公开(公告)号：US20210385203A1

公开(公告)日：2021-12-09

申请号：US16893450

申请日：2020-06-05

Applicant: VMware, Inc.

Inventor： Dexiang WANG ,  Yong WANG

IPC: H04L29/06 ,  H04L9/06 ,  G06F9/455 ,  G06F16/22 ,  H04L29/08

Abstract: Example methods and computer systems for encapsulated encrypted packet handling for receive-side scaling (RSS). One example may comprise a first computer system performing encryption and encapsulation on a first inner packet to generate a first encapsulated encrypted packet that includes (a) a first security protocol header and (b) a first outer header configured based on a first security association (SA). The first encapsulated encrypted packet may be forwarded to cause receive-side processing using a first core of a second computer system based on the first outer header. The first computer system may further perform encryption and encapsulation on a second inner packet to generate a second encapsulated encrypted packet that includes (a) a second security protocol header (b) a second outer header configured based on a second SA. The second encapsulated encrypted packet may be forwarded to cause receive-side processing using a second core based on the second outer header.

公开(公告)号：US20210224138A1

公开(公告)日：2021-07-22

申请号：US16748770

申请日：2020-01-21

Applicant: VMware, Inc.

Inventor： Yong WANG

IPC: G06F9/50 ,  G06F9/54 ,  G06F1/3206

Abstract: One example method may comprise receiving multiple ingress packets that are destined for one or more virtualized computing instances; assigning the multiple ingress packets to multiple receive (RX) packet queues; and monitoring load information associated with multiple central processing unit (CPU) cores. The example method may also comprise: in response to detecting a load imbalance among the multiple CPU cores based on the load information, identifying at least one first CPU core that requires additional processing capability; and increasing processing capability of the at least one first CPU core and reducing processing capability of at least one second CPU core from the multiple CPU cores.

公开(公告)号：US20210184970A1

公开(公告)日：2021-06-17

申请号：US16715247

申请日：2019-12-16

Applicant: VMware, Inc.

Inventor： Xinhua HONG ,  Yong WANG ,  Jia YU ,  Dexiang WANG

IPC: H04L12/713 ,  H04L12/66 ,  H04L12/46 ,  H04L12/715 ,  H04L12/931 ,  H04L12/751

Abstract: The disclosure provides an approach for routing traffic in a network. Embodiments include receiving, by a service router of an edge services gateway (ESG), a packet comprising a virtual network identifier (VNI) and a virtual local area network (VLAN) identifier. Embodiments include sending, by the service router, the packet to a virtual switch of the ESG based on the VNI of the packet. Embodiments include determining, by the virtual switch, a virtual routing and forwarding (VRF) router of the ESG for the packet based on the VLAN identifier. Embodiments include forwarding, by the virtual switch, the packet to the VRF router.

公开(公告)号：US20210029004A1

公开(公告)日：2021-01-28

申请号：US16520331

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Yong WANG ,  Xinhua HONG ,  Jia YU

IPC: H04L12/26 ,  H04L29/06

Abstract: Example methods and systems are provided for packet event tracking. One example method may comprise: in response to a logical forwarding element detecting a packet event for a first packet, determining a first packet signature of the first packet; and tracking the packet event by updating a set membership filter based on the first packet signature to indicate that the first packet is a member of a set associated with the packet event. The method may also comprise: in response to receiving a query as to whether the packet event has been detected and tracked for a second packet, determining a second packet signature of the second packet. Based on the second packet signature, the set membership filter may be applied to determine whether the second packet is a possible member of the set associated with the packet event.

公开(公告)号：US20200076928A1

公开(公告)日：2020-03-05

申请号：US16114987

申请日：2018-08-28

Applicant: VMware, Inc.

Inventor： Yong WANG ,  Xinhua HONG ,  Jayant JAIN

IPC: H04L29/06 ,  H04L12/747 ,  H04L12/741 ,  H04L29/08

Abstract: Certain embodiments described herein are generally directed to using a flow cache with packets comprising dynamic headers. Embodiments include receiving a packet of a packet flow from a network, parsing the packet in order to determine a flow key, and comparing the flow key to entries in the flow cache. Upon determining that the flow key does not match any of the entries, embodiments include determining whether the packet comprises a dynamic header. Upon determining that the packet comprises a dynamic header, embodiments include canceling recorded flow cache information for the packet, performing an operation on the packet, reparsing the packet in order to determine a new flow key, and comparing the new flow key to the entries in the flow cache. Upon determining that the flow key matches an entry, embodiments include determining cached actions to perform for the packet based on the entry and performing the cached actions.

公开(公告)号：US20190334880A1

公开(公告)日：2019-10-31

申请号：US15963187

申请日：2018-04-26

Applicant: VMware, Inc.

Inventor： Yong WANG ,  Xinhua HONG ,  Kai-Wei FAN

IPC: H04L29/06 ,  H04L12/24

Abstract: Example methods are provided for a network device to perform packet capture in a software-defined networking (SDN) environment. One example method may comprise detecting an egress packet that includes an inner header addressed from a first node to a second node; and identifying a security policy applicable to the egress packet by comparing one or more fields in the inner header with one or more match fields specified by the security policy. The method may further comprise: based on the security policy, capturing the egress packet in an unencrypted form; performing encryption on the egress packet to generate an encrypted packet that includes the egress packet in an encrypted form; and sending the encrypted packet to the second node.

公开(公告)号：US20220303231A1

公开(公告)日：2022-09-22

申请号：US17208608

申请日：2021-03-22

Applicant: VMware, Inc.

Inventor： Jia YU ,  Yong WANG ,  Xinhua HONG ,  Wenyi JIANG ,  Guolin YANG ,  Dexiang WANG

IPC: H04L12/861 ,  H04L29/06 ,  H04L12/715 ,  H04L12/66

Abstract: In some embodiments, a method fragments a first packet into a plurality of fragments when a length of an encapsulated first packet is larger than a maximum transmission unit size. For each fragment in the plurality of fragments, fragmentation information is generated. The method encapsulates each fragment in the plurality of fragments with an outer header to form a plurality of encapsulated packets. The respective fragmentation information for each fragment is inserted in a portion of the outer header that is processed by endpoints of an overlay tunnel and not processed by a device along a path of the overlay tunnel. The plurality of encapsulated packets are sent via the overlay tunnel.

公开(公告)号：US20220210074A1

公开(公告)日：2022-06-30

申请号：US17694586

申请日：2022-03-14

Applicant: VMware, Inc.

Inventor： Yong WANG ,  Jia YU ,  David LEROY

IPC: H04L47/125 ,  H04L9/40

Abstract: In an embodiment, a computer-implemented method for using virtual tunnel interface teaming to achieve load balance and redundancy in virtual private networks (“VPNs”) is disclosed. In an embodiment, a method comprises: receiving, by a gateway, configuration data from a control plane; based on the configuration data, configuring on the gateway a bonded virtual tunnel interface (“bonded VTI”) having a plurality of slave virtual tunnel interfaces (“slave VTIs”); configuring a plurality of VPN tunnels between the plurality of slave VTIs configured on the gateway and a plurality of slave VTIs configured on a remote gateway; configuring an IPsec VPN tunnel between the bonded VTI configured on the gateway and a corresponding bonded VTI configured on the remote gateway; logically combining the plurality of VPN tunnels into the IPsec VPN tunnel; and enabling communications of IPsec VPN traffic via the IPsec VPN tunnel.

公开(公告)号：US20220078109A1

公开(公告)日：2022-03-10

申请号：US17456054

申请日：2021-11-22

Applicant: VMware, Inc.

Inventor： Xinhua HONG ,  Yong WANG ,  Jia YU ,  Dexiang WANG

IPC: H04L12/713 ,  H04L12/66 ,  H04L12/46 ,  H04L12/931 ,  H04L12/751 ,  H04L12/715

Abstract: The disclosure provides an approach for routing traffic in a network. Embodiments include receiving, by a service router of an edge services gateway (ESG), a packet comprising a virtual network identifier (VNI) and a virtual local area network (VLAN) identifier. Embodiments include sending, by the service router, the packet to a virtual switch of the ESG based on the VNI of the packet. Embodiments include determining, by the virtual switch, a virtual routing and forwarding (VRF) router of the ESG for the packet based on the VLAN identifier. Embodiments include forwarding, by the virtual switch, the packet to the VRF router.

公开(公告)号：US20220006734A1

公开(公告)日：2022-01-06

申请号：US16920765

申请日：2020-07-06

Applicant: VMware, Inc.

Inventor： Yong WANG ,  Dexiang WANG ,  Xinhua HONG ,  Jia YU

IPC: H04L12/713 ,  H04L12/717 ,  H04L29/06 ,  H04L29/08 ,  H04L12/46 ,  G06F9/455

Abstract: Example methods and computer systems for encapsulated fragmented packet handling. One example may comprise a first computer system detecting an egress packet that requires fragmentation and determining an outer connectionless transport layer value based on content of an inner transport layer header of the egress packet. The first computer system may generate a first encapsulated fragmented packet that includes a first fragment of the inner payload, the inner transport layer header and a first outer header specifying the outer connectionless transport layer value; and a second encapsulated fragmented packet that includes a second fragment of the inner payload and a second outer header specifying the outer connectionless transport layer value. The first encapsulated fragmented packet and the second encapsulated fragmented packet may be forwarded towards a second computer system to cause receive-side processing based on the outer connectionless transport layer value.