公开(公告)号：US11743172B2

公开(公告)日：2023-08-29

申请号：US16904390

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen

IPC: H04L45/00 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/46 ,  H04L45/745 ,  H04L47/2408 ,  H04L45/02 ,  H04L45/12 ,  H04L45/24 ,  H04L45/302 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L9/40 ,  H04L67/1004 ,  H04L47/125 ,  H04L67/146 ,  H04L41/0654 ,  H04L45/30 ,  H04L45/741 ,  H04L67/51 ,  H04L67/63 ,  H04L67/563 ,  H04L47/70

CPC classification number: H04L45/20 ,  H04L12/4633 ,  H04L12/4662 ,  H04L41/0654 ,  H04L41/0893 ,  H04L45/02 ,  H04L45/04 ,  H04L45/12 ,  H04L45/24 ,  H04L45/30 ,  H04L45/306 ,  H04L45/586 ,  H04L45/741 ,  H04L45/745 ,  H04L47/125 ,  H04L47/2408 ,  H04L47/2441 ,  H04L49/20 ,  H04L49/70 ,  H04L63/0272 ,  H04L63/164 ,  H04L63/306 ,  H04L67/1004 ,  H04L67/142 ,  H04L67/146 ,  H04L67/51 ,  H04L67/563 ,  H04L67/63 ,  H04L47/825

Abstract: Some embodiments provide novel methods for providing different types of services for a logical network associated with an edge forwarding element acting between the logical network and an external network. The edge forwarding element receives data messages for forwarding and performs a service classification operation to select a set of services of a particular type for the data message. The particular type of service is one of multiple types of services that use different transport mechanisms to forward the data to a set of service nodes (e.g., service virtual machines, or service appliances, etc.) that provide the service. The edge forwarding element receives the data message after the selected set of services has been performed and performs a forwarding operation to forward the data message. In some embodiments, the method is also performed by edge forwarding elements that are at the edges of logical network segments within the logical network.

公开(公告)号：US11528219B2

公开(公告)日：2022-12-13

申请号：US16904437

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Yuxiao Zhang ,  Kantesh Mundaragi ,  Rahul Mishra

IPC: H04L45/00 ,  H04L67/142 ,  H04L45/586 ,  H04L45/745 ,  H04L67/146 ,  H04L47/2441 ,  H04L12/46 ,  H04L47/2408 ,  H04L45/02 ,  H04L45/12 ,  H04L45/24 ,  H04L45/302 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L9/40 ,  H04L67/1004 ,  H04L47/125 ,  H04L41/0654 ,  H04L45/30 ,  H04L45/741 ,  H04L67/51 ,  H04L67/63 ,  H04L67/563 ,  H04L47/70

Abstract: Some embodiments configure an edge forwarding element to perform service insertion operations to identify stateful services to perform for data messages received for forwarding by the edge forwarding element at multiple virtual interfaces of the edge forwarding element. The service insertion operation, in some embodiments, includes applying a set of service insertion rules. The service insertion rules (1) specify a set of criteria and a corresponding action to take for data messages matching the criteria and (2) are associated with a set of interfaces to which the service insertion rules are applied. In some embodiments, the action is specified using a universally unique identifier (UUID) that is then used as a matching criteria for a subsequent policy lookup that identifies a type of service insertion and a set of next hop data.

公开(公告)号：US11438257B2

公开(公告)日：2022-09-06

申请号：US16904446

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Yuxiao Zhang ,  Kantesh Mundaragi ,  Rahul Mishra

IPC: G01R31/08 ,  H04L45/00 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/46 ,  H04L45/745 ,  H04L47/2408 ,  H04L67/51 ,  H04L45/02 ,  H04L45/12 ,  H04L45/24 ,  H04L45/302 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L9/40 ,  H04L67/1004 ,  H04L47/125 ,  H04L67/146 ,  H04L67/563 ,  H04L67/63 ,  H04L41/0654 ,  H04L45/30 ,  H04L45/741 ,  H04L47/70

Abstract: Some embodiments provide stateful services in a chain of services identified for some data messages. The edge forwarding element receives a data message at a particular interface of the edge forwarding element that is traversing the edge forwarding element in a forward direction between two machines. The edge forwarding element identifies (1) a set of stateful services for the received data message and (2) a next hop associated with the identified set of stateful services in the forward direction and a next hop associated with the identified set of stateful services in the reverse direction. Based on the identified set of services and the next hops for the forward and reverse directions, the edge forwarding element generates and stores first and second connection tracking records for the forward and reverse data message flows, respectively used to forward data messages received subsequently for the flow.

公开(公告)号：US11354148B2

公开(公告)日：2022-06-07

申请号：US16444978

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Kantesh Mundaragi ,  Rahul Mishra ,  Jayant Jain ,  Raju Koganty

IPC: G06F15/16 ,  G06F9/455 ,  H04L45/00 ,  H04L47/125 ,  H04L69/324 ,  H04L69/325 ,  H04L69/321 ,  H04L12/46 ,  H04L47/17 ,  H04L49/25 ,  H04L101/622 ,  H04L41/5054 ,  G06F9/54 ,  H04L45/74 ,  H04L47/19 ,  H04L67/563 ,  H04L41/0803 ,  H04L41/5003 ,  H04L67/1001 ,  H04L67/10 ,  H04L45/586 ,  H04L67/60 ,  H04L45/302 ,  H04L45/745 ,  H04L67/101 ,  H04L41/0816 ,  H04L47/2425 ,  H04L67/51 ,  H04L67/56 ,  H04L49/00 ,  H04L61/2592 ,  H04L41/0806 ,  H04L41/0893

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US11294703B2

公开(公告)日：2022-04-05

申请号：US16444884

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Camille Lecuyer ,  Saahil Gokhale ,  Rajeev Nair ,  Kantesh Mundaragi ,  Rahul Mishra ,  Jayant Jain ,  Raju Koganty

IPC: G06F15/16 ,  G06F9/455 ,  H04L45/00 ,  H04L47/125 ,  H04L69/324 ,  H04L69/325 ,  H04L69/321 ,  H04L12/46 ,  H04L47/17 ,  H04L49/25 ,  H04L101/622 ,  H04L41/5054 ,  G06F9/54 ,  H04L45/74 ,  H04L47/19 ,  H04L67/563 ,  H04L41/0803 ,  H04L41/5003 ,  H04L67/1001 ,  H04L67/10 ,  H04L45/586 ,  H04L67/60 ,  H04L45/30 ,  H04L45/745 ,  H04L67/101 ,  H04L41/0816 ,  H04L47/2425 ,  H04L67/51 ,  H04L67/56 ,  H04L49/00 ,  H04L61/2592 ,  H04L41/0806 ,  H04L41/0893

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US11288088B2

公开(公告)日：2022-03-29

申请号：US16444964

申请日：2019-06-18

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Kantesh Mundaragi ,  Rahul Mishra ,  Jayant Jain ,  Raju Koganty

IPC: H04W56/00 ,  G06F9/455 ,  H04L45/00 ,  H04L47/125 ,  H04L69/324 ,  H04L69/325 ,  H04L69/321 ,  H04L12/46 ,  H04L47/17 ,  H04L49/25 ,  H04L101/622 ,  H04L41/5054 ,  G06F9/54 ,  H04L45/74 ,  H04L47/19 ,  H04L67/563 ,  H04L41/0803 ,  H04L41/5003 ,  H04L67/1001 ,  H04L67/10 ,  H04L45/586 ,  H04L67/60 ,  H04L45/30 ,  H04L45/745 ,  H04L67/101 ,  H04L41/0816 ,  H04L47/2425 ,  H04L67/51 ,  H04L67/56 ,  H04L49/00 ,  H04L61/2592 ,  H04L41/0806 ,  H04L41/0893

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

公开(公告)号：US11277331B2

公开(公告)日：2022-03-15

申请号：US16904430

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra

IPC: G06F15/173 ,  H04L45/00 ,  H04L47/2441 ,  H04L67/142 ,  H04L45/586 ,  H04L12/46 ,  H04L45/745 ,  H04L47/2408 ,  H04L67/51 ,  H04L45/12 ,  H04L45/24 ,  H04L45/30 ,  H04L49/20 ,  H04L41/0893 ,  H04L49/00 ,  H04L29/06 ,  H04L67/1004 ,  H04L47/125 ,  H04L67/146 ,  H04L67/563 ,  H04L67/63 ,  H04L41/0654 ,  H04L45/02 ,  H04L47/70

Abstract: Some embodiments provide a method of performing stateful services that keeps track of changes to states of service nodes to update connection tracker records when necessary. At least one global state value indicating a state of the service nodes is maintained at the edge device. The method generates a record in a connection tracker storage including the current global state value as a flow state value for a first data message in a data message flow. Each time a data message is received for the data message flow, the stored state value (i.e., a flow state value) is compared to the relevant global state value to determine if the stored action may have been updated. After a change in the global state value relevant to the flow the method examines a flow programming table to determine if the flow has been affected by a flow programming instruction(s) that caused the global state value to change.

公开(公告)号：US20210314423A1

公开(公告)日：2021-10-07

申请号：US16904377

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen ,  Elton Furtado

IPC: H04L29/08 ,  H04L12/803

Abstract: Some embodiments provide novel methods for providing a set of services for a logical network associated with an edge forwarding element acting between a logical network and an external network. In some embodiments, the services are provided using a logical service forwarding plane that connects the edge forwarding element to a set of service nodes that each provide a service in the set of services. The service classification operation of some embodiments identifies a chain of multiple service operations that has to be performed on the data message. In some embodiments, identifying the chain of service operations includes selecting a service path to provide the multiple services. After selecting the service path, the data message is sent along the selected service path to have the services provided. The data message is returned to the edge forwarding element by a last service node in the service path that performs the last service operation and the edge forwarding element performs next hop forwarding on the data message.

公开(公告)号：US20210314268A1

公开(公告)日：2021-10-07

申请号：US16904390

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Kantesh Mundaragi ,  Yuxiao Zhang ,  Rahul Mishra ,  Akhila Naveen

IPC: H04L12/851 ,  H04L12/46 ,  H04L29/08 ,  H04L12/741

Abstract: Some embodiments provide novel methods for providing different types of services for a logical network associated with an edge forwarding element acting between the logical network and an external network. The edge forwarding element receives data messages for forwarding and performs a service classification operation to select a set of services of a particular type for the data message. The particular type of service is one of multiple different types of services that use different transport mechanisms to forward the data to a set of service nodes (e.g., service virtual machines, or service appliances, etc.) that provide the service. The edge forwarding element then receives the data message after the selected set of services has been performed and performs a forwarding operation to forward the data message. In some embodiments, the method is also performed by edge forwarding elements that are at the edges of logical network segments within the logical network.

公开(公告)号：US20210314252A1

公开(公告)日：2021-10-07

申请号：US16904437

申请日：2020-06-17

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Yuxiao Zhang ,  Kantesh Mundaragi ,  Rahul Mishra

IPC: H04L12/715 ,  H04L12/725 ,  H04L12/707 ,  H04L12/721 ,  H04L12/931

Abstract: Some embodiments configure an edge forwarding element to perform service insertion operations to identify stateful services to perform for data messages received for forwarding by the edge forwarding element at multiple virtual interfaces of the edge forwarding element. The service insertion operation, in some embodiments, includes applying a set of service insertion rules. The service insertion rules (1) specify a set of criteria and a corresponding action to take for data messages matching the criteria and (2) are associated with a set of interfaces to which the service insertion rules are applied. In some embodiments, the action is specified using a universally unique identifier (UUID) that is then used as a matching criteria for a subsequent policy lookup that identifies a type of service insertion and a set of next hop data.