公开(公告)号：US20210203550A1

公开(公告)日：2021-07-01

申请号：US17130862

申请日：2020-12-22

Applicant: VMware, Inc.

Inventor： Sachin Thakkar ,  Abhinav Vijay Bhagwat ,  Weiqing Wu ,  Serge Maskalik ,  Uday Suresh Masurekar

IPC: H04L12/24 ,  G06F9/455 ,  H04L29/06 ,  H04L29/08

Abstract: A method of deploying a network service across a plurality of data centers, includes the steps of: in response to a request for or relating to a network service, identifying virtual network functions associated with the network service and determining network connectivity requirements of the virtual network functions, issuing commands to provision a first virtual link between at least two of the data centers in which the virtual network functions are to be deployed, and issuing commands to provision a second virtual link to one of the data centers in which the virtual network functions are to be deployed.

公开(公告)号：US10757170B2

公开(公告)日：2020-08-25

申请号：US14664939

申请日：2015-03-23

Applicant: VMWARE, INC.

Inventor： Sachin Thakkar ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan

IPC: H04L29/08 ,  H04L12/24 ,  H04L29/12 ,  H04L29/06

Abstract: Conditional address translation is performed in a multi-tenant cloud infrastructure to effectively support tenant-assigned addresses. For each tenant, the multi-tenant cloud infrastructure deploys both a private network used to communicate between the tenant and the cloud and a tenant-facing gateway to manage the private network. The multi-tenant cloud infrastructure also includes an externally-facing gateway used to communicate between the multi-tenant cloud and a public network. The tenant-facing gateways are configured to bypass address translation—providing consistent addressing across each private network irrespective of the physical location of resources linked by the private network. By contrast, the public-facing gateway is configured to translate source addresses in outgoing packets to addresses that are unique within the public network. Advantageously, discriminately mapping addresses enables multiple tenants to interact in a uniform fashion with both on-premises resources and cloud-hosted resources without incurring undesirable address collisions between tenants.

公开(公告)号：US10721161B2

公开(公告)日：2020-07-21

申请号：US14838537

申请日：2015-08-28

Applicant: VMware, Inc.

Inventor： Serge Maskalik ,  Weiqing Wu ,  Debashis Basak ,  Sachin Thakkar ,  Allwyn Sequeira

IPC: H04L12/721 ,  H04L12/813 ,  H04L12/24 ,  H04L12/26 ,  H04L29/08

Abstract: An example method of optimizing connectivity between data centers in a hybrid cloud system having a first data center managed by a first organization and a second data center managed by a second organization, the first organization being a tenant in the second data center. The method includes probing a wide area network (WAN) with test packets by varying an internet protocol (IP) flow tuple of the test packets across a set of IP flows. The method includes identifying a plurality of paths between a gateway of the first data center and another gateway of the second data center associated with the set of IP flows. The method further includes selecting an IP flow from the set of IP flows for an application executing in the first data center. The method further includes establishing a path-optimized connection between the gateway and the other gateway through the WAN having the selected IP flow for use by the application.

公开(公告)号：US10666729B2

公开(公告)日：2020-05-26

申请号：US15654588

申请日：2017-07-19

Applicant: VMware, Inc.

Inventor： Laxminarayana Tumuluru ,  Todd Sabin ,  Weiqing Wu ,  Uday Masurekar ,  Serge Maskalik ,  Sachin Thakkar ,  Debashis Basak

IPC: H04L12/56 ,  H04L29/08 ,  H04L29/12 ,  H04L29/06 ,  G06F8/65 ,  H04L12/24 ,  G06F9/50 ,  H04L12/801 ,  H04L12/911 ,  H04W28/02 ,  H04L12/931 ,  H04L12/46 ,  H04L12/26 ,  H04L12/721 ,  H04L12/715 ,  H04L12/725 ,  G06F9/455

Abstract: An approach is disclosed for steering network traffic away from congestion hot-spots to achieve better throughput and latency. In one embodiment, multiple Foo-over-UDP (FOU) tunnels, each having a distinct source port, are created between two endpoints. As a result of the distinct source ports, routers that compute hashes of packet fields in order to distribute traffic flows across network paths will compute distinct hash values for the FOU tunnels that may be associated with different paths. Probes are scheduled to measure network metrics, such as latency and liveliness, of each of the FOU tunnels. In turn, the network metrics are used to select particular FOU tunnel(s) to send traffic over so as to avoid congestion and high-latency hotspots in the network.

公开(公告)号：US10608959B2

公开(公告)日：2020-03-31

申请号：US15701396

申请日：2017-09-11

Applicant: VMware, Inc.

Inventor： Leon Cui ,  Siddharth Ekbote ,  Todd Sabin ,  Weiqing Wu ,  Uday Masurekar

IPC: H04L12/931 ,  G06F11/00 ,  G06F21/62 ,  G06F9/455 ,  H04L12/24 ,  H04L29/06 ,  G06F11/07 ,  G06F21/82

Abstract: The disclosure provides an approach for managing and diagnosing middleboxes in a cloud computing system. In one embodiment, a network operations center, that is located remote to a virtualized cloud computing system and communicates with the cloud computing system via a wide area network, controls network middleboxes in the cloud computing system through a secure routing module inside a gateway of the cloud computing system. The secure routing module is configured to receive, from an authenticated management application and via a secure communication channel, packets intended for managing network middleboxes. In turn, the secure routing module establishes secure communication channels with the target middleboxes, translates the identified packets to protocols and/or application programming interfaces (APIs) of the target middleboxes, and transmits the translated packets to the target middleboxes.

公开(公告)号：US10547540B2

公开(公告)日：2020-01-28

申请号：US14981436

申请日：2015-12-28

Applicant: VMware, Inc.

Inventor： Serge Maskalik ,  Weiqing Wu ,  Debashis Basak ,  Sachin Thakkar ,  Allwyn Sequeira

IPC: H04L29/06 ,  H04L12/721 ,  H04L29/08 ,  H04L12/66 ,  H04L12/813

Abstract: A cloud computing system may include multiple cloud data centers. A gateway may establish connections between a cloud providers' multiple data centers using knowledge about the types of applications workloads executing within the cloud computing system, and may be further based on determines policies indicating priorities for routing traffic for the application workloads.

公开(公告)号：US10333889B2

公开(公告)日：2019-06-25

申请号：US15818584

申请日：2017-11-20

Applicant: VMware, Inc.

Inventor： Sachin Thakkar ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan

IPC: G06F15/177 ,  H04L29/12 ,  G06F9/455 ,  H04L12/46

Abstract: A centralized namespace controller allocates addresses in a distributed cloud infrastructure on-demand. Upon receiving a request to allocate addresses for a network to be provisioned by a cloud computing system included in the distributed cloud infrastructure, the centralized namespace controller allocates a network address that is unique within the distributed cloud infrastructure. Further, the centralized namespace controller allocates a range of virtual network interface cards (NIC) addresses that are unique within the network. The centralized namespace controller then allocates addresses from the range of virtual NIC addresses on an as-requested basis—when a virtual NIC is being created by the first cloud computing system on the network. Advantageously, by centralizing the allocation of addresses and dedicating independent NIC address ranges to different cloud computing systems, the centralized namespace controller enables stretched L2 networks between cloud computing systems while preventing duplicated addresses on the stretched networks.

公开(公告)号：US10282222B2

公开(公告)日：2019-05-07

申请号：US14528725

申请日：2014-10-30

Applicant: VMware, Inc.

Inventor： Sachin Thakkar ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Abhinav Vijay Bhagwat

IPC: G06F9/455 ,  G06F9/50

Abstract: A hybrid cloud computing system is managed by determining communication affinity between a cluster of virtual machines, where one virtual machine in the cluster executes in a virtualized computing system, and another virtual machine in the cluster executes in a cloud computing environment, and where the virtualized computing system is managed by a tenant that accesses the cloud computing environment. After determining a target location in the hybrid cloud computing system to host the cluster of virtual machines based on the determined communication affinity, at least one of the cluster of virtual machines is migrated to the target location.

公开(公告)号：US20180288136A1

公开(公告)日：2018-10-04

申请号：US15997377

申请日：2018-06-04

Applicant: VMware, Inc.

Inventor： Serge Maskalik ,  Weiqing Wu ,  Debashis Basak ,  Sachin Thakkar ,  Govind Haridas

IPC: H04L29/08 ,  H04L12/751 ,  H04L12/715

CPC classification number: H04L67/10 ,  H04L45/02 ,  H04L45/64

Abstract: A cloud computing system retrieves routing entries associated with a particular tenant of the cloud computing system and a subset of a routing table of the entire cloud computing system. The routing entries are loaded into a networking switch, which is configured to route network packets using the loaded subset of routing entries, using a general-purpose processor rather than a costly dedicated ASIC.

公开(公告)号：US09825905B2

公开(公告)日：2017-11-21

申请号：US14664952

申请日：2015-03-23

Applicant: VMWARE, INC.

Inventor： Sachin Thakkar ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan

IPC: G06F15/177 ,  H04L29/12 ,  G06F9/455 ,  H04L12/46

CPC classification number: H04L61/2061 ,  G06F2009/45595 ,  H04L12/4641 ,  H04L61/2038 ,  H04L61/2596 ,  H04L61/6022

Abstract: A centralized namespace controller allocates addresses in a distributed cloud infrastructure on-demand. Upon receiving a request to allocate addresses for a network to be provisioned by a cloud computing system included in the distributed cloud infrastructure, the centralized namespace controller allocates a network address that is unique within the distributed cloud infrastructure. Further, the centralized namespace controller allocates a range of virtual network interface cards (NIC) addresses that are unique within the network. The centralized namespace controller then allocates addresses from the range of virtual NIC addresses on an as-requested basis—when a virtual NIC is being created by the first cloud computing system on the network. Advantageously, by centralizing the allocation of addresses and dedicating independent NIC address ranges to different cloud computing systems, the centralized namespace controller enables stretched L2 networks between cloud computing systems while preventing duplicated addresses on the stretched networks.