公开(公告)号：US11609781B2

公开(公告)日：2023-03-21

申请号：US17352298

申请日：2021-06-19

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  H04L45/00 ,  H04L47/125 ,  H04L69/324 ,  H04L69/325 ,  H04L69/321 ,  H04L12/46 ,  H04L47/17 ,  H04L49/25 ,  H04L41/5054 ,  G06F9/54 ,  H04L45/74 ,  H04L47/19 ,  H04L41/0803 ,  H04L41/5003 ,  H04L67/10 ,  H04L45/586 ,  H04L45/302 ,  H04L45/745 ,  H04L67/101 ,  H04L41/0816 ,  H04L47/2425 ,  H04L49/00 ,  H04L61/2592 ,  H04L67/51 ,  H04L67/56 ,  H04L67/60 ,  H04L67/563 ,  H04L67/1001 ,  H04L41/0806 ,  H04L41/0893 ,  H04L101/622

Abstract: Some embodiments provide a method for performing services for data messages associated with a machine executing on a particular host computer. On the particular host computer, the method configures (1) a first distributed forwarding element (DFE) to forward data messages sent by the machine based on network addresses specified by machine, and (2) a second DFE to forward data messages sent by the machine to a set of one or more other host computers on which a set of one or more service nodes before the data messages are returned to the particular host computer to be forwarded by the first DFE based on the network addresses specified by the machine. Each DFE is implemented by at least one software forwarding element executing (SFE) on the particular host computer and at least one other SFE executing on at least one other host computer.

公开(公告)号：US10944585B1

公开(公告)日：2021-03-09

申请号：US16570344

申请日：2019-09-13

Applicant: VMware, Inc.

Inventor： Sami Boutros ,  Mani Kancherla ,  Jayant Jain ,  Ankur Dubey ,  Rajeev Nair

IPC: H04L12/28 ,  H04L12/721 ,  H04L12/851 ,  H04L12/741 ,  H04L29/12

Abstract: Embodiments described herein involve appliance migration. Embodiments include connecting, by a second appliance that is configured to perform a service, to a first uplink and a first downlink of a first appliance that is configured to perform the service. Embodiments include connecting, by the second appliance, to a first endpoint and a second endpoint to which the first appliance is connected. Embodiments include determining, by the second appliance, existing flows processed by the first appliance. Embodiments include processing, by the second appliance, a plurality of packets received via the first endpoint by: forwarding, by the second appliance, first packets of the plurality of packets that correspond to the existing flows to the first appliance; and performing, by the second appliance, the service for second packets of the plurality of packets that do not correspond to the existing flows.

公开(公告)号：US20200274778A1

公开(公告)日：2020-08-27

申请号：US16444907

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Kantesh Mundaragi ,  Rahul Mishra ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: H04L12/24 ,  H04L12/725 ,  H04L29/08 ,  H04L12/741 ,  G06F9/455

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US20200028792A1

公开(公告)日：2020-01-23

申请号：US16043127

申请日：2018-07-23

Applicant: VMware, Inc.

Inventor： Aditya G. Holla ,  Rishi Mehta ,  Boon Ang ,  Rajeev Nair ,  Wenyi Jiang

IPC: H04L12/863 ,  H04L12/803 ,  G06F9/455

Abstract: Some embodiments provide a method for managing multiple queues of a network interface card (NIC) of a host computer that executes a data compute node (DCN). The method defines first, second, and third subsets of the queues. The first subset of queues is associated with a first feature for processing data messages received by the NIC, the second subset of queues is associated with a second feature, and the third subset is associated with both features. The method receives a request from the DCN to process data messages addressed to the DCN using both the first and second features. The method configures the NIC to direct data messages received for the DCN to a queue that is selected from the third subset of queues.

公开(公告)号：US11848869B2

公开(公告)日：2023-12-19

申请号：US17308819

申请日：2021-05-05

Applicant: VMware, Inc.

Inventor： Aditya G. Holla ,  Wenyi Jiang ,  Rajeev Nair ,  Srikar Tati ,  Boon Ang ,  Kairav Padarthy

IPC: H04L45/7453 ,  H04L47/125 ,  H04L47/62 ,  H04L69/22 ,  H04L49/00 ,  H04L49/50

CPC classification number: H04L47/125 ,  H04L45/7453 ,  H04L47/6215 ,  H04L49/3009 ,  H04L49/50 ,  H04L69/22

Abstract: Some embodiments provide a method for selecting a transmit queue of a network interface card (NIC) of a host computer for an outbound data message. The NIC includes multiple transmit queues and multiple receive queues. Each of the transmit queues is individually associated with a different receive queue, and the MC performs a load balancing operation to distribute inbound data messages among multiple receive queues. The method extracts a set of header values from a header of the outbound data message. The method uses the extracted set of header values to identify a receive queue which the MC would select for a corresponding inbound data message upon which the NIC performed the load balancing operation. The method selects a transmit queue associated with the identified receive queue to process the outbound data message.

公开(公告)号：US11743234B2

公开(公告)日：2023-08-29

申请号：US17223956

申请日：2021-04-06

Applicant: VMware, Inc.

Inventor： Vignesh Raghuraman ,  Guolin Yang ,  Boon S. Ang ,  Prerit Rodney ,  Rajeev Nair ,  Ashwin Mahesh Shroff

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/0263 ,  H04L12/4633 ,  H04L63/0236 ,  H04L63/20

Abstract: Some embodiments of the invention provide a method of upgrading a firewall module executing on a host computer to process traffic sent to and from machines executing on the host computer. While a first version of the firewall module executes on the host computer to process the traffic to and from the machines, the method loads a second version of the firewall module alongside the first version of the firewall module. For each of multiple ports associated with machines executing on the host computer for which the firewall module processes traffic sent to and from the port, the method saves a runtime state of the first version that relates to the port, transfers association of a firewall filter associated with the port from the first version to the second version, and restores the saved runtime state for the port to the second version.

公开(公告)号：US11356381B2

公开(公告)日：2022-06-07

申请号：US16894767

申请日：2020-06-06

Applicant: VMware, Inc.

Inventor： Aditya G. Holla ,  Rishi Mehta ,  Boon Ang ,  Rajeev Nair ,  Wenyi Jiang

IPC: H04L47/6295 ,  H04L47/125 ,  G06F9/455

Abstract: A method for managing several queues of a network interface card (NIC) of a computer. The method initially configures the NIC to direct data messages received for a data compute node (DCN) executing on the computer to a default first NIC queue. When the DCN requests data messages addressed to the particular DCN to be processed with a first feature for load balancing data messages across multiple queues and a second feature for aggregating multiple related data messages into a single data message, the method configures the NIC to direct subsequent data messages received for the DCN to a second queue in a first subset of queues associated with the first feature if a load on the default first queue exceeds a first threshold. Otherwise, if a load on the first subset of queues exceeds a second threshold, the method configures the NIC to direct subsequent data messages received for the particular DCN to a third queue in a second subset of queues associated with both the first and second features.

公开(公告)号：US11036538B2

公开(公告)日：2021-06-15

申请号：US16444845

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Anuprem Chalvadi ,  Yang Ping ,  Kantesh Mundaragi ,  Rahul Mishra ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  H04L12/721 ,  H04L12/803 ,  H04L29/08 ,  H04L12/46 ,  H04L12/801 ,  H04L12/947 ,  H04L29/12 ,  H04L12/24 ,  G06F9/54 ,  H04L12/741 ,  H04L12/713 ,  H04L12/725 ,  H04L12/851 ,  H04L12/935

Abstract: Some embodiments provide a method for migrating a service machine between two hosts. The method configures a first host (1) to gather service machine data associated with the service machine executing on the first host and (2) to send the gathered service machine data to the second host. Each host executes a software forwarding element to implement a distributed forwarding element (DFE) that implements a dedicated service forwarding plane that forwards data messages associated with guest machines to the services machines. The method configures the second host to use the received service machine data to deploy the service machine on the second host and to connect the deployed service machine to the DFE. The method configures the DFE to forward data messages associated with a guest machine executing on a third host, and addressed to the service machine to the second host instead of the first host.

公开(公告)号：US11003482B2

公开(公告)日：2021-05-11

申请号：US16444989

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Yuxiao Zhang ,  Kantesh Mundaragi ,  Rahul Mishra ,  Jayant Jain ,  Raju Koganty

IPC: G06F15/16 ,  G06F9/455 ,  H04L12/721 ,  H04L12/803 ,  H04L29/08 ,  H04L12/46 ,  H04L12/801 ,  H04L12/947 ,  H04L29/12 ,  H04L12/24 ,  G06F9/54 ,  H04L12/741 ,  H04L12/713 ,  H04L12/725 ,  H04L12/851 ,  H04L12/935

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US20200304418A1

公开(公告)日：2020-09-24

申请号：US16894767

申请日：2020-06-06

Applicant: VMware, Inc.

Inventor： Aditya G. Holla ,  Rishi Mehta ,  Boon Ang ,  Rajeev Nair ,  Wenyi Jiang

IPC: H04L12/863 ,  H04L12/803 ,  G06F9/455

Abstract: Some embodiments provide a method for managing multiple queues of a network interface card (NIC) of a host computer that executes a data compute node (DCN). The method defines first, second, and third subsets of the queues. The first subset of queues is associated with a first feature for processing data messages received by the NIC, the second subset of queues is associated with a second feature, and the third subset is associated with both features. The method receives a request from the DCN to process data messages addressed to the DCN using both the first and second features. The method configures the NIC to direct data messages received for the DCN to a queue that is selected from the third subset of queues.