-
公开(公告)号:US20220021615A1
公开(公告)日:2022-01-20
申请号:US16931207
申请日:2020-07-16
Applicant: VMware, Inc.
Inventor: Sami Boutros , Mani Kancherla , Jayant Jain , Anirban Sengupta
IPC: H04L12/749 , H04L29/12 , H04L12/24 , H04L12/715 , H04L12/66
Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.
-
公开(公告)号:US09755981B2
公开(公告)日:2017-09-05
申请号:US14205173
申请日:2014-03-11
Applicant: VMware, Inc.
Inventor: Jayant Jain , Anirban Sengupta , Weiqing Wu
IPC: H04L12/805 , H04L29/06 , G06F9/00
CPC classification number: H04L47/36 , G06F9/00 , G06F9/46 , H04L69/166 , H04L69/22
Abstract: A method for performing LRO aggregation on packets being forwarded by a VM is provided. The method segments the LRO aggregated packet according to the Maximum Segment Size (MSS) of the TCP protocol before forwarding the segmented packets to their destination. The method snoops the packets being forwarded for its MSS parameter before using the snooped MSS parameter to perform Transmit Segmentation Offload (TSO) operation. The PNIC performs both the aggregation operation (LRO) and the segmentation (TSO) within its own hardware without consuming CPU cycles at the host machine. The PNIC receives the MSS parameter from the network stack as a metadata that accompanies a LRO aggregated packet.
-
43.发明授权公开(公告)号:US09264313B1
公开(公告)日:2016-02-16
申请号:US14069299
申请日:2013-10-31
Applicant: VMware, Inc.
Inventor: Subrahmanyam Manuguri , Anirban Sengupta , Andre Khan
CPC classification number: H04L41/5058 , H04L41/12 , Y02D30/30
Abstract: A system and method for performing a service discovery on a distributed computer system includes obtaining information of a service that is provided by a host computer in the distributed computer system and embedding the information into a Link Layer Discovery Protocol (LLDP) data frame to be transmitted from the host computer to another component of the distributed computer system.
Abstract translation: 一种用于在分布式计算机系统上执行服务发现的系统和方法包括:获得由分布式计算机系统中的主计算机提供的服务的信息,并将该信息嵌入到要发送的链路层发现协议(LLDP)数据帧中 从主机到分布式计算机系统的另一个组件。
-
公开(公告)号:US20140334485A1
公开(公告)日:2014-11-13
申请号:US13891025
申请日:2013-05-09
Applicant: VMware, Inc.
Inventor: Jayant Jain , Anirban Sengupta
IPC: H04L12/741 , H04L12/931
CPC classification number: H04L45/74 , H04L12/4633 , H04L12/4641 , H04L45/306 , H04L49/20 , H04L67/10 , H04L2212/00
Abstract: The disclosure herein describes a system, which provides service switching in a datacenter environment. The system can include a service switching gateway, which can identify a service tag associated with a received packet. During operation, the service switching gateway determines a source client, a requested service, or both for the packet based on the service tag, identifies a corresponding service portal based on the service tag, and forwards the packet toward the service portal. The service switching gateway can optionally maintain a mapping between the service tag and one or more of: a source client, a required service, the service portal, and a tunnel encapsulation. The service switching gateway can encapsulate the packet based on an encapsulation mechanism supported by the service portal and forward the packet based on the mapping.
Abstract translation: 本文的公开内容描述了在数据中心环境中提供服务切换的系统。 该系统可以包括服务交换网关,其可以识别与接收的分组相关联的服务标签。 业务交换网关在业务交换网关根据业务标签确定报文的源客户端,请求业务或二者,根据业务标签识别对应的业务门户,并将报文转发给业务门户。 服务交换网关可以选择性地维护业务标签与源客户端,所需业务,业务门户和隧道封装中的一个或多个的映射关系。 业务交换网关可以根据业务门户支持的封装机制封装报文,并根据映射转发报文。
-
公开(公告)号:US11757940B2
公开(公告)日:2023-09-12
申请号:US17103706
申请日:2020-11-24
Applicant: VMware, Inc.
Inventor: Sachin Mohan Vaidya , Kausum Kumar , Jayant Jain , Shadab Shah , Anirban Sengupta
IPC: H04L9/40 , G06F9/455 , H04L12/46 , H04L41/0803 , H04L41/0893 , H04L45/586 , H04L49/00 , H04L67/10 , H04L12/66 , H04L45/42 , H04L45/64
CPC classification number: H04L63/20 , G06F9/455 , G06F9/45558 , H04L12/4641 , H04L12/66 , H04L41/0803 , H04L41/0893 , H04L45/42 , H04L45/586 , H04L45/64 , H04L49/70 , H04L63/0209 , H04L63/0218 , H04L63/0236 , H04L63/0263 , H04L63/10 , H04L67/10 , G06F2009/45595
Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifies a requirement that the application receive data traffic from sources external to the virtual infrastructure. Based on the application definition, the method defines a first set of firewall rules for the application that indicate conditions for allowing data traffic from sources external to the virtual infrastructure. For an existing second set of higher-level firewall rules for data traffic entering and exiting the virtual infrastructure, the method specifies a new firewall rule that directs a network element implementing the sets of firewall rules to apply the first set of firewall rules to any data traffic that is from sources external to the virtual infrastructure and directed to the application.
-
Patent Agency Ranking
公开(公告)号:US20230179475A1
公开(公告)日:2023-06-08
申请号:US18102686
申请日:2023-01-28
Applicant: VMware, Inc.
Inventor: Jayant Jain , Mike Parsa , Xinhua Hong , Subrahmanyam Manuguri , Anirban Sengupta
IPC: H04L41/0806 , H04L12/66 , H04L12/46 , H04L49/25 , H04L61/50
CPC classification number: H04L41/0806 , H04L12/66 , H04L12/4641 , H04L49/25 , H04L61/50 , H04L2101/622
Abstract: Some embodiments of the invention provide novel methods for providing a stateful service at a network edge device (e.g., an NSX edge) that has a plurality of north-facing interfaces (e.g., interfaces to an external network) and a plurality of corresponding south-facing interfaces (e.g., interfaces to a logical network). In some embodiments, each interface associated with a different bridge calls a service engine based on identifiers included in data messages received at the interface. Each data message flow is associated with a particular identifier that is associated with a particular service engine instance that provides the stateful service. In some embodiments, the interface that receives a data message identifies a service engine to provide the stateful service and provides the data message to the identified service engine. After processing the data message, the service engine provides the data message to the egress interface associated with the ingress interface.
-
公开(公告)号:US11659026B2
公开(公告)日:2023-05-23
申请号:US16855305
申请日:2020-04-22
Applicant: VMware, Inc.
Inventor: Alok Tiagi , Farzad Ghannadian , Karen Hayrapetyan , Laxmikant Vithal Gunda , Sunitha Krishna , Ashot Aslanyan , Anirban Sengupta
CPC classification number: H04L47/781 , G06K9/6257 , H04L41/22 , H04L47/125 , H04L63/20 , H04L67/01
Abstract: The disclosure provides an approach for workload labeling and identification of known or custom applications. Embodiments include determining a plurality of sets of features comprising a respective set of features for each respective workload of a first subset of a plurality of workloads. Embodiments include identifying a group of workloads based on similarities among the plurality of sets of features. Embodiments include receiving label data from a user comprising a label for the group of workloads. Embodiments include associating the label with each workload of the group of workloads to produce a training data set. Embodiments include using the training data set to train a model to output labels for input workloads. Embodiments include determining a label for a given workload of the plurality of workloads by inputting features of the given workload to the model.
-
48.发明授权公开(公告)号:US11611625B2
公开(公告)日:2023-03-21
申请号:US17122153
申请日:2020-12-15
Applicant: VMware, Inc.
Inventor: Jayant Jain , Anirban Sengupta , Rick Lund
Abstract: Some embodiments provide a method for performing services on a host computer that executes several machines in a datacenter. The method configures a first set of one or more service containers for a first machine executing on the host computer, and a second set of one or more service containers for a second machine executing on the host computer. Each configured service container performs a service operation on data messages associated with a particular machine. For each particular machine, the method also configures a module along the particular machine's datapath to identify a subset of service operations to perform on a set of data messages associated with the particular machine, and to direct the set of data messages to a set of service containers configured for the particular machine to perform the identified set of service operations on the set of data messages.
-
公开(公告)号:US11539718B2
公开(公告)日:2022-12-27
申请号:US16739572
申请日:2020-01-10
Applicant: VMware, Inc.
Inventor: Jayant Jain , Jingmin Zhou , Sushruth Gopal , Anirban Sengupta , Sirisha Myneni
IPC: H04L29/06 , H04L9/40 , G06F16/901 , G06F9/54 , G06F9/455
Abstract: Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on the host computer to enforce several IDS rules. The IDS engine uses the identified set of contextual attributes to identify a subset of the IDS rules that are applicable to the received data message and that do not include all of the IDS rules enforced by the IDS engine. The IDS engine then examines the subset of IDS rules for the received data message to ascertain whether the data message is associated with a network intrusion activity. For instance, in some embodiments, the IDS engine identifies one rule in the identified subset of IDS rules as matching the received data message, and then processes this rule to determine whether the data message is associated with an intrusion.
-
50.发明授权公开(公告)号:US11451413B2
公开(公告)日:2022-09-20
申请号:US16941467
申请日:2020-07-28
Applicant: VMware, Inc.
Inventor: Sami Boutros , Anirban Sengupta , Mani Kancherla , Jerome Catrouillet , Sri Mohana Singamsetty
IPC: H04L12/46 , H04L29/08 , H04L12/713 , H04L12/715 , H04L29/12 , H04L67/1001 , H04L45/586 , H04L69/08 , H04L61/251 , H04L12/66 , H04L45/02
Abstract: Some embodiments of the invention provide a novel network architecture for advertising routes in an availability zone (AZ). The novel network architecture includes a set of route servers for receiving advertisements of network addresses as being available in the AZ from different routers in the AZ. The novel network architecture also includes multiple host computers that each execute a router that (i) identifies network addresses available on the host computer, (ii) sends advertisements of the identified network addresses to the set of route servers, and (iii) receives advertisements from the set of route servers regarding network addresses available on other host computers. The identified network addresses, in some embodiments, include at least one of network addresses associated with data compute nodes (DCNs) and network addresses associated with services available at the host computer. The route servers advertise the received network addresses to other routers in the AZ.
-
-
-
-
-
-
-
-
-
Search Results
63
records
(took 0.021 seconds)
