公开(公告)号：US20240422083A1

公开(公告)日：2024-12-19

申请号：US18821664

申请日：2024-08-30

Applicant: Nicira, Inc.

Inventor： Alok S. Tiagi ,  Jayant Jain ,  Anirban Sengupta ,  Srinivas Nimmagadda ,  Rick Lund

IPC: H04L43/04 ,  H04L41/5009 ,  H04L43/08 ,  H04L67/02 ,  H04L67/1001 ,  H04L69/22

Abstract: A method of collecting health check metrics for a network is provided. The method, at a deep packet inspector on a physical host in a datacenter, receives a copy of a network packet from a load balancer. The packet includes a plurality of layers. Each layer corresponds to a communication protocol in a plurality of communication protocols. The method identifies an application referenced in the packet. The method analyzes the information in one or more layers of the packet to determine metrics for the source application. The method sends the determined metrics to the load balancer.

公开(公告)号：US12081419B2

公开(公告)日：2024-09-03

申请号：US18227302

申请日：2023-07-28

Applicant: Nicira, Inc.

Inventor： Alok S. Tiagi ,  Jayant Jain ,  Anirban Sengupta ,  Srinivas Nimmagadda ,  Rick Lund

IPC: H04L43/04 ,  H04L43/08 ,  H04L67/02 ,  H04L67/1001 ,  H04L69/22 ,  H04L41/5009

CPC classification number: H04L43/04 ,  H04L43/08 ,  H04L67/02 ,  H04L67/1001 ,  H04L69/22 ,  H04L41/5009

Abstract: A method of collecting health check metrics for a network is provided. The method, at a deep packet inspector on a physical host in a datacenter, receives a copy of a network packet from a load balancer. The packet includes a plurality of layers. Each layer corresponds to a communication protocol in a plurality of communication protocols. The method identifies an application referenced in the packet. The method analyzes the information in one or more layers of the packet to determine metrics for the source application. The method sends the determined metrics to the load balancer.

公开(公告)号：US20240179107A1

公开(公告)日：2024-05-30

申请号：US18431813

申请日：2024-02-02

Applicant: Nicira, Inc.

Inventor： Jayant Jain ,  Ganesan Chandrashekhar ,  Anirban Sengupta ,  Pankaj Thakkar ,  Alexander Tessmer

IPC: H04L49/00 ,  H04L12/46 ,  H04L41/0803 ,  H04L45/00 ,  H04L45/64

CPC classification number: H04L49/70 ,  H04L12/4633 ,  H04L41/0803 ,  H04L45/34 ,  H04L45/64 ,  H04L49/30 ,  H04L45/38

Abstract: Described herein are systems, methods, and software to enhance network traffic management. In one implementation, a first host identifies a packet to be transferred from a first virtual machine on the first host to a second virtual machine on a second host. In response to identifying the packet, the first host identifies a source logical port for the first virtual machine, and transferring a communication to the second host, wherein the communication encapsulates the data packet and the source logical port. Once the packet is received by the second host, the second host may use the source logical port to determine a forwarding action for the packet.

公开(公告)号：US20240031458A1

公开(公告)日：2024-01-25

申请号：US18372201

申请日：2023-09-25

Applicant: Nicira, Inc.

Inventor： Mohan Parthasarathy ,  Jayant Jain ,  Xinhua Hong ,  Anirban Sengupta

IPC: H04L69/22 ,  H04L49/00 ,  H04L45/00 ,  H04L45/745 ,  H04L45/48

CPC classification number: H04L69/22 ,  H04L49/3009 ,  H04L45/72 ,  H04L45/745 ,  H04L45/48 ,  H04L47/2441

Abstract: A novel algorithm for packet classification that is based on a novel search structure for packet classification rules is provided. Addresses from all the containers are merged and maintained in a single Trie. Each entry in the Trie has additional information that can be traced back to the container from where the address originated. This information is used to keep the Trie in sync with the containers when the container definition dynamically changes.

公开(公告)号：US20240015086A1

公开(公告)日：2024-01-11

申请号：US18370006

申请日：2023-09-19

Applicant: Nicira, Inc.

Inventor： Sami Boutros ,  Stephen Tan ,  Rahul Mishra ,  Kantesh Mundaragi ,  Jayant Jain ,  Akhila Naveen

IPC: H04L43/0805 ,  H04L41/0668 ,  H04L43/10

CPC classification number: H04L43/0805 ,  H04L41/0668 ,  H04L43/10

Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.

公开(公告)号：US11805191B2

公开(公告)日：2023-10-31

申请号：US18114597

申请日：2023-02-27

Applicant: Nicira, Inc.

Inventor： Mohan Parthasarathy ,  Jayant Jain ,  Xinhua Hong ,  Anirban Sengupta

IPC: H04L29/06 ,  H04L12/935 ,  H04L69/22 ,  H04L49/00 ,  H04L45/00 ,  H04L45/745 ,  H04L45/48 ,  H04L47/2441 ,  H04L69/12 ,  H04L12/54 ,  H04L9/40

CPC classification number: H04L69/22 ,  H04L45/48 ,  H04L45/72 ,  H04L45/745 ,  H04L49/3009 ,  H04L9/40 ,  H04L12/56 ,  H04L47/2441 ,  H04L69/12

Abstract: A novel algorithm for packet classification that is based on a novel search structure for packet classification rules is provided. Addresses from all the containers are merged and maintained in a single Trie. Each entry in the Trie has additional information that can be traced back to the container from where the address originated. This information is used to keep the Trie in sync with the containers when the container definition dynamically changes.

公开(公告)号：US11750482B2

公开(公告)日：2023-09-05

申请号：US17334682

申请日：2021-05-28

Applicant: Nicira, Inc.

Inventor： Alok S. Tiagi ,  Jayant Jain ,  Anirban Sengupta ,  Srinivas Nimmagadda ,  Rick Lund

IPC: G06F15/173 ,  H04L43/04 ,  H04L67/02 ,  H04L69/22 ,  H04L67/1001 ,  H04L43/08 ,  H04L41/5009

CPC classification number: H04L43/04 ,  H04L43/08 ,  H04L67/02 ,  H04L67/1001 ,  H04L69/22 ,  H04L41/5009

Abstract: A method of collecting health check metrics for a network is provided. The method, at a deep packet inspector on a physical host in a datacenter, receives a copy of a network packet from a load balancer. The packet includes a plurality of layers. Each layer corresponds to a communication protocol in a plurality of communication protocols. The method identifies an application referenced in the packet. The method analyzes the information in one or more layers of the packet to determine metrics for the source application. The method sends the determined metrics to the load balancer.

公开(公告)号：US11665242B2

公开(公告)日：2023-05-30

申请号：US16945746

申请日：2020-07-31

Applicant: Nicira, Inc.

Inventor： Mani Kancherla ,  Jayant Jain ,  Anirban Sengupta

IPC: G06F15/16 ,  H04L67/141 ,  H04L67/1004 ,  H04L12/46 ,  H04L67/1017 ,  H04L61/2521 ,  H04L67/1014 ,  H04L67/1001

CPC classification number: H04L67/141 ,  H04L67/1004 ,  H04L12/4633 ,  H04L61/2521 ,  H04L67/1001 ,  H04L67/1014 ,  H04L67/1017 ,  H04L2212/00

Abstract: Some embodiments provide a method that allows a first data compute node (DCN) to forward outgoing traffic to a second DCN directly in spite of receiving the incoming traffic from the second DCN through a load balancer. That is, the return traffic's network path from the first DCN (e.g., a server machine) to the second DCN (e.g., a client machine) bypasses the load balancer, even though a request that initiated the return traffic is received through the load balancer. The load balancer receives a connection session request from a client machine to connect to a server. It identifies a set of parameters for the connection session and after selecting a server for the connection, passes the identified set of parameters to a host machine that executes the server. The server establishes the connection session directly with the client machine based on the identified set of parameters.

公开(公告)号：US11075842B2

公开(公告)日：2021-07-27

申请号：US16427294

申请日：2019-05-30

Applicant: Nicira, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Mohan Parthasarathy ,  Allwyn Sequeira ,  Serge Maskalik ,  Rick Lund

IPC: H04L12/803 ,  H04L29/12 ,  H04L12/741 ,  H04L12/707 ,  H04L12/721 ,  H04L29/08 ,  H04L12/911

Abstract: Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN. To direct the data message to the identified DCN, the load balancer in some embodiments changes the destination address (e.g., the destination IP address, destination port, destination MAC address, etc.) in the data message from the address of the identified DCN group to the address (e.g., the destination IP address) of the identified DCN.

公开(公告)号：US11032246B2

公开(公告)日：2021-06-08

申请号：US15836888

申请日：2017-12-10

Applicant: Nicira, Inc.

Inventor： Laxmikant Vithal Gunda ,  Arnold Poon ,  Jayant Jain ,  Aditi Vutukuri

IPC: H04L29/06 ,  G06F21/50 ,  G06F9/455

Abstract: Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. Some embodiments execute a guest-introspection (GI) agent on each machine from which contextual attributes need to be captured. In addition to executing one or more machines on each host computer, these embodiments also execute a context engine and one or more attribute-based service engines on each host computer. One of these service engines is a firewall engine. Through the GI agents of the machines on a host, the context engine of that host in some embodiments collects contextual attributes associated with network events and/or process events on the machines. The context engine then provides the contextual attributes to the firewall engine, which, in turn, use these contextual attributes to identify firewall rules to enforce.