公开(公告)号：US11595250B2

公开(公告)日：2023-02-28

申请号：US16120283

申请日：2018-09-02

Applicant: VMware, Inc.

Inventor： Akhila Naveen ,  Kantesh Mundaragi ,  Rahul Mishra ,  Fenil Kavathia ,  Raju Koganty ,  Pierluigi Rolando ,  Yong Feng ,  Jayant Jain

IPC: H04L41/0806 ,  H04L67/53 ,  H04L12/66 ,  H04L45/42 ,  H04L49/35

Abstract: Some embodiments provide a method for configuring a gateway machine in a datacenter. The method receives a definition of a logical network for implementation in the datacenter. The logical network includes at least one logical switch to which logical network endpoints attach and a logical router for handling data traffic between the logical network endpoints in the datacenter and an external network. The method receives configuration data attaching a third-party service to at least one interface of the logical router via an additional logical switch designated for service attachments. The third-party service is for performing non-forwarding processing on the data traffic between the logical network endpoints and the external network. The method configures the gateway machine in the datacenter to implement the logical router and redirect at least a subset of the data traffic between the logical network endpoints and the external network to the attached third-party service.

公开(公告)号：US11249784B2

公开(公告)日：2022-02-15

申请号：US16445064

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Anuprem Chalvadi ,  Yang Ping ,  Akhila Naveen ,  Fenil Kavathia ,  Yong Feng ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/54 ,  G06F9/455 ,  H04L45/00 ,  H04L47/125 ,  H04L69/324 ,  H04L69/325 ,  H04L69/321 ,  H04L12/46 ,  H04L47/17 ,  H04L49/25 ,  H04L101/622 ,  H04L41/5054 ,  H04L45/74 ,  H04L47/19 ,  H04L67/563 ,  H04L41/0803 ,  H04L41/5003 ,  H04L67/1001 ,  H04L67/10 ,  H04L45/586 ,  H04L67/60 ,  H04L45/30 ,  H04L45/745 ,  H04L67/101 ,  H04L41/0816 ,  H04L47/2425 ,  H04L67/51 ,  H04L67/56 ,  H04L49/00 ,  H04L61/2592 ,  H04L41/0806 ,  H04L41/0893

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US11212356B2

公开(公告)日：2021-12-28

申请号：US16904399

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen

IPC: H04L29/08 ,  H04L12/46 ,  H04L29/06 ,  H04L12/911

Abstract: For traffic exiting a logical network through a particular VTI, some embodiments perform a service classification operation for different data messages to identify different VTIs that connect the edge forwarding element to a service node to provide services required by the data messages. Each data message, in some embodiments, is then forwarded to the identified VTI to receive the required service. The identified VTI does not perform a service classification operation. The service node then returns the serviced data message to the edge forwarding element. In some embodiments, the identified VTI is not configured to perform the service classification operation and is instead configured to mark all traffic directed to the edge forwarding element as having been serviced. The marked serviced data message is received at the edge forwarding element and forwarded to a destination of the data message through the particular VTI.

公开(公告)号：US20210314277A1

公开(公告)日：2021-10-07

申请号：US16904442

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen

IPC: H04L12/931 ,  H04L12/24 ,  H04L12/713 ,  H04L29/08 ,  H04L29/06

Abstract: Some embodiments facilitate the provision of a service reachable at a virtual internet protocol (VIP) address. The VIP address is used by clients to access a set of service nodes in the logical network. Facilitating the provision of the service, in some embodiments, includes returning a serviced data message to a load balancer that selected a service node to provide the service for the load balancer to track the state of the connection using the service logical forwarding element. To use the service logical forwarding element, some embodiments configure an egress datapath of the service nodes to intercept the serviced data message before being forwarded to a logical forwarding element in the datapath from the client to the service node, and determine if the serviced data message requires routing by the routing service provided as a service by the edge forwarding element.

公开(公告)号：US10931565B2

公开(公告)日：2021-02-23

申请号：US16283656

申请日：2019-02-22

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Kantesh Mundaragi ,  Stephen Tan ,  Akhila Naveen ,  Pierluigi Rolando ,  Raju Koganty

IPC: H04L12/707 ,  H04W88/16 ,  H04L12/24

Abstract: In an embodiment, a method for a VRF and multi-service insertion on edge gateways is described. In an embodiment, the method comprises obtaining a rule configuration. Based on, at least in part, the rule configuration, a rule table is created. The rule table comprises rule data records, wherein a rule data record comprises packet attributes and a redirection identifier. A policy configuration comprising policy records is obtained. Each policy record comprises a redirection identifier, a next_hop, and an address pair for interfaces. A mapping between VRF identifiers and address pairs is generated. Based on, at least in part, the mapping and the policy configuration, a policy table is generated. The policy table comprises table records, wherein a table record comprises a redirection identifier, a next_hop, and an address pair. The rule and policy tables are used to redirect a packet from an edge gateway to a service virtual machine.

公开(公告)号：US20240015097A1

公开(公告)日：2024-01-11

申请号：US18370013

申请日：2023-09-19

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen ,  Elton Furtado

IPC: H04L45/00 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/46 ,  H04L45/745 ,  H04L47/2408 ,  H04L45/02 ,  H04L45/12 ,  H04L45/24 ,  H04L45/302 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L9/40 ,  H04L67/1004 ,  H04L47/125 ,  H04L41/0654 ,  H04L45/30 ,  H04L45/741 ,  H04L67/51 ,  H04L67/63 ,  H04L67/563

CPC classification number: H04L45/20 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/4633 ,  H04L45/745 ,  H04L47/2408 ,  H04L45/04 ,  H04L45/12 ,  H04L45/24 ,  H04L45/306 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/70 ,  H04L63/0272 ,  H04L63/306 ,  H04L67/1004 ,  H04L47/125 ,  H04L12/4662 ,  H04L63/164 ,  H04L41/0654 ,  H04L45/02 ,  H04L45/30 ,  H04L45/741 ,  H04L67/51 ,  H04L67/63 ,  H04L67/563 ,  H04L67/146

Abstract: Some embodiments provide novel methods for providing a set of services for a logical network associated with an edge forwarding element acting between a logical network and an external network. In some embodiments, the services are provided using a logical service forwarding plane that connects the edge forwarding element to a set of service nodes that each provide a service in the set of services. The service classification operation of some embodiments identifies a chain of multiple service operations that has to be performed on the data message. In some embodiments, identifying the chain of service operations includes selecting a service path to provide the multiple services. After selecting the service path, the data message is sent along the selected service path to have the services provided. The data message is returned to the edge forwarding element by a last service node in the service path that performs the last service operation and the edge forwarding element performs next hop forwarding on the data message.

公开(公告)号：US11792112B2

公开(公告)日：2023-10-17

申请号：US16904377

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen ,  Elton Furtado

IPC: H04L47/125 ,  H04L67/146 ,  H04L45/00 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/46 ,  H04L45/745 ,  H04L47/2408 ,  H04L45/02 ,  H04L45/12 ,  H04L45/24 ,  H04L45/302 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L9/40 ,  H04L67/1004 ,  H04L41/0654 ,  H04L45/30 ,  H04L45/741 ,  H04L67/51 ,  H04L67/63 ,  H04L67/563 ,  H04L47/70

CPC classification number: H04L45/20 ,  H04L12/4633 ,  H04L12/4662 ,  H04L41/0654 ,  H04L41/0893 ,  H04L45/02 ,  H04L45/04 ,  H04L45/12 ,  H04L45/24 ,  H04L45/30 ,  H04L45/306 ,  H04L45/586 ,  H04L45/741 ,  H04L45/745 ,  H04L47/125 ,  H04L47/2408 ,  H04L47/2441 ,  H04L49/20 ,  H04L49/70 ,  H04L63/0272 ,  H04L63/164 ,  H04L63/306 ,  H04L67/1004 ,  H04L67/142 ,  H04L67/51 ,  H04L67/563 ,  H04L67/63 ,  H04L47/825 ,  H04L67/146

Abstract: Some embodiments provide novel methods for providing a set of services for a logical network associated with an edge forwarding element acting between a logical network and an external network. In some embodiments, the services are provided using a logical service forwarding plane that connects the edge forwarding element to a set of service nodes that each provide a service in the set of services. The service classification operation of some embodiments identifies a chain of multiple service operations that has to be performed on the data message. In some embodiments, identifying the chain of service operations includes selecting a service path to provide the multiple services. After selecting the service path, the data message is sent along the selected service path to have the services provided. The data message is returned to the edge forwarding element by a last service node in the service path that performs the last service operation and the edge forwarding element performs next hop forwarding on the data message.

公开(公告)号：US11368387B2

公开(公告)日：2022-06-21

申请号：US16904442

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen

IPC: H04L45/00 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/46 ,  H04L45/745 ,  H04L47/2408 ,  H04L67/51 ,  H04L45/02 ,  H04L45/12 ,  H04L45/24 ,  H04L45/302 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L9/40 ,  H04L67/1004 ,  H04L47/125 ,  H04L67/146 ,  H04L67/563 ,  H04L67/63 ,  H04L41/0654 ,  H04L45/30 ,  H04L45/741 ,  H04L47/70

Abstract: Some embodiments facilitate the provision of a service reachable at a virtual internet protocol (VIP) address. The VIP address is used by clients to access a set of service nodes in the logical network. Facilitating the provision of the service, in some embodiments, includes returning a serviced data message to a load balancer that selected a service node to provide the service for the load balancer to track the state of the connection using the service logical forwarding element. To use the service logical forwarding element, some embodiments configure an egress datapath of the service nodes to intercept the serviced data message before being forwarded to a logical forwarding element in the datapath from the client to the service node, and determine if the serviced data message requires routing by the routing service provided as a service by the edge forwarding element.

公开(公告)号：US20210314415A1

公开(公告)日：2021-10-07

申请号：US16904399

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen

IPC: H04L29/08 ,  H04L12/46 ,  H04L29/06

Abstract: For traffic exiting a logical network through a particular VTI, some embodiments perform a service classification operation for different data messages to identify different VTIs that connect the edge forwarding element to a service node to provide services required by the data messages. Each data message, in some embodiments, is then forwarded to the identified VTI to receive the required service. The identified VTI does not perform a service classification operation. The service node then returns the serviced data message to the edge forwarding element. In some embodiments, the identified VTI is not configured to perform the service classification operation and is instead configured to mark all traffic directed to the edge forwarding element as having been serviced. The marked serviced data message is received at the edge forwarding element and forwarded to a destination of the data message through the particular VTI.

公开(公告)号：US11074097B2

公开(公告)日：2021-07-27

申请号：US16444935

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Akhila Naveen ,  Fenil Kavathia ,  Yong Feng ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  H04L12/721 ,  H04L12/803 ,  H04L29/08 ,  H04L12/947 ,  G06F9/54 ,  H04L12/741 ,  H04L12/46 ,  H04L12/801 ,  H04L29/12 ,  H04L12/24 ,  H04L12/713 ,  H04L12/725 ,  H04L12/851 ,  H04L12/935

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).