公开(公告)号：US11196591B2

公开(公告)日：2021-12-07

申请号：US16112602

申请日：2018-08-24

Applicant: VMware, Inc.

Inventor： Mukesh Hira ,  Su Wang ,  Rahul Jain ,  Ganesan Chandrashekhar ,  Sandeep Siroya

IPC: H04L12/66 ,  H04L12/721 ,  H04L29/08 ,  H04L12/741

Abstract: Some embodiments provide a centralized overlay-network cloud gateway and a set of centralized services in a transit virtual private cloud (VPC) connected to multiple other compute VPCs hosting compute nodes (VMs, containers, etc.) that are part of (belong to) the overlay network. The centralized overlay-network cloud gateway provides connectivity between compute nodes of the overlay network (e.g., a logical network spanning multiple VPCs) and compute nodes in external networks. Some embodiments use the centralized overlay-network cloud gateway to provide transitive routing (e.g., routing through a transit VPC) in the absence of direct peering between source and destination VPCs. The overlay network, of some embodiments, uses the same subnetting and default gateway address for each compute node as the cloud provider network provided by the virtual private cloud provider.

公开(公告)号：US10892989B2

公开(公告)日：2021-01-12

申请号：US16251080

申请日：2019-01-18

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04L12/28 ,  H04L12/741 ,  G06F9/455 ,  H04L12/46 ,  H04L12/931

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US11848800B2

公开(公告)日：2023-12-19

申请号：US17510141

申请日：2021-10-25

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Mukesh Hira

IPC: H04L12/46 ,  H04L45/586 ,  H04L61/2521 ,  H04L45/64 ,  H04L61/5061

CPC classification number: H04L12/4641 ,  H04L45/586 ,  H04L45/64 ,  H04L61/2535 ,  H04L61/5061

Abstract: A system and method for connecting virtual computer networks in a public cloud computing environment using a transit virtual computer network uses a cloud gateway device in the transit virtual computer network that includes a first-tier logical router and a plurality of second-tier logical routers connected to the virtual computer networks. A source Internet Protocol (IP) address of outgoing data packets from a particular virtual computer network is translated at a particular second-tier logical router of the cloud gateway device from an IP address of the particular virtual computer network to an internal IP address from a particular pool of IP addresses. The outgoing data packets are then routed to the first-tier logical router of the cloud gateway device, where the outgoing data packets are transmitted a destination network from a particular interface of the first-tier logical router of the cloud gateway device.

公开(公告)号：US20230393881A1

公开(公告)日：2023-12-07

申请号：US18324373

申请日：2023-05-26

Applicant: VMware Inc.

Inventor： Brian Masao Oki ,  George Gregory Hicken ,  Mukesh Hira ,  Leonid Livshin ,  Ivaylo Vladimirov Loboshki ,  Ivaylo Radoslavov Radev ,  Alkesh Shah ,  Jianjun Shen ,  Abhishek Ajit Srivastava ,  Konstantinos Roussos ,  Stanimir Plamenov Lukanov ,  Anton Valentinov Donchevski ,  Georgi Lyubomirov Dimitrov

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45566 ,  G06F2009/45591

Abstract: Systems, apparatus, articles of manufacture, and methods are disclosed to manage a deployment of virtual machines in a cluster by, in a first host of a plurality of hosts, monitor, with first control plane services, an availability of second control plane services at a second host of the plurality of hosts, wherein the first control plane services and the second control plane services support implementation of application programming interface (API) requests in association with managing a cluster, after a determination that the second control plane services at the second host is not available, assign the first control plane services at the first host to operate in place of the second control plane services at the second host, and in the first host, assign, via the first control plane services at the first host, resources of one or more hosts in the cluster to support the API request.

公开(公告)号：US11627080B2

公开(公告)日：2023-04-11

申请号：US16251083

申请日：2019-01-18

Applicant: VMware, Inc.

Inventor： Mukesh Hira ,  Rahul Jain

IPC: H04L12/46 ,  H04L12/28 ,  H04L12/66 ,  H04L41/122 ,  H04W72/04 ,  H04L41/12 ,  H04L45/302 ,  H04L49/20 ,  H04L45/745 ,  G06F9/455 ,  H04L45/02 ,  H04L49/354 ,  H04L49/00 ,  H04L69/22

Abstract: Example methods are provided a network device to perform service insertion in a public cloud environment that includes a first virtual network and a second virtual network. In one example method, in response to receiving a first encapsulated packet from a first virtualized computing instance located in the first virtual network, the network device may generate a decapsulated packet by performing decapsulation to remove, from the first encapsulated packet. The method may also comprise identifying a service path specified by a service insertion rule, and sending the decapsulated packet to the service path to cause the service path to process the decapsulated packet according to one or more services. The method may further comprise: in response to the network device receiving the decapsulated packet processed by the service path, sending the decapsulated packet, or generating and sending a second encapsulated packet, towards a destination address.

公开(公告)号：US11177978B2

公开(公告)日：2021-11-16

申请号：US16525426

申请日：2019-07-29

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Mukesh Hira

IPC: H04L12/46 ,  H04L12/713 ,  H04L29/12 ,  H04L12/715

Abstract: A system and method for connecting virtual computer networks in a public cloud computing environment using a transit virtual computer network uses a cloud gateway device in the transit virtual computer network that includes a first-tier logical router and a plurality of second-tier logical routers connected to the virtual computer networks. A source Internet Protocol (IP) address of outgoing data packets from a particular virtual computer network is translated at a particular second-tier logical router of the cloud gateway device from an IP address of the particular virtual computer network to an internal IP address from a particular pool of IP addresses. The outgoing data packets are then routed to the first-tier logical router of the cloud gateway device, where the outgoing data packets are transmitted a destination network from a particular interface of the first-tier logical router of the cloud gateway device.

公开(公告)号：US20210194807A1

公开(公告)日：2021-06-24

申请号：US17133555

申请日：2020-12-23

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04L12/741 ,  G06F9/455 ,  H04L12/46 ,  H04L12/931

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US20200067733A1

公开(公告)日：2020-02-27

申请号：US16112597

申请日：2018-08-24

Applicant: VMware, Inc.

Inventor： Mukesh Hira ,  Su Wang ,  Rahul Jain ,  Ganesan Chandrashekhar ,  Sandeep Siroya

IPC: H04L12/66 ,  H04L12/741 ,  H04L29/08 ,  H04L12/721 ,  H04L12/46

Abstract: Some embodiments provide a centralized overlay-network cloud gateway and a set of centralized services in a transit virtual cloud network (VCN) connected to multiple other compute VCNs hosting compute nodes (VMs, containers, etc.) that are part of (belong to) the overlay network. The centralized overlay-network cloud gateway provides connectivity between compute nodes of the overlay network (e.g., a logical network spanning multiple VCNs) and compute nodes in external networks. Some embodiments use the centralized overlay-network cloud gateway to provide transitive routing (e.g., routing through a transit VCN) in the absence of direct peering between source and destination VCNs. The overlay network, of some embodiments, uses the same subnetting and default gateway address for each compute node as the cloud provider network provided by the virtual private cloud provider.

公开(公告)号：US11831610B2

公开(公告)日：2023-11-28

申请号：US16938989

申请日：2020-07-26

Applicant: VMWARE, INC.

Inventor： Vaibhav Kulkarni ,  Ganesan Chandrashekhar ,  Mukesh Hira ,  Akshay Katrekar ,  Prashant Mane ,  Rompicherla Sai Pavan Kumar ,  Sachin Kalkur ,  Amey Borkar

IPC: H04L9/40 ,  G06F9/455

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  H04L63/104 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: A system and method for using private native security groups and private native firewall policy rules for a private cloud computing environment and a public cloud computing environment uses a public cloud gateway for routing data traffic between at least a cloud network created in the public cloud computing environment and the private cloud computing environment. For each of some private native firewall policy rules that has any of newly created private native security groups as one of source and destination, a cloud native security group (CNSG) rule object with an CNSG outbound rule object and an CNSG inbound rule object for the public cloud is created and at least one of the CNSG outbound rule object and the CNSG inbound rule object is updated so that the private native firewall policy rule can be used in the cloud network.

公开(公告)号：US11689522B2

公开(公告)日：2023-06-27

申请号：US17010052

申请日：2020-09-02

Applicant: VMWARE, INC.

Inventor： Vaibhav Kulkarni ,  Mukesh Hira ,  Akshay Katrekar ,  Suyash Vishwas Gogte ,  Prem Shankar Sharma ,  Nikolay Semenov ,  Saqib Raza

IPC: H04L9/40 ,  G06F9/455 ,  H04L67/10 ,  H04L67/53

CPC classification number: H04L63/0823 ,  G06F9/45558 ,  H04L63/0236 ,  H04L63/20 ,  H04L67/10 ,  H04L67/53 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: System and computer-implemented method for secure hybrid cloud connectivity between an application in a public cloud service and an on-premises service supported by an on-premises appliance includes launching a public cloud gateway appliance in the public cloud service. The public cloud gateway appliance is configured with security information associated with the on-premises appliance. The on-premises appliance is provided with contact information associated with the public cloud gateway appliance. A communication channel is established, using an outbound port, from the on-premises appliance to the public cloud gateway appliance that is secured based on the security information associated with the on-premises appliance and the contact information associated with the public cloud gateway appliance.