公开(公告)号：US20230168917A1

公开(公告)日：2023-06-01

申请号：US18103516

申请日：2023-01-31

Applicant: VMware, Inc.

Inventor： Fenil Kavathia ,  Anuprem Chalvadi ,  Yang Ping ,  Akhila Naveen ,  Yong Feng ,  Kantesh Mundaragi ,  Rahul Mishra ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  H04L45/00 ,  H04L47/125 ,  H04L69/324 ,  H04L69/325 ,  H04L69/321 ,  H04L12/46 ,  H04L47/17 ,  H04L49/25 ,  H04L41/5054 ,  G06F9/54 ,  H04L45/74 ,  H04L47/19 ,  H04L41/0803 ,  H04L41/5003 ,  H04L67/10 ,  H04L45/586 ,  H04L45/302 ,  H04L45/745 ,  H04L67/101 ,  H04L41/0816 ,  H04L47/2425 ,  H04L49/00 ,  H04L61/2592 ,  H04L67/51 ,  H04L67/56 ,  H04L67/60 ,  H04L67/563 ,  H04L67/1001

CPC classification number: G06F9/45558 ,  H04L45/38 ,  H04L45/66 ,  H04L47/125 ,  H04L69/324 ,  H04L69/325 ,  H04L69/321 ,  H04L12/4633 ,  H04L47/17 ,  H04L49/252 ,  H04L41/5054 ,  G06F9/546 ,  H04L45/74 ,  H04L47/19 ,  H04L41/0803 ,  H04L41/5003 ,  H04L67/10 ,  H04L45/586 ,  H04L45/308 ,  H04L45/745 ,  H04L67/101 ,  H04L41/0816 ,  H04L45/26 ,  H04L47/2425 ,  H04L49/3009 ,  H04L61/2592 ,  H04L67/51 ,  H04L67/56 ,  H04L67/60 ,  H04L67/563 ,  H04L67/1001 ,  G06F2009/4557 ,  G06F2009/45595 ,  H04L41/0806

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US11301281B2

公开(公告)日：2022-04-12

申请号：US16444956

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Kantesh Mundaragi ,  Rahul Mishra ,  Jayant Jain ,  Raju Koganty

IPC: H04L29/08 ,  G06F15/16 ,  G06F11/00 ,  H04L12/741 ,  H04L12/24 ,  H04L12/66 ,  H04L12/26 ,  G06F9/455 ,  H04L45/00 ,  H04L47/125 ,  H04L69/324 ,  H04L69/325 ,  H04L69/321 ,  H04L12/46 ,  H04L47/17 ,  H04L49/25 ,  H04L101/622 ,  H04L41/5054 ,  G06F9/54 ,  H04L45/74 ,  H04L47/19 ,  H04L67/563 ,  H04L41/0803 ,  H04L41/5003 ,  H04L67/1001 ,  H04L67/10 ,  H04L45/586 ,  H04L67/60 ,  H04L45/30 ,  H04L45/745 ,  H04L67/101 ,  H04L41/0816 ,  H04L47/2425 ,  H04L67/51 ,  H04L67/56 ,  H04L49/00 ,  H04L61/2592 ,  H04L41/0806 ,  H04L41/0893

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US20210314248A1

公开(公告)日：2021-10-07

申请号：US16904430

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra

IPC: H04L12/751 ,  H04L12/707 ,  H04L12/24

Abstract: Some embodiments provide a method of performing stateful services that keeps track of changes to states of service nodes to update connection tracker records when necessary. At least one global state value indicating a state of the service nodes is maintained at the edge device. The method generates a record in a connection tracker storage including the current global state value as a flow state value for a first data message in a data message flow. Each time a data message is received for the data message flow, the stored state value (i.e., a flow state value) is compared to the relevant global state value to determine if the stored action may have been updated. After a change in the global state value relevant to the flow the method examines a flow programming table to determine if the flow has been affected by a flow programming instruction(s) that caused the global state value to change.

公开(公告)号：US20210311772A1

公开(公告)日：2021-10-07

申请号：US17352298

申请日：2021-06-19

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  H04L12/721 ,  H04L12/803 ,  H04L29/08 ,  H04L12/46 ,  H04L12/801 ,  H04L12/947 ,  H04L29/12 ,  H04L12/24 ,  G06F9/54 ,  H04L12/741 ,  H04L12/713 ,  H04L12/725 ,  H04L12/851 ,  H04L12/935

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US11042397B2

公开(公告)日：2021-06-22

申请号：US16444826

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Anuprem Chalvadi ,  Yang Ping ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  H04L12/721 ,  H04L12/803 ,  H04L29/08 ,  H04L12/46 ,  H04L12/801 ,  H04L12/947 ,  H04L29/12 ,  H04L12/24 ,  G06F9/54 ,  H04L12/741 ,  H04L12/713 ,  H04L12/725 ,  H04L12/851 ,  H04L12/935

Abstract: Some embodiments of the invention provide a method for migrating a machine on a first host computer to a second host computer. At the first host computer, the method gathers a set of service insertion data used by a first service insertion module executing on the first host computer to identify a particular chain of multiple services that a set of multiple service nodes have to perform on a particular data message flow associated with the machine. To the second host computer, the method sends a set of machine configuration data and the set of service insertion data. The second host computer (1) uses the machine configuration data to deploy the machine on the second host computer and (2) uses the gathered set of service insertion data to configure a second service insertion module executing on the second host computer to identify the particular chain of two or more services.

公开(公告)号：US20200274799A1

公开(公告)日：2020-08-27

申请号：US16283665

申请日：2019-02-22

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Kantesh Mundaragi ,  Stephen Tan ,  Akhila Naveen ,  Pierluigi Rolando ,  Raju Koganty

IPC: H04L12/713 ,  H04L12/707

Abstract: In an embodiment, a method for a VRF and multi-service insertion on edge gateways is described. In an embodiment, the method comprises: detecting a packet; determining attributes for the packet; based on the attributes, determining whether the attributes match one or more rule attributes of a particular rule in a rule table; in response to determining that the attributes match the one or more rule attributes of a particular rule in the rule table: determining, based on the particular rule, a particular redirection identifier, a particular VRF identifier, a particular next hop, a particular address pair, and a particular BFD status; based on the particular BFD status, determining whether to redirect the packet; and in response to determining to redirect the packet, redirecting the packet toward a service virtual machine from an interface indicated by one of addresses in the particular address pair.

公开(公告)号：US20200274757A1

公开(公告)日：2020-08-27

申请号：US16445035

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Kantesh Mundaragi ,  Rahul Mishra ,  Jayant Jain ,  Raju Koganty ,  Akhila Naveen ,  Fenil Kavathia ,  Yong Feng

IPC: H04L12/24 ,  H04L29/08 ,  G06F9/455

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US20200272497A1

公开(公告)日：2020-08-27

申请号：US16445016

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Fenil Kavathia ,  Anuprem Chalvadi ,  Yang Ping ,  Akhila Naveen ,  Yong Feng ,  Kantesh Mundaragi ,  Rahul Mishra ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  H04L12/721 ,  H04L12/803 ,  H04L29/08

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US20200272494A1

公开(公告)日：2020-08-27

申请号：US16444927

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Saahil Gokhale ,  Camille Lecuyer ,  Rajeev Nair ,  Kantesh Mundaragi ,  Rahul Mishra ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  G06F9/54

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US10649805B1

公开(公告)日：2020-05-12

申请号：US16177855

申请日：2018-11-01

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Chidambareswaran Raman ,  Abhishek Mishra

IPC: G06F9/455 ,  H04L12/761 ,  H04L12/947

Abstract: A method for a parallel execution of services, of a serial service chain, on packets using multicast-based service insertion is disclosed. In an embodiment, a method comprises detecting a packet of a data flow and storing the packet in memory. From a plurality of multicast groups, a first multicast group is identified. The first multicast group includes a plurality of service machines configured to provide a plurality of services to the data flow. The first multicast group includes all services machines of the plurality of service machines. The packet is multicast to the first multicast group of the plurality of multicast groups to cause applying, in parallel, services of service machines included in the first multicast group. Upon receiving a plurality of responses from service machines of the first multicast group, the plurality of responses is analyzed to determine whether the plurality of responses includes a modify-response. In response to determining that the plurality of responses does not include any modify-response, the plurality of responses is analyzed to determine whether the plurality of responses includes a drop-response. In response to determining that the plurality of responses does not include any drop-response, the packet is forwarded toward its destination without multicasting the packet to any other multicast group of the plurality of multicast groups.