公开(公告)号：US20210314415A1

公开(公告)日：2021-10-07

申请号：US16904399

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen

IPC: H04L29/08 ,  H04L12/46 ,  H04L29/06

Abstract: For traffic exiting a logical network through a particular VTI, some embodiments perform a service classification operation for different data messages to identify different VTIs that connect the edge forwarding element to a service node to provide services required by the data messages. Each data message, in some embodiments, is then forwarded to the identified VTI to receive the required service. The identified VTI does not perform a service classification operation. The service node then returns the serviced data message to the edge forwarding element. In some embodiments, the identified VTI is not configured to perform the service classification operation and is instead configured to mark all traffic directed to the edge forwarding element as having been serviced. The marked serviced data message is received at the edge forwarding element and forwarded to a destination of the data message through the particular VTI.

公开(公告)号：US20210120080A1

公开(公告)日：2021-04-22

申请号：US16785674

申请日：2020-02-10

Applicant: VMWARE, INC.

Inventor： RAHUL MISHRA ,  Kantesh Mundaragi ,  Raju Koganty

IPC: H04L29/08 ,  H04L12/24 ,  H04L12/66

Abstract: Some embodiments provide a novel method for distributing data message flows among multiple service nodes that provide a particular service in a managed network. In some embodiments, the service nodes provide an edge service at an edge device (e.g., a gateway) of the managed network. The method collects a set of attributes from each service node of the multiple service nodes regarding the service node from which the set of attributes are collected. The collected attributes may include usage statistics, characteristics of the service nodes, and characteristics of the connections to the service nodes. The collected attributes are used to compute a score (e.g., a weight or priority) for each service node. Based on the policy and the computed scores, a set of rules and tables are generated to distribute the data message flows to the service nodes to implement the policy.

公开(公告)号：US10944673B2

公开(公告)日：2021-03-09

申请号：US16120281

申请日：2018-09-02

Applicant: VMware, Inc.

Inventor： Akhila Naveen ,  Kantesh Mundaragi ,  Rahul Mishra ,  Fenil Kavathia ,  Raju Koganty ,  Pierluigi Rolando ,  Yong Feng ,  Jayant Jain

IPC: H04L12/741 ,  H04L29/08 ,  H04L12/713

Abstract: Some embodiments provide a method for forwarding a data message. The method performs a lookup to map a set of header fields of the data message to an identifier corresponding to a service that performs non-forwarding processing on data messages. The method uses a dynamically-updated data structure for the identifier to retrieve instructions for forwarding data messages to the service. The method forwards the data message according to the retrieved instructions from the data structure for the identifier.

公开(公告)号：US10924397B2

公开(公告)日：2021-02-16

申请号：US16283665

申请日：2019-02-22

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Kantesh Mundaragi ,  Stephen Tan ,  Akhila Naveen ,  Pierluigi Rolando ,  Raju Koganty

IPC: H04L12/28 ,  H04L12/713 ,  H04L12/707 ,  H04L29/12

Abstract: In an embodiment, a method for a VRF and multi-service insertion on edge gateways is described. In an embodiment, the method comprises: detecting a packet; determining attributes for the packet; based on the attributes, determining whether the attributes match one or more rule attributes of a particular rule in a rule table; in response to determining that the attributes match the one or more rule attributes of a particular rule in the rule table: determining, based on the particular rule, a particular redirection identifier, a particular VRF identifier, a particular next_hop, a particular address pair, and a particular BFD status; based on the particular BFD status, determining whether to redirect the packet; and in response to determining to redirect the packet, redirecting the packet toward a service virtual machine from an interface indicated by one of addresses in the particular address pair.

公开(公告)号：US10892989B2

公开(公告)日：2021-01-12

申请号：US16251080

申请日：2019-01-18

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04L12/28 ,  H04L12/741 ,  G06F9/455 ,  H04L12/46 ,  H04L12/931

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US20200274945A1

公开(公告)日：2020-08-27

申请号：US16444956

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Kantesh Mundaragi ,  Rahul Mishra ,  Jayant Jain ,  Raju Koganty

IPC: H04L29/08

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US20200274808A1

公开(公告)日：2020-08-27

申请号：US16445058

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Kantesh Mundaragi ,  Rahul Mishra ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: H04L12/803

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US20200274791A1

公开(公告)日：2020-08-27

申请号：US16283656

申请日：2019-02-22

Applicant: VMware, Inc.

Inventor： Rahul Mishra ,  Kantesh Mundaragi ,  Stephen Tan ,  Akhila Naveen ,  Pierluigi Rolando ,  Raju Koganty

IPC: H04L12/707 ,  H04L12/24

Abstract: In an embodiment, a method for a VRF and multi-service insertion on edge gateways is described. In an embodiment, the method comprises obtaining a rule configuration. Based on, at least in part, the rule configuration, a rule table is created. The rule table comprises rule data records, wherein a rule data record comprises packet attributes and a redirection identifier. A policy configuration comprising policy records is obtained. Each policy record comprises a redirection identifier, a next_hop, and an address pair for interfaces. A mapping between VRF identifiers and address pairs is generated. Based on, at least in part, the mapping and the policy configuration, a policy table is generated. The policy table comprises table records, wherein a table record comprises a redirection identifier, a next_hop, and an address pair. The rule and policy tables are used to redirect a packet from an edge gateway to a service virtual machine.

公开(公告)号：US20200274778A1

公开(公告)日：2020-08-27

申请号：US16444907

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Kantesh Mundaragi ,  Rahul Mishra ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: H04L12/24 ,  H04L12/725 ,  H04L29/08 ,  H04L12/741 ,  G06F9/455

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US20200272496A1

公开(公告)日：2020-08-27

申请号：US16445004

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Kantesh Mundaragi ,  Rahul Mishra ,  Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty

IPC: G06F9/455 ,  H04L12/721 ,  H04L12/803 ,  H04L29/08

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).