-
公开(公告)号:US10771429B1
公开(公告)日:2020-09-08
申请号:US16366776
申请日:2019-03-27
Applicant: VMware, Inc.
Inventor: Xinhua Hong , Yong Wang , Jia Yu
Abstract: In an embodiment, a computer-implemented method for using multiple IP addresses in GRE IP headers to prevent IPID fragmentation overlapping in L2VPN networks is disclosed. In an embodiment, the method comprises: receiving, by an edge service gateway, a packet that requires fragmentating; determining whether the gateway is configured to prevent IPID fragmentation overlapping; and in response to determining that the gateway is configured to prevent IPID fragmentation overlapping, creating a plurality of packet fragments of the packet. A packet fragment comprises a GRE IP header, additional headers, and a portion of the packet. The GRE IP header stores an IPID generated for the packet in an IPID field, a source private IP address in a source IP address field, and a destination private IP address in a destination IP address field. The source private IP address, the destination private IP address and the IPID collectively form a packet identifier of the packet.
-
公开(公告)号:US11770389B2
公开(公告)日:2023-09-26
申请号:US17012235
申请日:2020-09-04
Applicant: VMWARE, INC.
Inventor: Sourabh Bhattacharya , Yong Wang , Awan Kumar Sharma , Bhargav Puvvada , Mayur Katke
IPC: H04L9/40 , H04L47/125 , H04L9/08
CPC classification number: H04L63/1416 , H04L9/0891 , H04L47/125 , H04L63/029 , H04L63/0485 , H04L63/20
Abstract: Certain embodiments described herein are relate to a method for dynamically rekeying a security association. The method includes establishing, by a destination tunnel endpoint (TEP), an in-bound security association with a source TEP, with a first security parameter index (SPI) value, for encrypting data packets communicated between the source TEP and the destination TEP. The method further includes rekeying, by the destination TEP, the in-bound security association, the rekeying including generating a second SPI value for replacing the first SPI value based on a trigger event relating to at least one of a real-time security score of the in-bound security association, a number of security associations assigned to a compute resource that the in-bound security resource is assigned to, an amount of load managed by the compute resource that the in-bound security resource is assigned to, and an indication received from an administrator.
-
公开(公告)号:US20230118718A1
公开(公告)日:2023-04-20
申请号:US17962419
申请日:2022-10-07
Applicant: VMware, Inc.
Inventor: Deepika Kunal Solanki , Awan Kumar Sharma , Yong Wang , Sarthak Ray
Abstract: Some embodiments provide a method for establishing a virtual private network (VPN) session between a first gateway router located at a first site and a second gateway router located at a second site. The VPN session for exchanging packets along multiple paths between the first and second sites. The method is performed at the second gateway router located at the second site. The method determines whether any intermediate network address translation (NAT) device processes packets on the multiple paths between the first and second sites during the VPN session. Upon determining that no NAT device processes packets on the multiple paths between the first and second sites, the method builds a source port pool at the second site for sending probe packets during the VPN session (1) to identify the multiple paths and (2) to collect metrics associated with each of the identified paths. Upon determining that a NAT device processes packets on the multiple paths between the first and second sites, the method uses destination port identifiers used in probe packets sent by the first gateway at the first site as source port identifiers for sending probe packets during the VPN session (1) to identify the multiple paths and (2) to collect metrics associated with each of the identified paths.
-
公开(公告)号:US20230036071A1
公开(公告)日:2023-02-02
申请号:US17507822
申请日:2021-10-22
Applicant: VMWARE, INC.
Inventor: ABHISHEK GOLIYA , Yong Wang , Awan Kumar Sharma
Abstract: Described herein are systems, methods, and software to select edge gateways for communications based on exchanged hash information. In one implementation, a first gateway may receive hash information associated with second gateways, wherein the hash information is used to select a gateway of the second gateways to communicate a packet. The first gateway further receives a packet. hashes addressing in the packet to select a destination gateway of the second gateways for the packet. The first gateway further encapsulates the packet and communicates the encapsulated packet to the selected destination gateway.
-
公开(公告)号:US20230028922A1
公开(公告)日:2023-01-26
申请号:US17384211
申请日:2021-07-23
Applicant: VMware, Inc.
Inventor: Yong Wang , Cheng-Chun Tu , Sreeram Kumar Ravinoothala , Yu Ying
IPC: H04L12/775
Abstract: Some embodiments of the invention provide a system for implementing multiple logical routers. The system includes a Kubernetes cluster that includes multiple nodes, with each node executing a set of pods. The set of pods include a first pod for performing a first set of data message processing operations for the multiple logical routers and at least one respective separate pod for each respective logical router of the multiple logical routers. Each respective pod is for performing a respective second set of data message processing operations for the respective logical router.
-
Patent Agency Ranking
公开(公告)号:US20230024885A1
公开(公告)日:2023-01-26
申请号:US17502081
申请日:2021-10-15
Applicant: VMWARE, INC.
Inventor: Yong Wang , Awan Kumar Sharma , Xinhua Hong , Abhishek Goliya
IPC: H04L12/747 , H04L12/66 , H04L12/46
Abstract: Described herein are systems, methods, and software to manage the selection of an edge gateway or edge for processing a packet. In one implementation, a first edge may receive a packet and hash addressing information in the packet to select a second edge to process the packet. The first edge may further forward the packet to the second edge, permitting the second edge to process the packet. Once processed, the second edge may forward the packet to a destination host computing system and notify the host computing system to use the second edge for response packets directed at a source internet protocol (IP) address in the packet.
-
公开(公告)号:US20220394017A1
公开(公告)日:2022-12-08
申请号:US17570366
申请日:2022-01-06
Applicant: VMware, Inc.
Inventor: Deepika Solanki , Awan Kumar Sharma , Yong Wang , Sarthak Ray , Sourabh Bhattacharya
Abstract: Some embodiments provide a method that receives an encapsulated packet for a virtual private network (VPN) session. The encapsulated packet incluides (i) a set of flow identifiers of a network traffic flow that includes a user datagram protocol (UDP) port number and (ii) a payload encrypted according to a security association (SA). The method hashes the set of flow identifiers of the network traffic flow to select a processor core from a plurality of processor cores. The method uses the selected processor core to decrypt the payload in the encapsulated packet according to the SA.
-
公开(公告)号:US20220393981A1
公开(公告)日:2022-12-08
申请号:US17570362
申请日:2022-01-06
Applicant: VMware, Inc.
Inventor: Deepika Solanki , Awan Kumar Sharma , Yong Wang , Sarthak Ray , Sourabh Bhattacharya
Abstract: Some embodiments provide a method that assigns, at a VPN client, a QoS class to each path of multiple paths based on performance metrics for paths. The paths are available for use by a VPN client to reach a VPN server. The method identifies a QoS class for a packet. The method selects a path based on the identified QoS class of the packet and the QoS class assigned to each path. The method transmits the packet using the selected path.
-
公开(公告)号:US11340932B2
公开(公告)日:2022-05-24
申请号:US16751193
申请日:2020-01-23
Applicant: VMware, Inc.
Inventor: Yong Wang , Boon Seong Ang , Guolin Yang , Wenyi Jiang
Abstract: Example methods and systems for packet handling based on a multiprocessor architecture configuration are provided. One example method may comprise: in response to receiving a first ingress packet that requires processing by a first virtual central processing unit (VCPU) running on the first node, steering the first ingress packet towards a first receive (RX) queue and performing local memory access on the first node to access the first ingress packet from the first RX queue. The method may also comprise: in response to receiving a second ingress packet that requires processing by a second VCPU running on the second node, steering the second ingress packet towards a second RX queue and performing local memory access on the second node to access the second ingress packet from the second RX queue.
-
公开(公告)号:US11307923B2
公开(公告)日:2022-04-19
申请号:US16520318
申请日:2019-07-23
Applicant: VMware, Inc.
Inventor: Yong Wang , Xinhua Hong , Jia Yu , Eduard Serra Miralles
Abstract: Example methods and systems for memory leak detection. One example may comprise: identifying a set of memory buffers that are available for storing packet information that requires processing by the network device; a first subset that includes one or more first memory buffers that are unallocated, and a second subset that includes one or more second memory buffers that are allocated and storing packet information that is being processed by the network device. The method may also comprise: performing a comparison between (a) the set of memory buffers and (b) the first subset and the second subset; and based on the comparison, identifying a third subset that includes one or more third memory buffers, being leaked memory buffers, that are storing packet information that is no longer being processed by the network device.
-
-
-
-
-
-
-
-
-
Search Results
72
records
(took 0.021 seconds)
