公开(公告)号：US10530650B2

公开(公告)日：2020-01-07

申请号：US14641314

申请日：2015-03-07

Applicant: VMWARE, INC.

Inventor： Sachin Thakkar ,  Debashis Basak ,  Serge Maskalik ,  Aravind Srinivasan ,  Abhinav Vijay Bhagwat

IPC: G06F15/16 ,  H04L12/24 ,  H04L29/08 ,  G06F9/455

Abstract: A method is provide for managing a migration of a virtual machine from a private data center managed by a first organization to a public cloud computing system by a second organization and where the first organization is a tenant. The configurations of physical infrastructure of the private data center that underlies the virtual machine are determined, along with a corresponding match preference indicating a level of criticality for some corresponding configuration at the public cloud system. The configurations and match preferences generated as part of a migration package. The public cloud computing system instantiates a corresponding VM based on the determined configurations and corresponding match preferences.

公开(公告)号：US20160191396A1

公开(公告)日：2016-06-30

申请号：US14968890

申请日：2015-12-14

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan ,  Todd Sabin

IPC: H04L12/813

CPC classification number: H04L47/20 ,  H04L61/2514 ,  H04L63/0218 ,  H04L63/0263 ,  H04L67/1002

Abstract: The disclosure herein describes an edge device of a network for distributed policy enforcement. During operation, the edge device receives an initial packet for an outgoing traffic flow, and identifies a policy being triggered by the initial packet. The edge device performs a reverse lookup to identify at least an intermediate node that is previously traversed by the initial packet and traffic parameters associated with the initial packet at the identified intermediate node. The edge device translates the policy based on the traffic parameters at the intermediate node, and forwards the translated policy to the intermediate node, thus facilitating the intermediate node in applying the policy to the traffic flow.

Abstract translation: 本文的公开内容描述了用于分布式策略实施的网络的边缘设备。 在操作期间，边缘设备接收用于出站业务流的初始分组，并且识别由初始分组触发的策略。 边缘设备执行反向查找以识别先前由初始分组穿过的中间节点和与所识别的中间节点处的初始分组相关联的业务参数。 边缘设备根据中间节点的流量参数转换策略，并将转换的策略转发到中间节点，从而便于中间节点将策略应用于业务流。

公开(公告)号：US20160105392A1

公开(公告)日：2016-04-14

申请号：US14664952

申请日：2015-03-23

Applicant: VMWARE, INC.

Inventor： SACHIN THAKKAR ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan

IPC: H04L29/12 ,  H04L29/08

CPC classification number: H04L61/2061 ,  G06F2009/45595 ,  H04L12/4641 ,  H04L61/2038 ,  H04L61/2596 ,  H04L61/6022

Abstract: A centralized namespace controller allocates addresses in a distributed cloud infrastructure on-demand. Upon receiving a request to allocate addresses for a network to be provisioned by a cloud computing system included in the distributed cloud infrastructure, the centralized namespace controller allocates a network address that is unique within the distributed cloud infrastructure. Further, the centralized namespace controller allocates a range of virtual network interface cards (NIC) addresses that are unique within the network. The centralized namespace controller then allocates addresses from the range of virtual NIC addresses on an as-requested basis—when a virtual NIC is being created by the first cloud computing system on the network. Advantageously, by centralizing the allocation of addresses and dedicating independent NIC address ranges to different cloud computing systems, the centralized namespace controller enables stretched L2 networks between cloud computing systems while preventing duplicated addresses on the stretched networks.

Abstract translation: 集中命名空间控制器按需分配分布式云基础架构中的地址。 在收到分配云基础设施中包含的云计算系统提供的网络分配地址的请求后，集中命名空间控制器分配在分布式云基础设施中是唯一的网络地址。 此外，集中命名空间控制器分配在网络内是唯一的一系列虚拟网络接口卡（NIC）地址。 当由网络上的第一个云计算系统创建虚拟网卡时，集中命名空间控制器将按照要求从虚拟NIC地址范围分配地址。 有利的是，通过集中地址分配并将独立NIC地址范围专用于不同的云计算系统，集中命名空间控制器可在云计算系统之间实现拉伸的L2网络，同时防止扩展网络上的重复地址。

公开(公告)号：US20220283839A1

公开(公告)日：2022-09-08

申请号：US17376758

申请日：2021-07-15

Applicant: VMware, Inc.

Inventor： Aravind Srinivasan ,  Giridhar Jayavelu ,  Amit Singh ,  Rakesh Misra

IPC: G06F9/455 ,  G06F9/4401 ,  G06F9/38 ,  G06F9/54

Abstract: Some embodiments provide various methods for offloading operations in an O-RAN (Open Radio Access Network) onto control plane (CP) or edge applications that execute on host computers with hardware accelerators in software defined datacenters (SDDCs). At the CP or edge application operating on a machine executing on a host computer with a hardware accelerator, the method of some embodiments receives data, from an O-RAN E2 unit, to perform an operation. The method uses a driver of the machine to communicate directly with the hardware accelerator to direct the hardware accelerator to perform a set of computations associated with the operation. This driver allows the communication with the hardware accelerator to bypass an intervening set of drivers executing on the host computer between the machine's driver and the hardware accelerator. Through this driver, the application in some embodiments receives the computation results, which it then provides to one or more O-RAN components (e.g., to the E2 unit that provided the data, another E2 unit or another control plane or edge application).

公开(公告)号：US10757170B2

公开(公告)日：2020-08-25

申请号：US14664939

申请日：2015-03-23

Applicant: VMWARE, INC.

Inventor： Sachin Thakkar ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan

IPC: H04L29/08 ,  H04L12/24 ,  H04L29/12 ,  H04L29/06

Abstract: Conditional address translation is performed in a multi-tenant cloud infrastructure to effectively support tenant-assigned addresses. For each tenant, the multi-tenant cloud infrastructure deploys both a private network used to communicate between the tenant and the cloud and a tenant-facing gateway to manage the private network. The multi-tenant cloud infrastructure also includes an externally-facing gateway used to communicate between the multi-tenant cloud and a public network. The tenant-facing gateways are configured to bypass address translation—providing consistent addressing across each private network irrespective of the physical location of resources linked by the private network. By contrast, the public-facing gateway is configured to translate source addresses in outgoing packets to addresses that are unique within the public network. Advantageously, discriminately mapping addresses enables multiple tenants to interact in a uniform fashion with both on-premises resources and cloud-hosted resources without incurring undesirable address collisions between tenants.

公开(公告)号：US10375170B2

公开(公告)日：2019-08-06

申请号：US15690230

申请日：2017-08-29

Applicant: VMware, Inc.

Inventor： Narendra Kumar Basur Shankarappa ,  Aravind Srinivasan ,  Sachin Thakkar ,  Serge Maskalik ,  Govind Haridas

IPC: G06F15/177 ,  H04L29/08 ,  H04L29/12 ,  H04L12/721 ,  H04L12/801 ,  H04L12/911 ,  H04W28/02 ,  G06F9/50 ,  H04L12/24 ,  H04L12/931 ,  H04L12/46 ,  H04L29/06 ,  G06F8/65 ,  H04L12/715 ,  H04L12/725 ,  G06F9/455

Abstract: Techniques for upgrading virtual appliances in a hybrid cloud computing system are provided. In one embodiment, virtual appliances are upgraded by deploying the upgraded appliances in both a data center and a cloud, configuring the upgraded appliances to have the same IP addresses as original appliances, and disconnecting the original appliances from networks to which they are connected and connecting the upgraded appliances to those networks via the same ports previously used by the original appliances. In another embodiment, upgraded appliances are deployed in the data center and the cloud, but configured with new IP addresses that are different from those of the original appliances, and connections are switched from those of the original appliances to new connections with the new IP addresses. Embodiments disclosed herein permit virtual appliances to be upgraded or replaced with relatively little downtime so as to help minimize disruptions to existing traffic flows.

公开(公告)号：US10341296B2

公开(公告)日：2019-07-02

申请号：US14025850

申请日：2013-09-13

Applicant: VMWARE, INC.

Inventor： Abhinav Vijay Bhagwat ,  Aravind Srinivasan ,  Amit Ratnapal Sangodkar

IPC: H04L29/06

Abstract: Techniques for automatic firewall configuration in a virtual network environment are described. In one example embodiment, firewall rules are configured using virtual machine (VM) inventory objects. The firewall rules are then transformed by replacing the VM inventory objects in the configured firewall rules with associated Internet protocol (IP) addresses using an IP address management table (IPAM) table and a network address translation (NAT) table. The transformed firewall rules are then sent to a firewall engine for filtering communication from and to VMs running on a first machine on one or more computing networks and communication from and to VMs running on a second machine on one or more computing networks at a firewall according to the transformed firewall rules.

公开(公告)号：US10333889B2

公开(公告)日：2019-06-25

申请号：US15818584

申请日：2017-11-20

Applicant: VMware, Inc.

Inventor： Sachin Thakkar ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan

IPC: G06F15/177 ,  H04L29/12 ,  G06F9/455 ,  H04L12/46

Abstract: A centralized namespace controller allocates addresses in a distributed cloud infrastructure on-demand. Upon receiving a request to allocate addresses for a network to be provisioned by a cloud computing system included in the distributed cloud infrastructure, the centralized namespace controller allocates a network address that is unique within the distributed cloud infrastructure. Further, the centralized namespace controller allocates a range of virtual network interface cards (NIC) addresses that are unique within the network. The centralized namespace controller then allocates addresses from the range of virtual NIC addresses on an as-requested basis—when a virtual NIC is being created by the first cloud computing system on the network. Advantageously, by centralizing the allocation of addresses and dedicating independent NIC address ranges to different cloud computing systems, the centralized namespace controller enables stretched L2 networks between cloud computing systems while preventing duplicated addresses on the stretched networks.

公开(公告)号：US09825905B2

公开(公告)日：2017-11-21

申请号：US14664952

申请日：2015-03-23

Applicant: VMWARE, INC.

Inventor： Sachin Thakkar ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan

IPC: G06F15/177 ,  H04L29/12 ,  G06F9/455 ,  H04L12/46

CPC classification number: H04L61/2061 ,  G06F2009/45595 ,  H04L12/4641 ,  H04L61/2038 ,  H04L61/2596 ,  H04L61/6022

Abstract: A centralized namespace controller allocates addresses in a distributed cloud infrastructure on-demand. Upon receiving a request to allocate addresses for a network to be provisioned by a cloud computing system included in the distributed cloud infrastructure, the centralized namespace controller allocates a network address that is unique within the distributed cloud infrastructure. Further, the centralized namespace controller allocates a range of virtual network interface cards (NIC) addresses that are unique within the network. The centralized namespace controller then allocates addresses from the range of virtual NIC addresses on an as-requested basis—when a virtual NIC is being created by the first cloud computing system on the network. Advantageously, by centralizing the allocation of addresses and dedicating independent NIC address ranges to different cloud computing systems, the centralized namespace controller enables stretched L2 networks between cloud computing systems while preventing duplicated addresses on the stretched networks.

公开(公告)号：US20170063573A1

公开(公告)日：2017-03-02

申请号：US14838559

申请日：2015-08-28

Applicant: VMware, Inc.

Inventor： Serge MASKALIK ,  Weiqing WU ,  Aravind Srinivasan ,  Sachin THAKKAR ,  Debashis BASAK

IPC: H04L12/66 ,  H04L29/08

Abstract: Connectivity between data centers in a hybrid cloud system having a first data center managed by a first organization and a second data center managed by a second organization, the first organization being a tenant in the second data center, is optimized. According to the described technique, a path-optimized connection is established through a wide area network (WAN) between a first gateway of a first data center and a second gateway of a second data center for an application executing in the first data center based on performance of paths across a set of Internet Protocol (IP) flows. Application packets received from the application at the first gateway are forwarded to a WAN optimization appliance in the first data center. WAN optimized application packets received from the WAN optimization appliance at the first gateway are then sent to the second gateway over the path-optimized connection.

Abstract translation: 优化了具有由第一组织管理的第一数据中心和由第二组织管理的第二数据中心的混合云系统中的数据中心之间的连接，所述第二组织是第二数据中心中的租户。 根据所描述的技术，通过第一数据中心的第一网关和第二数据中心的第二网关之间的广域网（WAN）建立路径优化的连接，用于在第一数据中心中执行的应用，基于 在一组互联网协议（IP）流中的路径的性能。 从第一网关处的应用接收到的应用分组被转发到第一数据中心的WAN优化设备。 然后通过路径优化连接将从WAN优化设备接收到的WAN优化应用数据包发送到第二个网关。