公开(公告)号：US10931565B2

公开(公告)日：2021-02-23

申请号：US16283656

申请日：2019-02-22

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Kantesh Mundaragi ,  Stephen Tan ,  Akhila Naveen ,  Pierluigi Rolando ,  Raju Koganty

IPC: H04L12/707 ,  H04W88/16 ,  H04L12/24

Abstract: In an embodiment, a method for a VRF and multi-service insertion on edge gateways is described. In an embodiment, the method comprises obtaining a rule configuration. Based on, at least in part, the rule configuration, a rule table is created. The rule table comprises rule data records, wherein a rule data record comprises packet attributes and a redirection identifier. A policy configuration comprising policy records is obtained. Each policy record comprises a redirection identifier, a next_hop, and an address pair for interfaces. A mapping between VRF identifiers and address pairs is generated. Based on, at least in part, the mapping and the policy configuration, a policy table is generated. The policy table comprises table records, wherein a table record comprises a redirection identifier, a next_hop, and an address pair. The rule and policy tables are used to redirect a packet from an edge gateway to a service virtual machine.

公开(公告)号：US10929171B2

公开(公告)日：2021-02-23

申请号：US16445031

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Saahil Gokhale ,  Camille Lecuyer ,  Rajeev Nair ,  Kantesh Mundaragi ,  Rahul Mishra ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  H04L12/721 ,  H04L12/803 ,  H04L29/08 ,  H04L12/46 ,  H04L12/801 ,  H04L12/947 ,  H04L29/12 ,  H04L12/24 ,  G06F9/54 ,  H04L12/741 ,  H04L12/713 ,  H04L12/725 ,  H04L12/851 ,  H04L12/935

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US20200274779A1

公开(公告)日：2020-08-27

申请号：US16444989

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Yuxiao Zhang ,  Kantesh Mundaragi ,  Rahul Mishra ,  Jayant Jain ,  Raju Koganty

IPC: H04L12/24 ,  H04L29/08 ,  H04L12/741 ,  H04L12/721 ,  H04L12/851

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US20200272493A1

公开(公告)日：2020-08-27

申请号：US16444845

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Anuprem Chalvadi ,  Yang Ping ,  Kantesh Mundaragi ,  Rahul Mishra ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  H04L29/08 ,  H04L12/721 ,  H04L12/46

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US20240015097A1

公开(公告)日：2024-01-11

申请号：US18370013

申请日：2023-09-19

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen ,  Elton Furtado

IPC: H04L45/00 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/46 ,  H04L45/745 ,  H04L47/2408 ,  H04L45/02 ,  H04L45/12 ,  H04L45/24 ,  H04L45/302 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L9/40 ,  H04L67/1004 ,  H04L47/125 ,  H04L41/0654 ,  H04L45/30 ,  H04L45/741 ,  H04L67/51 ,  H04L67/63 ,  H04L67/563

CPC classification number: H04L45/20 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/4633 ,  H04L45/745 ,  H04L47/2408 ,  H04L45/04 ,  H04L45/12 ,  H04L45/24 ,  H04L45/306 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/70 ,  H04L63/0272 ,  H04L63/306 ,  H04L67/1004 ,  H04L47/125 ,  H04L12/4662 ,  H04L63/164 ,  H04L41/0654 ,  H04L45/02 ,  H04L45/30 ,  H04L45/741 ,  H04L67/51 ,  H04L67/63 ,  H04L67/563 ,  H04L67/146

Abstract: Some embodiments provide novel methods for providing a set of services for a logical network associated with an edge forwarding element acting between a logical network and an external network. In some embodiments, the services are provided using a logical service forwarding plane that connects the edge forwarding element to a set of service nodes that each provide a service in the set of services. The service classification operation of some embodiments identifies a chain of multiple service operations that has to be performed on the data message. In some embodiments, identifying the chain of service operations includes selecting a service path to provide the multiple services. After selecting the service path, the data message is sent along the selected service path to have the services provided. The data message is returned to the edge forwarding element by a last service node in the service path that performs the last service operation and the edge forwarding element performs next hop forwarding on the data message.

公开(公告)号：US11792112B2

公开(公告)日：2023-10-17

申请号：US16904377

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen ,  Elton Furtado

IPC: H04L47/125 ,  H04L67/146 ,  H04L45/00 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/46 ,  H04L45/745 ,  H04L47/2408 ,  H04L45/02 ,  H04L45/12 ,  H04L45/24 ,  H04L45/302 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L9/40 ,  H04L67/1004 ,  H04L41/0654 ,  H04L45/30 ,  H04L45/741 ,  H04L67/51 ,  H04L67/63 ,  H04L67/563 ,  H04L47/70

CPC classification number: H04L45/20 ,  H04L12/4633 ,  H04L12/4662 ,  H04L41/0654 ,  H04L41/0893 ,  H04L45/02 ,  H04L45/04 ,  H04L45/12 ,  H04L45/24 ,  H04L45/30 ,  H04L45/306 ,  H04L45/586 ,  H04L45/741 ,  H04L45/745 ,  H04L47/125 ,  H04L47/2408 ,  H04L47/2441 ,  H04L49/20 ,  H04L49/70 ,  H04L63/0272 ,  H04L63/164 ,  H04L63/306 ,  H04L67/1004 ,  H04L67/142 ,  H04L67/51 ,  H04L67/563 ,  H04L67/63 ,  H04L47/825 ,  H04L67/146

Abstract: Some embodiments provide novel methods for providing a set of services for a logical network associated with an edge forwarding element acting between a logical network and an external network. In some embodiments, the services are provided using a logical service forwarding plane that connects the edge forwarding element to a set of service nodes that each provide a service in the set of services. The service classification operation of some embodiments identifies a chain of multiple service operations that has to be performed on the data message. In some embodiments, identifying the chain of service operations includes selecting a service path to provide the multiple services. After selecting the service path, the data message is sent along the selected service path to have the services provided. The data message is returned to the edge forwarding element by a last service node in the service path that performs the last service operation and the edge forwarding element performs next hop forwarding on the data message.

公开(公告)号：US20230171193A1

公开(公告)日：2023-06-01

申请号：US18103366

申请日：2023-01-30

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04L45/745 ,  G06F9/455 ,  H04L12/46 ,  H04L49/354 ,  H04L49/00

CPC classification number: H04L45/745 ,  G06F9/45558 ,  H04L12/4633 ,  H04L12/4641 ,  H04L49/354 ,  H04L49/70 ,  H04L2212/00

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US11609781B2

公开(公告)日：2023-03-21

申请号：US17352298

申请日：2021-06-19

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  H04L45/00 ,  H04L47/125 ,  H04L69/324 ,  H04L69/325 ,  H04L69/321 ,  H04L12/46 ,  H04L47/17 ,  H04L49/25 ,  H04L41/5054 ,  G06F9/54 ,  H04L45/74 ,  H04L47/19 ,  H04L41/0803 ,  H04L41/5003 ,  H04L67/10 ,  H04L45/586 ,  H04L45/302 ,  H04L45/745 ,  H04L67/101 ,  H04L41/0816 ,  H04L47/2425 ,  H04L49/00 ,  H04L61/2592 ,  H04L67/51 ,  H04L67/56 ,  H04L67/60 ,  H04L67/563 ,  H04L67/1001 ,  H04L41/0806 ,  H04L41/0893 ,  H04L101/622

Abstract: Some embodiments provide a method for performing services for data messages associated with a machine executing on a particular host computer. On the particular host computer, the method configures (1) a first distributed forwarding element (DFE) to forward data messages sent by the machine based on network addresses specified by machine, and (2) a second DFE to forward data messages sent by the machine to a set of one or more other host computers on which a set of one or more service nodes before the data messages are returned to the particular host computer to be forwarded by the first DFE based on the network addresses specified by the machine. Each DFE is implemented by at least one software forwarding element executing (SFE) on the particular host computer and at least one other SFE executing on at least one other host computer.

公开(公告)号：US11570104B2

公开(公告)日：2023-01-31

申请号：US17133555

申请日：2020-12-23

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04W4/00 ,  H04L45/745 ,  G06F9/455 ,  H04L12/46 ,  H04L49/354 ,  H04L49/00

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US11368387B2

公开(公告)日：2022-06-21

申请号：US16904442

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen

IPC: H04L45/00 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/46 ,  H04L45/745 ,  H04L47/2408 ,  H04L67/51 ,  H04L45/02 ,  H04L45/12 ,  H04L45/24 ,  H04L45/302 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L9/40 ,  H04L67/1004 ,  H04L47/125 ,  H04L67/146 ,  H04L67/563 ,  H04L67/63 ,  H04L41/0654 ,  H04L45/30 ,  H04L45/741 ,  H04L47/70

Abstract: Some embodiments facilitate the provision of a service reachable at a virtual internet protocol (VIP) address. The VIP address is used by clients to access a set of service nodes in the logical network. Facilitating the provision of the service, in some embodiments, includes returning a serviced data message to a load balancer that selected a service node to provide the service for the load balancer to track the state of the connection using the service logical forwarding element. To use the service logical forwarding element, some embodiments configure an egress datapath of the service nodes to intercept the serviced data message before being forwarded to a logical forwarding element in the datapath from the client to the service node, and determine if the serviced data message requires routing by the routing service provided as a service by the edge forwarding element.