the one or more second runtime state data; and transmitting the updated runtime state data to at least one of the one or more logical sharding CCPs and the gateway.

公开(公告)号：US11558426B2

公开(公告)日：2023-01-17

申请号：US17006846

申请日：2020-08-30

Applicant: VMware, Inc.

Inventor： Jianjun Shen ,  Wenying Dong ,  Quan Tian ,  Antonin Bas ,  Srikar Tati

IPC: G06F15/173 ,  H04L9/40 ,  G06F9/50 ,  H04L43/045 ,  H04L43/10

Abstract: Some embodiments provide a method for a module executing on a Kubernetes node in a cluster. The method retrieves data regarding ongoing connections processed by a forwarding element executing on the node. The method maps the retrieved data to Kubernetes concepts implemented in the cluster. The method exports the retrieved data along with the Kubernetes concepts to an aggregator that receives data regarding ongoing connections from a plurality of nodes in the cluster.

公开(公告)号：US11196628B1

公开(公告)日：2021-12-07

申请号：US17006847

申请日：2020-08-30

Applicant: VMware, Inc.

Inventor： Jianjun Shen ,  Wenying Dong ,  Quan Tian ,  Antonin Bas

IPC: H04L12/24 ,  H04L12/935

Abstract: Some embodiments provide a method that receives a request for flow entries associated with a particular Kubernetes concept. The method identifies flow entries that match the request. For each flow entry that matches the request, the method generates mapping data that maps elements of the flow entry to additional Kubernetes concepts. The method provides the flow entries with the mapping data in response to the request.

公开(公告)号：US10999196B2

公开(公告)日：2021-05-04

申请号：US16384666

申请日：2019-04-15

Applicant: VMware, Inc.

Inventor： Da Wan ,  Mukesh Hira ,  Feng Gu ,  Jianjun Shen ,  Pankaj Thakkar ,  Donghai Han ,  Wen Feng Liu ,  Tao Ma

IPC: H04L12/715 ,  H04L12/933 ,  H04L12/931 ,  H04L12/46

Abstract: Systems and methods of communicating between a plurality of hosts comprising one or more first hosts controlled by a first control plane and one or more second hosts controlled by a second control plane are disclosed herein. Each of the one or more first hosts runs at least one tunneling endpoint of one or more first tunneling endpoints, and each of the one or more second hosts runs at least one tunneling endpoint of one or more second tunneling endpoint. The method includes storing, at each of the one or more first hosts, a global list identifying at least the one or more second tunneling endpoints. The method further includes receiving a packet at one of the one or more first tunneling endpoints. The method further includes replicating, encapsulating, and transmitting the packet to each of the one or more second tunneling endpoints based on the global list.

公开(公告)号：US20210011781A1

公开(公告)日：2021-01-14

申请号：US16532098

申请日：2019-08-05

Applicant: VMware, Inc.

Inventor： Da Wan ,  Jianjun Shen ,  Feng Pan ,  Pankaj Thakkar ,  Donghai Han

IPC: G06F9/50 ,  G06F9/455

Abstract: In an embodiment, a computer-implemented method for dynamically exchanging runtime state data between datacenters with a gateway using a controller bridge is disclosed. In an embodiment, the method comprises: receiving one or more first runtime state data from one or more logical sharding central control planes (“CCPs”) controlling one or more logical sharding hosts; receiving one or more second runtime state data from a gateway that is controlled by a CCP that also controls one or more physical sharding hosts; aggregating to aggregated runtime state data, the one or more first runtime state data received from the one or more logical sharding CCPs and the one or more second runtime state data received from the gateway; determining updated runtime state data based on the aggregated runtime state data, the one or more first runtime state data, and the one or more second runtime state data; and transmitting the updated runtime state data to at least one of the one or more logical sharding CCPs and the gateway.

公开(公告)号：US20200328967A1

公开(公告)日：2020-10-15

申请号：US16382002

申请日：2019-04-11

Applicant: VMware, Inc.

Inventor： Ziyou Wang ,  Li Sun ,  Anuprem Chalvadi ,  Yanjun Lin ,  Yang Ping ,  Mary Firenze ,  Pierluigi Rolando ,  Yong Feng ,  Raju Koganty ,  Jianjun Shen ,  Medhavi Dhawan

IPC: H04L12/717 ,  H04L12/707 ,  G06F9/455

Abstract: Some embodiments provide a method for assigning different service path identifiers to each of a set of different service paths along each of which a same set of service operations are performed on a set of packets. The method retrieves an available service path identifier from an identifier storage that stores service path identifiers for multiple service paths. The method generates a set of proposed service path identifiers based on the retrieved available service path identifier and the number of service paths in the set of service paths. The method performs a write operation on the identifier storage based on the set of proposed service path identifiers, and based on a determination that the write operation was successful, assigns the set of proposed service path identifiers to the set of service paths. Based on the set of service path identifiers, the method forwards the set of packets along the set of service paths.

公开(公告)号：US20150058463A1

公开(公告)日：2015-02-26

申请号：US14070346

申请日：2013-11-01

Applicant: VMware, Inc.

Inventor： Hua Wang ,  Jianjun Shen ,  Donghai Han ,  Caixia Jiang ,  Wei Lu ,  Rahul Korivi Subramaniyam

IPC: H04L12/58

CPC classification number: H04L63/0281 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L51/12 ,  H04L61/103 ,  H04L61/2015 ,  H04L61/6013 ,  H04L61/6022 ,  H04L63/0236 ,  H04L63/1441 ,  H04L63/1466

Abstract: Some embodiments use proxies on host devices to suppress broadcast traffic in a network. Each host in some embodiments executes one or more virtual machines (VMs). In some embodiments, a proxy operates on each host between each VM and the underlying network. For instance, in some of these embodiments, a VM's proxy operates between the VM and a physical forwarding element executing on the VM's host. The proxy monitors the VM's traffic, and intercepts broadcast packets when it knows how to deal with them. The proxy connects to a set of one or more controllers that provides a directory service that collects and maintains global information of the network. By connecting to the controller cluster, the proxy can obtain information that it can use to resolve broadcast requests. In some embodiments, the connection between the proxy and the controller cluster is encrypted and authenticated, to enhance the security. Also, in some embodiments, the connection is an indirect connection through an agent that executes on the host device and connects the proxies of the host device with the controller cluster.