公开(公告)号：US11178040B2

公开(公告)日：2021-11-16

申请号：US16808393

申请日：2020-03-04

Applicant: VMware, Inc.

Inventor： Ziyou Wang ,  Donghai Han ,  Mengdie Song ,  Rui Cao

IPC: H04L12/751 ,  H04L12/24 ,  H04L12/46 ,  H04L12/715 ,  H04L29/06 ,  H04L12/713 ,  G06F9/455

Abstract: Example methods and systems for intent-based network virtualization design are disclosed. One example may comprise: obtaining configuration information and traffic information associated with multiple virtualized computing instances, processing the configuration information and traffic information to identify network connectivity intents and mapping the network connectivity intents to a logical network topology template. Based on a first switching intent, a first group may be assigned to a first logical network domain and the logical network topology template configured to include a first logical switching element. Based on a second switching intent, a second group may be assigned to a second logical network domain and the logical network topology template configured to include a second logical switching element. Based on a routing intent, the logical network topology template may be configured to include a logical routing element.

公开(公告)号：US20210314190A1

公开(公告)日：2021-10-07

申请号：US16897715

申请日：2020-06-10

Applicant: VMware, Inc.

Inventor： Danting Liu ,  Jianjun Shen ,  Kai Su ,  Qian Sun ,  Wenfeng Liu ,  Donghai Han

IPC: H04L12/46 ,  G06F9/54 ,  G06F9/50 ,  H04L12/931 ,  H04L12/66 ,  G06F9/455

Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.

公开(公告)号：US11050647B1

公开(公告)日：2021-06-29

申请号：US16780859

申请日：2020-02-03

Applicant: VMware, Inc.

Inventor： Qiao Huang ,  Donghai Han ,  Qiong Wang ,  Jia Cheng ,  Xiaoyan Jin ,  Qiaoyan Hou

IPC: H04L12/26 ,  G06F9/455 ,  H04L29/06 ,  G06F9/50 ,  H04L29/12 ,  H04L12/46 ,  G06F9/54 ,  H04L12/751

Abstract: Example methods and systems are provided for simulation-based cross-cloud connectivity checks. One example method may include injecting a connectivity check packet in a first cloud environment, and obtaining first report information associated with a first stage of forwarding the connectivity check packet from one or more first observation points in the first cloud environment. The method may also comprise: based on configuration information associated with one or more second observation points in the second cloud environment, simulating a second stage of forwarding the connectivity check packet towards a second virtualized computing instance via the one or more second observation points. The method may further comprise: generating second report information associated with the simulated second stage to identify a connectivity status between a first virtualized computing instance and the second virtualized computing instance based on the first report information and the second report information.

公开(公告)号：US10938632B2

公开(公告)日：2021-03-02

申请号：US16278198

申请日：2019-02-18

Applicant: VMware, Inc.

Inventor： Qiao Huang ,  Donghai Han ,  Qiong Wang ,  Benli Ye ,  Xu Wang ,  Jia Cheng

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/12

Abstract: Example methods are provided for a network management entity to perform query failure diagnosis in a software-defined networking (SDN) environment. The method may comprise receiving a request to diagnose a query failure; and generating and sending control information to a host to cause the host to inject, at a first network element, a diagnostic packet for transmission along a datapath to a query failure via multiple second network elements. The diagnostic packet may be a query configured according to a query protocol supported by the query server. The method may also comprise: receiving report information associated with the diagnostic packet from at least one of the following: the first network element, the multiple second network elements and the query failure; and based on the report information, determining a diagnosis result associated with the query failure.

公开(公告)号：US20150058968A1

公开(公告)日：2015-02-26

申请号：US14070360

申请日：2013-11-01

Applicant: VMware, Inc.

Inventor： Hua Wang ,  Jianjun Shen ,  Donghai Han ,  Caixia Jiang ,  Wei Lu ,  Rahul Korivi Subramaniyam

IPC: H04L29/06

CPC classification number: H04L63/0281 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L51/12 ,  H04L61/103 ,  H04L61/2015 ,  H04L61/6013 ,  H04L61/6022 ,  H04L63/0236 ,  H04L63/1441 ,  H04L63/1466

Abstract: Some embodiments use proxies on host devices to suppress broadcast traffic in a network. Each host in some embodiments executes one or more virtual machines (VMs). In some embodiments, a proxy operates on each host between each VM and the underlying network. For instance, in some of these embodiments, a VM's proxy operates between the VM and a physical forwarding element executing on the VM's host. The proxy monitors the VM's traffic, and intercepts broadcast packets when it knows how to deal with them. The proxy connects to a set of one or more controllers that provides a directory service that collects and maintains global information of the network. By connecting to the controller cluster, the proxy can obtain information that it can use to resolve broadcast requests. In some embodiments, the connection between the proxy and the controller cluster is encrypted and authenticated, to enhance the security. Also, in some embodiments, the connection is an indirect connection through an agent that executes on the host device and connects the proxies of the host device with the controller cluster.

Abstract translation: 一些实施例使用主机设备上的代理来抑制网络中的广播流量。 在一些实施例中，每个主机执行一个或多个虚拟机（VM）。 在一些实施例中，代理在每个VM和底层网络之间的每个主机上运行。 例如，在这些实施例中的一些实施例中，VM的代理在VM和在VM主机上执行的物理转发元件之间运行。 代理监视虚拟机的流量，并在知道如何处理广播数据包时拦截广播数据包。 代理连接到一组一个或多个控制器，提供收集和维护网络的全局信息的目录服务。 通过连接到控制器集群，代理可以获取可用于解决广播请求的信息。 在一些实施例中，代理和控制器集群之间的连接被加密和认证，以增强安全性。 而且，在一些实施例中，连接是通过在主机设备上执行并将主机设备的代理与控制器集群连接的代理的间接连接。