公开(公告)号：US09215177B2

公开(公告)日：2015-12-15

申请号：US13925483

申请日：2013-06-24

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan ,  Todd Sabin

IPC: H04L29/12 ,  H04L29/06 ,  H04L12/813 ,  H04L29/08

CPC classification number: H04L47/20 ,  H04L61/2514 ,  H04L63/0218 ,  H04L63/0263 ,  H04L67/1002

Abstract: The disclosure herein describes an edge device of a network for distributed policy enforcement. During operation, the edge device receives an initial packet for an outgoing traffic flow, and identifies a policy being triggered by the initial packet. The edge device performs a reverse lookup to identify at least an intermediate node that is previously traversed by the initial packet and traffic parameters associated with the initial packet at the identified intermediate node. The edge device translates the policy based on the traffic parameters at the intermediate node, and forwards the translated policy to the intermediate node, thus facilitating the intermediate node in applying the policy to the traffic flow.

Abstract translation: 本文的公开内容描述了用于分布式策略实施的网络的边缘设备。 在操作期间，边缘设备接收用于出站业务流的初始分组，并且识别由初始分组触发的策略。 边缘设备执行反向查找以识别先前由初始分组穿过的中间节点和与所识别的中间节点处的初始分组相关联的业务参数。 边缘设备根据中间节点的流量参数转换策略，并将转换的策略转发到中间节点，从而便于中间节点将策略应用于业务流。

公开(公告)号：US20150215276A1

公开(公告)日：2015-07-30

申请号：US14207853

申请日：2014-03-13

Applicant: VMWARE, INC.

Inventor： ABHINAV VIJAY BHAGWAT ,  Aravind Srinivasan ,  Amit Ratnapal Sangodkar

IPC: H04L29/12

CPC classification number: H04L61/2015 ,  H04L61/1552 ,  H04L61/2503 ,  H04L61/305

Abstract: Techniques for dynamic configuration of a domain name system (DNS) server in a virtual network environment are described. In one example embodiment, DNS rules are configured using virtual machine (VM) inventory objects and associated DNS names. Further, the configured DNS rules are transformed by replacing the VM inventory objects in the configured DNS rules with associated Internet protocol (IP) addresses using an IP address management (IPAM) table or a network address translation (NAT) table and the DNS names in the configured DNS rules with modified DNS names using a zone table and a view table. Furthermore, the transformed DNS rules are sent to the DNS server for performing domain name resolutions associated with multiple VMs running on a plurality of host computing systems in a computing network.

Abstract translation: 描述了在虚拟网络环境中动态配置域名系统（DNS）服务器的技术。 在一个示例实施例中，使用虚拟机（VM）清单对象和相关联的DNS名称来配置DNS规则。 此外，通过使用IP地址管理（IPAM）表或网络地址转换（NAT）表将DNS配置的DNS名称替换为配置的DNS规则中的VM Inventory对象，并使用相关的Internet协议（IP）地址进行转换， 配置的DNS规则与修改的DNS名称使用区域表和视图表。 此外，转换的DNS规则被发送到DNS服务器，用于执行与在计算网络中的多个主机计算系统上运行的多个VM相关联的域名解析。

公开(公告)号：US20150163196A1

公开(公告)日：2015-06-11

申请号：US14157547

申请日：2014-01-17

Applicant: VMWARE, INC.

Inventor： ABHINAV VIJAY BHAGWAT ,  Aravind Srinivasan ,  Amit Ratnapal Sangodkar

IPC: H04L29/12

CPC classification number: H04L61/2061 ,  H04L61/103 ,  H04L61/2015 ,  H04L61/255

Abstract: Techniques for dynamically configuring a dynamic host configuration protocol (DHCP) server in a virtual network environment are described. In one example embodiment, DHCP bindings are configured using virtual machine (VM) inventory objects. Further, the configured DHCP bindings are transformed by replacing the VM inventory objects in the configured DHCP bindings with associated media access control (MAC) addresses using a VM object attribute table. Furthermore, the transformed DHCP bindings are sent to the DHCP sever for assigning Internet protocol (IP) addresses to multiple VMs running on a plurality of host computing systems in a computing network.

Abstract translation: 描述了在虚拟网络环境中动态配置动态主机配置协议（DHCP）服务器的技术。 在一个示例实施例中，使用虚拟机（VM）清单对象来配置DHCP绑定。 此外，通过使用VM对象属性表将配置的DHCP绑定中的VM清点对象与相关联的媒体访问控制（MAC）地址替换，来配置DHCP绑定。 此外，变换的DHCP绑定被发送到DHCP服务器，用于将计算网络中的多个主机计算系统上运行的多个VM分配互联网协议（IP）地址。

公开(公告)号：US20150082417A1

公开(公告)日：2015-03-19

申请号：US14025850

申请日：2013-09-13

Applicant: VMWARE, INC.

Inventor： ABHINAV VIJAY BHAGWAT ,  Aravind Srinivasan ,  Amit Ratnapal Sangodkar

IPC: H04L29/06

CPC classification number: H04L63/0263 ,  H04L63/02 ,  H04L63/0227 ,  H04L63/0272

Abstract: Techniques for automatic firewall configuration in a virtual network environment are described. In one example embodiment, firewall rules are configured using virtual machine (VM) inventory objects. The firewall rules are then transformed by replacing the VM inventory objects in the configured firewall rules with associated Internet protocol (IP) addresses using an IP address management table (IPAM) table and a network address translation (NAT) table. The transformed firewall rules are then sent to a firewall engine for filtering communication from and to VMs running on a first machine on one or more computing networks and communication from and to VMs running on a second machine on one or more computing networks at a firewall according to the transformed firewall rules.

Abstract translation: 描述了在虚拟网络环境中自动防火墙配置的技术。 在一个示例实施例中，使用虚拟机（VM）清单对象来配置防火墙规则。 然后通过使用IP地址管理表（IPAM）表和网络地址转换（NAT）表替换已配置的防火墙规则中的VM Inventory对象，并使用关联的Internet协议（IP）地址来转换防火墙规则。 转换的防火墙规则然后被发送到防火墙引擎，用于过滤与在一个或多个计算网络上运行在第一机器上的VM的通信，以及从防火墙的一个或多个计算网络上运行在第二机器上的VM进行通信， 转换防火墙规则。

公开(公告)号：US20140376367A1

公开(公告)日：2014-12-25

申请号：US13925483

申请日：2013-06-24

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan ,  Todd Sabin

IPC: H04L12/813

CPC classification number: H04L47/20 ,  H04L61/2514 ,  H04L63/0218 ,  H04L63/0263 ,  H04L67/1002

Abstract: The disclosure herein describes an edge device of a network for distributed policy enforcement. During operation, the edge device receives an initial packet for an outgoing traffic flow, and identifies a policy being triggered by the initial packet. The edge device performs a reverse lookup to identify at least an intermediate node that is previously traversed by the initial packet and traffic parameters associated with the initial packet at the identified intermediate node. The edge device translates the policy based on the traffic parameters at the intermediate node, and forwards the translated policy to the intermediate node, thus facilitating the intermediate node in applying the policy to the traffic flow.

Abstract translation: 本文的公开内容描述了用于分布式策略实施的网络的边缘设备。 在操作期间，边缘设备接收用于出站业务流的初始分组，并且识别由初始分组触发的策略。 边缘设备执行反向查找以识别先前由初始分组穿过的中间节点和与所识别的中间节点处的初始分组相关联的业务参数。 边缘设备根据中间节点的流量参数来转换策略，并将转换的策略转发到中间节点，从而有助于中间节点将策略应用于业务流。

公开(公告)号：US20240345909A1

公开(公告)日：2024-10-17

申请号：US18133877

申请日：2023-04-12

Applicant: VMWARE, Inc.

Inventor： Qi Wang ,  Jian Lan ,  Yan QI ,  Liang CuI ,  Aravind Srinivasan ,  Weiqing Wu ,  Uday Suresh Masurekar ,  Todd Sabin ,  Hemanth Kumar Pannem ,  Govind Haridas

IPC: G06F11/07

CPC classification number: G06F11/079 ,  G06F11/0709

Abstract: The disclosure provides a method for diagnosing remote sites of a distributed container orchestration system. The method generally includes receiving a test suite custom resource defining an image to be used for a diagnosis of components of a workload cluster deployed at the remote sites, wherein the image comprises a diagnosis module and/or a user-provided plugin to be used for the diagnosis; identifying a failed component in the workload cluster; obtaining infrastructure information about the workload cluster; identifying the components of the workload cluster for diagnosis based on the failed component, the infrastructure information, and the test suite custom resource; identifying at least one diagnosis site of the remote sites where the components are running using the infrastructure information; and deploying a first pod at the at least one diagnosis site to execute the diagnosis of the one or more components.

公开(公告)号：US12026045B2

公开(公告)日：2024-07-02

申请号：US17902350

申请日：2022-09-02

Applicant: VMware, Inc.

Inventor： Jian Lan ,  Liang Cui ,  Aravind Srinivasan ,  Hailing Xu ,  Yan Qi ,  Prachi Dalvi ,  Shuting Ma ,  Todd Sabin ,  Uday Suresh Masurekar ,  Weiqing Wu

IPC: G06F11/00 ,  G06F9/455 ,  G06F11/07

CPC classification number: G06F11/0784 ,  G06F9/45558 ,  G06F11/0709 ,  G06F11/0712 ,  G06F2009/45591

Abstract: An example method of propagating fault domain topology information in a distributed container orchestration system includes: receiving, at control plane software executing in a data center, the fault domain topology, which includes tags for a protection group and fault domains for remote sites in communication with the data center; deploying, by a master server of the distributed container orchestration system that executes in the data center, a node pool comprising virtual machines (VMs) executing in servers of the remote sites, the VMs being nodes of the distributed container orchestration system in which containers execute; determining, by a controller of the master server, relationships among the VMs, the servers, the protection group, and the fault domains based on state of resources maintained by the master server; and providing, by the controller, labels to the servers for associating the tags of the protection group and the fault domains to the VMs.

公开(公告)号：US20230229477A1

公开(公告)日：2023-07-20

申请号：US17693274

申请日：2022-03-11

Applicant: VMware, Inc.

Inventor： Xiaojun Lin ,  Liang Cui ,  Wenwu Peng ,  Aravind Srinivasan ,  Hemanth Kumar Pannem ,  Narendra Kumar Basur Shankarappa

IPC: G06F9/455 ,  G06F9/50 ,  H04W48/18

CPC classification number: G06F9/45558 ,  G06F9/5077 ,  H04W48/18 ,  G06F2009/4557 ,  G06F2009/45595 ,  G06F2009/45562

Abstract: A computer-implemented method, medium, and system for upgrade of telco node cluster running cloud-native network functions are disclosed. In one computer-implemented method, a worker node group that includes a plurality of worker nodes is determined in a container orchestration platform. A first node to upgrade is determined within the worker node group. All pods in the first node are deactivated by a high availability as a service (HAaaS) module. Standby pods in a second node are activated by the HAaaS module and as active pods. All network traffic associated with all the pods in the first node is migrated to the active pods. The first node is deleted from the worker node group. Hardware resources associated with running the first node are released. A third node is generated as a new worker node in the worker node group and uses the released hardware resources.

公开(公告)号：US20220283841A1

公开(公告)日：2022-09-08

申请号：US17376785

申请日：2021-07-15

Applicant: VMware, Inc.

Inventor： Giridhar Jayavelu ,  Aravind Srinivasan ,  Amit Singh

IPC: G06F9/455 ,  G06F9/4401

Abstract: Some embodiments provide various methods for offloading operations in an O-RAN (Open Radio Access Network) onto control plane (CP) or edge applications that execute on host computers with hardware accelerators in software defined datacenters (SDDCs). At the CP or edge application operating on a machine executing on a host computer with a hardware accelerator, the method of some embodiments receives data, from an O-RAN E2 unit, to perform an operation. The method uses a driver of the machine to communicate directly with the hardware accelerator to direct the hardware accelerator to perform a set of computations associated with the operation. This driver allows the communication with the hardware accelerator to bypass an intervening set of drivers executing on the host computer between the machine's driver and the hardware accelerator. Through this driver, the application in some embodiments receives the computation results, which it then provides to one or more O-RAN components (e.g., to the E2 unit that provided the data, another E2 unit or another control plane or edge application).

公开(公告)号：US11005963B2

公开(公告)日：2021-05-11

申请号：US14838572

申请日：2015-08-28

Applicant: VMware, Inc.

Inventor： Serge Maskalik ,  Govind Haridas ,  Weiqing Wu ,  Aravind Srinivasan ,  Sachin Thakkar

IPC: H04L29/08 ,  H04L12/66 ,  H04L29/06 ,  H04L12/715 ,  H04L12/751 ,  H04L12/721

Abstract: Connectivity between data centers in a hybrid cloud system is optimized by pre-loading a wide area network (WAN) optimization appliance in a first data center with data to initialize at least one WAN optimization of application. The first data center is managed by a first organization and a second data center managed by a second organization, the first organization being a tenant in the second data center. The described technique includes receiving application packets having the application data generated by an application executing in the first data center at the WAN optimization appliance from a first gateway in the first data center, and performing the at least one WAN optimization on the application packets using the pre-loaded data to initialize the at least one WAN optimization.