公开(公告)号：US11671358B2

公开(公告)日：2023-06-06

申请号：US17456054

申请日：2021-11-22

Applicant: VMware, Inc.

Inventor： Xinhua Hong ,  Yong Wang ,  Jia Yu ,  Dexiang Wang

IPC: H04L45/586 ,  H04L12/66 ,  H04L12/46 ,  H04L49/354 ,  H04L45/02 ,  H04L45/64

CPC classification number: H04L45/586 ,  H04L12/4645 ,  H04L12/66 ,  H04L45/02 ,  H04L45/64 ,  H04L49/354 ,  H04L12/4633

Abstract: The disclosure provides an approach for routing traffic in a network. Embodiments include receiving, by a service router of an edge services gateway (ESG), a packet comprising a virtual network identifier (VNI) and a virtual local area network (VLAN) identifier. Embodiments include sending, by the service router, the packet to a virtual switch of the ESG based on the VNI of the packet. Embodiments include determining, by the virtual switch, a virtual routing and forwarding (VRF) router of the ESG for the packet based on the VLAN identifier. Embodiments include forwarding, by the virtual switch, the packet to the VRF router.

公开(公告)号：US20230041869A1

公开(公告)日：2023-02-09

申请号：US17971591

申请日：2022-10-22

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Xinhua Hong ,  Sreeram Kumar Ravinoothala ,  Dexiang Wang

IPC: H04L47/24 ,  H04L12/66

Abstract: Some embodiments provide, for a gateway datapath that executes on a gateway device to implement tenant logical routers for multiple different tenant logical networks and process traffic between the tenant logical networks and an external network, a method for managing QoS for the plurality of tenant logical networks. The method receives a data message for a particular tenant logical network. The method executes a set of processing stages to process the data message. The set of processing stages includes a processing stage for a particular tenant logical router of the particular tenant logical network. As part of the processing stage for the particular tenant logical router, the method uses a QoS data structure specific to the particular tenant logical router to determine whether to allow the data message. The gateway device stores at least one separate QoS data structure for each of a set of the tenant logical routers.

公开(公告)号：US11552878B1

公开(公告)日：2023-01-10

申请号：US17492723

申请日：2021-10-04

Applicant: VMWARE, INC.

Inventor： Awan Kumar Sharma ,  Yong Wang ,  Sourabh Bhattacharya ,  Deepika Kunal Solanki ,  Sarthak Ray ,  Jochen Behrens

IPC: G06F15/173 ,  H04L45/24 ,  H04L9/40 ,  H04L45/00 ,  H04L45/42

Abstract: Described herein are systems, methods, and software to manage replay windows in multipath connections between gateways. In one implementation, a first gateway may receive a packet directed toward a second gateway and identify a path from a plurality of paths to the second gateway. Once identified, the first gateway may increment a sequence number associated with the path and encapsulate the packet with a unique identifier for the path in the header with the incremented sequence number. The first gateway the communicates the encapsulated packet to the second gateway.

公开(公告)号：US20220394016A1

公开(公告)日：2022-12-08

申请号：US17570364

申请日：2022-01-06

Applicant: VMware, Inc.

Inventor： Deepika Solanki ,  Awan Kumar Sharma ,  Yong Wang ,  Sourabh Bhattacharya ,  Sarthak Ray

IPC: H04L9/40 ,  H04L12/46

Abstract: Some embodiments provide a method that identifies multiple paths between a first site and a second site. A security association (SA) is established for transmitting encrypted payload from the first site to the second site in a virtual private network (VPN) session. The method selects a path based on metrics that are obtained for the paths. The selected path is defined by a first endpoint address of the first site and a second endpoint address of the second site. The method sends a message from the first site to the second site to update the SA to switch from using an original path to using the selected path. The message indicates the first and second endpoint addresses. The method transmits a packet including a payload that is encrypted according to the updated SA.

公开(公告)号：US11483246B2

公开(公告)日：2022-10-25

申请号：US16741457

申请日：2020-01-13

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Xinhua Hong ,  Sreeram Ravinoothala ,  Dexiang Wang

IPC: H04L47/24 ,  H04L12/66

Abstract: Some embodiments provide, for a gateway datapath that executes on a gateway device to implement tenant logical routers for multiple different tenant logical networks and process traffic between the tenant logical networks and an external network, a method for managing QoS for the plurality of tenant logical networks. The method receives a data message for a particular tenant logical network. The method executes a set of processing stages to process the data message. The set of processing stages includes a processing stage for a particular tenant logical router of the particular tenant logical network. As part of the processing stage for the particular tenant logical router, the method uses a QoS data structure specific to the particular tenant logical router to determine whether to allow the data message. The gateway device stores at least one separate QoS data structure for each of a set of the tenant logical routers.

公开(公告)号：US11303619B2

公开(公告)日：2022-04-12

申请号：US16893450

申请日：2020-06-05

Applicant: VMware, Inc.

Inventor： Dexiang Wang ,  Yong Wang

IPC: H04L29/06 ,  H04L9/06 ,  G06F16/22 ,  H04L69/22 ,  H04L69/16 ,  H04L69/326 ,  G06F9/455

Abstract: Example methods and computer systems for encapsulated encrypted packet handling for receive-side scaling (RSS). One example may comprise a first computer system performing encryption and encapsulation on a first inner packet to generate a first encapsulated encrypted packet that includes (a) a first security protocol header and (b) a first outer header configured based on a first security association (SA). The first encapsulated encrypted packet may be forwarded to cause receive-side processing using a first core of a second computer system based on the first outer header. The first computer system may further perform encryption and encapsulation on a second inner packet to generate a second encapsulated encrypted packet that includes (a) a second security protocol header (b) a second outer header configured based on a second SA. The second encapsulated encrypted packet may be forwarded to cause receive-side processing using a second core based on the second outer header.

公开(公告)号：US11271841B2

公开(公告)日：2022-03-08

申请号：US16847194

申请日：2020-04-13

Applicant: VMware, Inc.

Inventor： Lenin Singaravelu ,  Jin Heo ,  Jui-Ting Weng ,  Ayyappan Veeraiyan ,  Yong Wang

IPC: H04L12/26 ,  G06F9/455 ,  H04L12/841 ,  H04L43/16 ,  H04L43/0894 ,  H04L43/103 ,  H04L47/28

Abstract: A method of optimizing network processing in a system comprising a physical host and a set of physical network interface controllers (PNICs) is provided. The physical host includes a forwarding element. The method includes determining that a set of conditions is satisfied to bypass the forwarding element for exchanging packets between a particular data compute node (DCN) and a particular PNIC. The set of conditions includes the particular DCN being the only DCN connected to the forwarding element and the particular PNIC being the only PNIC connected to the forwarding element. The method exchanges packets between the particular DCN and the particular PNIC bypassing the forwarding element. The method determines that at least one condition in said set of conditions is not satisfied. The method utilizes the forwarding element to exchange packets between the particular DCN and the particular PNIC.

公开(公告)号：US20220070102A1

公开(公告)日：2022-03-03

申请号：US17008576

申请日：2020-08-31

Applicant: VMware, Inc.

Inventor： Dexiang Wang ,  Yong Wang ,  Jerome Catrouillet ,  Sreeram Ravinoothala

IPC: H04L12/855 ,  H04L12/66 ,  H04L29/06 ,  H04L29/08 ,  H04L29/12

Abstract: Some embodiments provide a method for a gateway datapath that executes on a gateway device to implement logical routers for a set of logical networks and process traffic between the logical networks and an external network. The method receives a data message at the gateway device. To process the data message, the method executes a set of processing stages that includes a processing stage for a particular logical router. As part of the processing stage for the particular logical router, the method (i) uses an access control list (ACL) table to determine whether the data message is subject to rate limiting controls defined for the particular logical router and (ii) only when the data message is subject to rate limiting controls, determines whether to allow the data message according to a rate limiting mechanism for the particular logical router.

公开(公告)号：US20210218677A1

公开(公告)日：2021-07-15

申请号：US16741457

申请日：2020-01-13

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Xinhua Hong ,  Sreeram Ravinoothala ,  Dexiang Wang

IPC: H04L12/851 ,  H04L12/66

Abstract: Some embodiments provide, for a gateway datapath that executes on a gateway device to implement tenant logical routers for multiple different tenant logical networks and process traffic between the tenant logical networks and an external network, a method for managing QoS for the plurality of tenant logical networks. The method receives a data message for a particular tenant logical network. The method executes a set of processing stages to process the data message. The set of processing stages includes a processing stage for a particular tenant logical router of the particular tenant logical network. As part of the processing stage for the particular tenant logical router, the method uses a QoS data structure specific to the particular tenant logical router to determine whether to allow the data message. The gateway device stores at least one separate QoS data structure for each of a set of the tenant logical routers.

公开(公告)号：US20210126848A1

公开(公告)日：2021-04-29

申请号：US16661879

申请日：2019-10-23

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Boon Ang ,  Guolin Yang ,  Wenyi Jiang

IPC: H04L12/26 ,  H04L12/46 ,  H04L29/08 ,  H04L12/24

Abstract: Some embodiments provide a method for monitoring the status of a network connection between first and second host computers. The method is performed in some embodiments by a tunnel monitor executing on the first host computer that also separately executes a machine, where the machine uses a tunnel to send and receive messages to and from the second host computer. The method establishes a liveness channel with the machine to iteratively determine whether the first machine is operational. The method further establishes a monitoring session with the second host computer to iteratively determine whether the tunnel is operational. When a determination is made through the liveness channel that the machine is no longer operational, the method terminates the monitoring session with the second host computer. When a determination is made that the tunnel is no longer operational, the method notifies the machine through the liveness channel.