公开(公告)号：US20200076684A1

公开(公告)日：2020-03-05

申请号：US16120283

申请日：2018-09-02

Applicant: VMware, Inc.

Inventor： Akhila Naveen ,  Kantesh Mundaragi ,  Rahul Mishra ,  Fenil Kavathia ,  Raju Koganty ,  Pierluigi Rolando ,  Yong Feng ,  Jayant Jain

IPC: H04L12/24 ,  H04L29/08 ,  H04L12/717 ,  H04L12/66 ,  H04L12/931

Abstract: Some embodiments provide a method for configuring a gateway machine in a datacenter. The method receives a definition of a logical network for implementation in the datacenter. The logical network includes at least one logical switch to which logical network endpoints attach and a logical router for handling data traffic between the logical network endpoints in the datacenter and an external network. The method receives configuration data attaching a third-party service to at least one interface of the logical router via an additional logical switch designated for service attachments. The third-party service is for performing non-forwarding processing on the data traffic between the logical network endpoints and the external network. The method configures the gateway machine in the datacenter to implement the logical router and redirect at least a subset of the data traffic between the logical network endpoints and the external network to the attached third-party service.

公开(公告)号：US20240015097A1

公开(公告)日：2024-01-11

申请号：US18370013

申请日：2023-09-19

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen ,  Elton Furtado

IPC: H04L45/00 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/46 ,  H04L45/745 ,  H04L47/2408 ,  H04L45/02 ,  H04L45/12 ,  H04L45/24 ,  H04L45/302 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L9/40 ,  H04L67/1004 ,  H04L47/125 ,  H04L41/0654 ,  H04L45/30 ,  H04L45/741 ,  H04L67/51 ,  H04L67/63 ,  H04L67/563

CPC classification number: H04L45/20 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/4633 ,  H04L45/745 ,  H04L47/2408 ,  H04L45/04 ,  H04L45/12 ,  H04L45/24 ,  H04L45/306 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/70 ,  H04L63/0272 ,  H04L63/306 ,  H04L67/1004 ,  H04L47/125 ,  H04L12/4662 ,  H04L63/164 ,  H04L41/0654 ,  H04L45/02 ,  H04L45/30 ,  H04L45/741 ,  H04L67/51 ,  H04L67/63 ,  H04L67/563 ,  H04L67/146

Abstract: Some embodiments provide novel methods for providing a set of services for a logical network associated with an edge forwarding element acting between a logical network and an external network. In some embodiments, the services are provided using a logical service forwarding plane that connects the edge forwarding element to a set of service nodes that each provide a service in the set of services. The service classification operation of some embodiments identifies a chain of multiple service operations that has to be performed on the data message. In some embodiments, identifying the chain of service operations includes selecting a service path to provide the multiple services. After selecting the service path, the data message is sent along the selected service path to have the services provided. The data message is returned to the edge forwarding element by a last service node in the service path that performs the last service operation and the edge forwarding element performs next hop forwarding on the data message.

公开(公告)号：US11792112B2

公开(公告)日：2023-10-17

申请号：US16904377

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen ,  Elton Furtado

IPC: H04L47/125 ,  H04L67/146 ,  H04L45/00 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/46 ,  H04L45/745 ,  H04L47/2408 ,  H04L45/02 ,  H04L45/12 ,  H04L45/24 ,  H04L45/302 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L9/40 ,  H04L67/1004 ,  H04L41/0654 ,  H04L45/30 ,  H04L45/741 ,  H04L67/51 ,  H04L67/63 ,  H04L67/563 ,  H04L47/70

CPC classification number: H04L45/20 ,  H04L12/4633 ,  H04L12/4662 ,  H04L41/0654 ,  H04L41/0893 ,  H04L45/02 ,  H04L45/04 ,  H04L45/12 ,  H04L45/24 ,  H04L45/30 ,  H04L45/306 ,  H04L45/586 ,  H04L45/741 ,  H04L45/745 ,  H04L47/125 ,  H04L47/2408 ,  H04L47/2441 ,  H04L49/20 ,  H04L49/70 ,  H04L63/0272 ,  H04L63/164 ,  H04L63/306 ,  H04L67/1004 ,  H04L67/142 ,  H04L67/51 ,  H04L67/563 ,  H04L67/63 ,  H04L47/825 ,  H04L67/146

Abstract: Some embodiments provide novel methods for providing a set of services for a logical network associated with an edge forwarding element acting between a logical network and an external network. In some embodiments, the services are provided using a logical service forwarding plane that connects the edge forwarding element to a set of service nodes that each provide a service in the set of services. The service classification operation of some embodiments identifies a chain of multiple service operations that has to be performed on the data message. In some embodiments, identifying the chain of service operations includes selecting a service path to provide the multiple services. After selecting the service path, the data message is sent along the selected service path to have the services provided. The data message is returned to the edge forwarding element by a last service node in the service path that performs the last service operation and the edge forwarding element performs next hop forwarding on the data message.

公开(公告)号：US11711292B2

公开(公告)日：2023-07-25

申请号：US16820750

申请日：2020-03-17

Applicant: VMWARE, INC.

Inventor： Sudesh Pawar ,  Pierluigi Rolando ,  Rahul Mishra

IPC: H04L45/00 ,  H04L45/122 ,  H04L45/745 ,  H04L45/42 ,  H04L9/40 ,  H04L69/22 ,  G06F9/455 ,  H04L45/586

CPC classification number: H04L45/20 ,  G06F9/45558 ,  H04L45/122 ,  H04L45/42 ,  H04L45/586 ,  H04L45/745 ,  H04L63/0245 ,  H04L69/22 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: The disclosure provides an approach for pre-filtering traffic in a logical network. One method includes receiving, by a hypervisor, a packet from a virtual computing instance (VCI) and determining a service path for the packet based on a service table. The method further includes setting, by the hypervisor, a pre-filter component as a next hop for the packet based on the service path. The method further includes receiving, by the pre-filter component, the packet. The method further includes making a determination, by the pre-filter component, of whether the packet requires processing by the security component. The method further includes performing, by the pre-filter component, based on the determination, one of: forwarding the packet to its destination and bypassing the security component; or forwarding the packet to the security component.

公开(公告)号：US11609781B2

公开(公告)日：2023-03-21

申请号：US17352298

申请日：2021-06-19

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  H04L45/00 ,  H04L47/125 ,  H04L69/324 ,  H04L69/325 ,  H04L69/321 ,  H04L12/46 ,  H04L47/17 ,  H04L49/25 ,  H04L41/5054 ,  G06F9/54 ,  H04L45/74 ,  H04L47/19 ,  H04L41/0803 ,  H04L41/5003 ,  H04L67/10 ,  H04L45/586 ,  H04L45/302 ,  H04L45/745 ,  H04L67/101 ,  H04L41/0816 ,  H04L47/2425 ,  H04L49/00 ,  H04L61/2592 ,  H04L67/51 ,  H04L67/56 ,  H04L67/60 ,  H04L67/563 ,  H04L67/1001 ,  H04L41/0806 ,  H04L41/0893 ,  H04L101/622

Abstract: Some embodiments provide a method for performing services for data messages associated with a machine executing on a particular host computer. On the particular host computer, the method configures (1) a first distributed forwarding element (DFE) to forward data messages sent by the machine based on network addresses specified by machine, and (2) a second DFE to forward data messages sent by the machine to a set of one or more other host computers on which a set of one or more service nodes before the data messages are returned to the particular host computer to be forwarded by the first DFE based on the network addresses specified by the machine. Each DFE is implemented by at least one software forwarding element executing (SFE) on the particular host computer and at least one other SFE executing on at least one other host computer.

公开(公告)号：US11409621B2

公开(公告)日：2022-08-09

申请号：US15991284

申请日：2018-05-29

Applicant: VMWARE, INC.

Inventor： Rahul Mishra ,  Sumedh Saurav

IPC: G06F11/20 ,  G06F9/455 ,  G06F9/48 ,  G06F9/54 ,  H04L43/10

Abstract: A method for a shared-memory-based SVM to provide high availability of service is disclosed. In an embodiment, an agent process of the SVM receives a signal that one or more data packets have been queued in a shared memory device of one or more shared memory devices. Upon receiving the signal, the agent process determines whether the SVM has been designated as active for the shared memory device, and if it has, the agent process reads the one or more data packets from the shared memory device. As the data packets are read from the shared memory device: for each data packet, of the one or more data packets read from the shared memory device: the agent process determines whether an indication that the packet is to be transmitted to its destination is received, and if the indication is received, the packet is placed back to the shared memory device.

公开(公告)号：US11368387B2

公开(公告)日：2022-06-21

申请号：US16904442

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen

IPC: H04L45/00 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/46 ,  H04L45/745 ,  H04L47/2408 ,  H04L67/51 ,  H04L45/02 ,  H04L45/12 ,  H04L45/24 ,  H04L45/302 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L9/40 ,  H04L67/1004 ,  H04L47/125 ,  H04L67/146 ,  H04L67/563 ,  H04L67/63 ,  H04L41/0654 ,  H04L45/30 ,  H04L45/741 ,  H04L47/70

Abstract: Some embodiments facilitate the provision of a service reachable at a virtual internet protocol (VIP) address. The VIP address is used by clients to access a set of service nodes in the logical network. Facilitating the provision of the service, in some embodiments, includes returning a serviced data message to a load balancer that selected a service node to provide the service for the load balancer to track the state of the connection using the service logical forwarding element. To use the service logical forwarding element, some embodiments configure an egress datapath of the service nodes to intercept the serviced data message before being forwarded to a logical forwarding element in the datapath from the client to the service node, and determine if the serviced data message requires routing by the routing service provided as a service by the edge forwarding element.

公开(公告)号：US20220078037A1

公开(公告)日：2022-03-10

申请号：US17528094

申请日：2021-11-16

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Pierluigi Rolando ,  Stephen Tan ,  Raju Koganty

IPC: H04L12/18 ,  H04L12/761 ,  H04L29/12 ,  H04L12/46

Abstract: Some embodiments of the invention provide novel methods for providing transparent services for multicast data messages traversing a network edge device operating at a boundary between two networks. The method analyzes data messages received at the network edge device to determine whether they require a service provided at the boundary and whether they are unicast or multicast (including broadcast). The method modifies a multicast destination media access control (MAC) address of a multicast data message requiring a service to be a unicast destination MAC address and provides, without processing by a standard routing function, the modified data message directly to an interface associated with a service node that provides the particular service required by the data message. The method receives the serviced data message, restores the multicast destination MAC address, and forwards the serviced data message to a set of destinations associated with the multicast destination address.

公开(公告)号：US20210314415A1

公开(公告)日：2021-10-07

申请号：US16904399

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen

IPC: H04L29/08 ,  H04L12/46 ,  H04L29/06

Abstract: For traffic exiting a logical network through a particular VTI, some embodiments perform a service classification operation for different data messages to identify different VTIs that connect the edge forwarding element to a service node to provide services required by the data messages. Each data message, in some embodiments, is then forwarded to the identified VTI to receive the required service. The identified VTI does not perform a service classification operation. The service node then returns the serviced data message to the edge forwarding element. In some embodiments, the identified VTI is not configured to perform the service classification operation and is instead configured to mark all traffic directed to the edge forwarding element as having been serviced. The marked serviced data message is received at the edge forwarding element and forwarded to a destination of the data message through the particular VTI.

公开(公告)号：US10944673B2

公开(公告)日：2021-03-09

申请号：US16120281

申请日：2018-09-02

Applicant: VMware, Inc.

Inventor： Akhila Naveen ,  Kantesh Mundaragi ,  Rahul Mishra ,  Fenil Kavathia ,  Raju Koganty ,  Pierluigi Rolando ,  Yong Feng ,  Jayant Jain

IPC: H04L12/741 ,  H04L29/08 ,  H04L12/713

Abstract: Some embodiments provide a method for forwarding a data message. The method performs a lookup to map a set of header fields of the data message to an identifier corresponding to a service that performs non-forwarding processing on data messages. The method uses a dynamically-updated data structure for the identifier to retrieve instructions for forwarding data messages to the service. The method forwards the data message according to the retrieved instructions from the data structure for the identifier.