公开(公告)号：US20250119422A1

公开(公告)日：2025-04-10

申请号：US18481557

申请日：2023-10-05

Applicant: VMware, Inc.

Inventor： Wenying Dong ,  Jianjun Shen ,  Rahul Jain ,  Quan Tian ,  Mengdie Song ,  Xu Liu

IPC: H04L9/40 ,  G06F9/54 ,  H04L41/046

Abstract: The disclosure provides a method for authenticating a network agent deployed in a networking environment. The method generally includes receiving, by a network controller in the networking environment, a name of an external node where the network agent is running and a token associated with the external node; in response to receiving the name of the external node, obtaining, by the network controller, a secret associated with the token; parsing, by the network controller, the secret to determine an expected external node name corresponding to the token; comparing the expected external node name with the received external node name; and trusting the network agent when the expected external node name and the received external node name match.

公开(公告)号：US20230171193A1

公开(公告)日：2023-06-01

申请号：US18103366

申请日：2023-01-30

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04L45/745 ,  G06F9/455 ,  H04L12/46 ,  H04L49/354 ,  H04L49/00

CPC classification number: H04L45/745 ,  G06F9/45558 ,  H04L12/4633 ,  H04L12/4641 ,  H04L49/354 ,  H04L49/70 ,  H04L2212/00

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US11570104B2

公开(公告)日：2023-01-31

申请号：US17133555

申请日：2020-12-23

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04W4/00 ,  H04L45/745 ,  G06F9/455 ,  H04L12/46 ,  H04L49/354 ,  H04L49/00

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US20220329461A1

公开(公告)日：2022-10-13

申请号：US17849669

申请日：2022-06-26

Applicant: VMware, Inc.

Inventor： Mukesh Hira ,  Su Wang ,  Rahul Jain ,  Ganesan Chandrashekhar ,  Sandeep Siroya

IPC: H04L12/66 ,  H04L45/74 ,  H04L12/46 ,  H04L45/00 ,  H04L67/10

Abstract: Some embodiments provide a centralized overlay-network cloud gateway and a set of centralized services in a transit virtual cloud network (VCN) connected to multiple other compute VCNs hosting compute nodes (VMs, containers, etc.) that are part of (belong to) the overlay network. The centralized overlay-network cloud gateway provides connectivity between compute nodes of the overlay network (e.g., a logical network spanning multiple VCNs) and compute nodes in external networks. Some embodiments use the centralized overlay-network cloud gateway to provide transitive routing (e.g., routing through a transit VCN) in the absence of direct peering between source and destination VCNs. The overlay network, of some embodiments, uses the same subnetting and default gateway address for each compute node as the cloud provider network provided by the virtual private cloud provider.

公开(公告)号：US11374794B2

公开(公告)日：2022-06-28

申请号：US16112597

申请日：2018-08-24

Applicant: VMware, Inc.

Inventor： Mukesh Hira ,  Su Wang ,  Rahul Jain ,  Ganesan Chandrashekhar ,  Sandeep Siroya

IPC: H04L12/66 ,  H04L45/74 ,  H04L12/46 ,  H04L45/00 ,  H04L67/10

Abstract: Some embodiments provide a centralized overlay-network cloud gateway and a set of centralized services in a transit virtual cloud network (VCN) connected to multiple other compute VCNs hosting compute nodes (VMs, containers, etc.) that are part of (belong to) the overlay network. The centralized overlay-network cloud gateway provides connectivity between compute nodes of the overlay network (e.g., a logical network spanning multiple VCNs) and compute nodes in external networks. Some embodiments use the centralized overlay-network cloud gateway to provide transitive routing (e.g., routing through a transit VCN) in the absence of direct peering between source and destination VCNs. The overlay network, of some embodiments, uses the same subnetting and default gateway address for each compute node as the cloud provider network provided by the virtual private cloud provider.

公开(公告)号：US11196591B2

公开(公告)日：2021-12-07

申请号：US16112602

申请日：2018-08-24

Applicant: VMware, Inc.

Inventor： Mukesh Hira ,  Su Wang ,  Rahul Jain ,  Ganesan Chandrashekhar ,  Sandeep Siroya

IPC: H04L12/66 ,  H04L12/721 ,  H04L29/08 ,  H04L12/741

Abstract: Some embodiments provide a centralized overlay-network cloud gateway and a set of centralized services in a transit virtual private cloud (VPC) connected to multiple other compute VPCs hosting compute nodes (VMs, containers, etc.) that are part of (belong to) the overlay network. The centralized overlay-network cloud gateway provides connectivity between compute nodes of the overlay network (e.g., a logical network spanning multiple VPCs) and compute nodes in external networks. Some embodiments use the centralized overlay-network cloud gateway to provide transitive routing (e.g., routing through a transit VPC) in the absence of direct peering between source and destination VPCs. The overlay network, of some embodiments, uses the same subnetting and default gateway address for each compute node as the cloud provider network provided by the virtual private cloud provider.

公开(公告)号：US10892989B2

公开(公告)日：2021-01-12

申请号：US16251080

申请日：2019-01-18

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04L12/28 ,  H04L12/741 ,  G06F9/455 ,  H04L12/46 ,  H04L12/931

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.