公开(公告)号：US20200076684A1

公开(公告)日：2020-03-05

申请号：US16120283

申请日：2018-09-02

Applicant: VMware, Inc.

Inventor： Akhila Naveen ,  Kantesh Mundaragi ,  Rahul Mishra ,  Fenil Kavathia ,  Raju Koganty ,  Pierluigi Rolando ,  Yong Feng ,  Jayant Jain

IPC: H04L12/24 ,  H04L29/08 ,  H04L12/717 ,  H04L12/66 ,  H04L12/931

Abstract: Some embodiments provide a method for configuring a gateway machine in a datacenter. The method receives a definition of a logical network for implementation in the datacenter. The logical network includes at least one logical switch to which logical network endpoints attach and a logical router for handling data traffic between the logical network endpoints in the datacenter and an external network. The method receives configuration data attaching a third-party service to at least one interface of the logical router via an additional logical switch designated for service attachments. The third-party service is for performing non-forwarding processing on the data traffic between the logical network endpoints and the external network. The method configures the gateway machine in the datacenter to implement the logical router and redirect at least a subset of the data traffic between the logical network endpoints and the external network to the attached third-party service.

公开(公告)号：US20230283689A1

公开(公告)日：2023-09-07

申请号：US18196378

申请日：2023-05-11

Applicant: VMware, Inc.

Inventor： Sandesh Sawant ,  Kantesh Mundaragi ,  Stijn Vanveerdeghem

IPC: H04L67/566 ,  H04L45/16 ,  H04L45/125 ,  H04L43/0888 ,  H04L67/51 ,  H04L67/56

CPC classification number: H04L67/566 ,  H04L45/16 ,  H04L45/125 ,  H04L43/0888 ,  H04L67/51 ,  H04L67/56

Abstract: Some embodiments of the invention provide a method for monitoring and adjusting a service chain that includes several services to perform on data messages passing through a network. For a service chain implemented by a set of service paths each of which includes several service nodes that implement the services of the service chain, the method receives, from a set of service proxies, operational data relating to data transmission characteristics of a set of operational service nodes. The method analyzes the data transmission characteristics. In response to the analysis of the data transmission characteristics, the method alters the set of service paths implementing the service chain.

公开(公告)号：US20230179474A1

公开(公告)日：2023-06-08

申请号：US18102684

申请日：2023-01-28

Applicant: VMware, Inc.

Inventor： Akhila Naveen ,  Kantesh Mundaragi ,  Rahul Mishra ,  Fenil Kavathia ,  Raju Koganty ,  Pierluigi Rolando ,  Yong Feng ,  Jayant Jain

IPC: H04L41/0806 ,  H04L12/66 ,  H04L67/53 ,  H04L49/35 ,  H04L45/42

CPC classification number: H04L41/0806 ,  H04L12/66 ,  H04L67/53 ,  H04L49/355 ,  H04L45/42

Abstract: Some embodiments provide a method for configuring a gateway machine in a datacenter. The method receives a definition of a logical network for implementation in the datacenter. The logical network includes at least one logical switch to which logical network endpoints attach and a logical router for handling data traffic between the logical network endpoints in the datacenter and an external network. The method receives configuration data attaching a third-party service to at least one interface of the logical router via an additional logical switch designated for service attachments. The third-party service is for performing non-forwarding processing on the data traffic between the logical network endpoints and the external network. The method configures the gateway machine in the datacenter to implement the logical router and redirect at least a subset of the data traffic between the logical network endpoints and the external network to the attached third-party service.

公开(公告)号：US11659061B2

公开(公告)日：2023-05-23

申请号：US16843919

申请日：2020-04-09

Applicant: VMWARE, INC.

Inventor： Sandesh Sawant ,  Kantesh Mundaragi ,  Stijn Vanveerdeghem

IPC: H04L67/566 ,  H04L45/16 ,  H04L45/125 ,  H04L43/0888 ,  H04L67/51 ,  H04L67/56

CPC classification number: H04L67/566 ,  H04L43/0888 ,  H04L45/125 ,  H04L45/16 ,  H04L67/51 ,  H04L67/56

Abstract: Some embodiments of the invention provide a method for monitoring and adjusting a service chain that includes several services to perform on data messages passing through a network. For a service chain implemented by a set of service paths each of which includes several service nodes that implement the services of the service chain, the method receives, from a set of service proxies, operational data relating to data transmission characteristics of a set of operational service nodes. The method analyzes the data transmission characteristics. In response to the analysis of the data transmission characteristics, the method alters the set of service paths implementing the service chain.

公开(公告)号：US11595250B2

公开(公告)日：2023-02-28

申请号：US16120283

申请日：2018-09-02

Applicant: VMware, Inc.

Inventor： Akhila Naveen ,  Kantesh Mundaragi ,  Rahul Mishra ,  Fenil Kavathia ,  Raju Koganty ,  Pierluigi Rolando ,  Yong Feng ,  Jayant Jain

IPC: H04L41/0806 ,  H04L67/53 ,  H04L12/66 ,  H04L45/42 ,  H04L49/35

Abstract: Some embodiments provide a method for configuring a gateway machine in a datacenter. The method receives a definition of a logical network for implementation in the datacenter. The logical network includes at least one logical switch to which logical network endpoints attach and a logical router for handling data traffic between the logical network endpoints in the datacenter and an external network. The method receives configuration data attaching a third-party service to at least one interface of the logical router via an additional logical switch designated for service attachments. The third-party service is for performing non-forwarding processing on the data traffic between the logical network endpoints and the external network. The method configures the gateway machine in the datacenter to implement the logical router and redirect at least a subset of the data traffic between the logical network endpoints and the external network to the attached third-party service.

公开(公告)号：US11360796B2

公开(公告)日：2022-06-14

申请号：US16445023

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F15/16 ,  G06F9/455 ,  H04L45/00 ,  H04L47/125 ,  H04L69/324 ,  H04L69/325 ,  H04L69/321 ,  H04L12/46 ,  H04L47/17 ,  H04L49/25 ,  H04L101/622 ,  H04L41/5054 ,  G06F9/54 ,  H04L45/74 ,  H04L47/19 ,  H04L67/563 ,  H04L41/0803 ,  H04L41/5003 ,  H04L67/1001 ,  H04L67/10 ,  H04L45/586 ,  H04L67/60 ,  H04L45/302 ,  H04L45/745 ,  H04L67/101 ,  H04L41/0816 ,  H04L47/2425 ,  H04L67/51 ,  H04L67/56 ,  H04L49/00 ,  H04L61/2592 ,  H04L41/0806 ,  H04L41/0893

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US11212356B2

公开(公告)日：2021-12-28

申请号：US16904399

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen

IPC: H04L29/08 ,  H04L12/46 ,  H04L29/06 ,  H04L12/911

Abstract: For traffic exiting a logical network through a particular VTI, some embodiments perform a service classification operation for different data messages to identify different VTIs that connect the edge forwarding element to a service node to provide services required by the data messages. Each data message, in some embodiments, is then forwarded to the identified VTI to receive the required service. The identified VTI does not perform a service classification operation. The service node then returns the serviced data message to the edge forwarding element. In some embodiments, the identified VTI is not configured to perform the service classification operation and is instead configured to mark all traffic directed to the edge forwarding element as having been serviced. The marked serviced data message is received at the edge forwarding element and forwarded to a destination of the data message through the particular VTI.

公开(公告)号：US20210314277A1

公开(公告)日：2021-10-07

申请号：US16904442

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen

IPC: H04L12/931 ,  H04L12/24 ,  H04L12/713 ,  H04L29/08 ,  H04L29/06

Abstract: Some embodiments facilitate the provision of a service reachable at a virtual internet protocol (VIP) address. The VIP address is used by clients to access a set of service nodes in the logical network. Facilitating the provision of the service, in some embodiments, includes returning a serviced data message to a load balancer that selected a service node to provide the service for the load balancer to track the state of the connection using the service logical forwarding element. To use the service logical forwarding element, some embodiments configure an egress datapath of the service nodes to intercept the serviced data message before being forwarded to a logical forwarding element in the datapath from the client to the service node, and determine if the serviced data message requires routing by the routing service provided as a service by the edge forwarding element.

公开(公告)号：US20210314253A1

公开(公告)日：2021-10-07

申请号：US16904446

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Yuxiao Zhang ,  Kantesh Mundaragi ,  Rahul Mishra

IPC: H04L12/733 ,  H04L12/713 ,  H04L29/08 ,  H04L12/851

Abstract: Some embodiments provide stateful services in a chain of services identified for some data messages. The edge forwarding element receives a data message at a particular interface of the edge forwarding element that is traversing the edge forwarding element in a forward direction between two machines. The edge forwarding element identifies (1) a set of stateful services for the received data message and (2) a next hop associated with the identified set of stateful services in the forward direction and a next hop associated with the identified set of stateful services in the reverse direction. Based on the identified set of services and the next hops for the forward and reverse directions, the edge forwarding element generates and stores first and second connection tracking records for the forward and reverse data message flows, respectively used to forward data messages received subsequently for the flow.

公开(公告)号：US20210194807A1

公开(公告)日：2021-06-24

申请号：US17133555

申请日：2020-12-23

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04L12/741 ,  G06F9/455 ,  H04L12/46 ,  H04L12/931

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.