公开(公告)号：US20220021686A1

公开(公告)日：2022-01-20

申请号：US16929074

申请日：2020-07-14

Applicant: VMware, Inc.

Inventor： Baibhav SINGH ,  Jayant JAIN

IPC: H04L29/06 ,  G06F21/53 ,  G06F9/455 ,  H04L29/12

Abstract: Example methods and systems for a computer system to perform security threat detection are described. In one example, a computer system may intercept an egress packet from a virtualized computing instance to pause forwarding of the egress packet towards a destination and obtain process information associated a process from which the egress packet originates. The computer system may initiate security analysis based on the process information. In response to determination that the process is a potential security threat based on the security analysis, the egress packet may be dropped, and a remediation action performed. Otherwise, the egress packet may be forwarded towards the destination.

公开(公告)号：US20200236046A1

公开(公告)日：2020-07-23

申请号：US16251080

申请日：2019-01-18

Applicant: VMware, Inc.

Inventor： Rahul JAIN ,  Kantesh MUNDARAGI ,  Pierluigi ROLANDO ,  Jayant JAIN ,  Mukesh HIRA

IPC: H04L12/741 ,  H04L12/46 ,  H04L12/931 ,  G06F9/455

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US20220201022A1

公开(公告)日：2022-06-23

申请号：US17126045

申请日：2020-12-18

Applicant: VMware, Inc.

Inventor： Baibhav SINGH ,  Jayant JAIN

IPC: H04L29/06 ,  G06F9/455

Abstract: Example methods and systems for correlation-based security threat analysis are described. In one example, a computer system may obtain event information that is generated by monitoring a virtualized computing instance supported by a host; and network alert information that is generated by monitoring network traffic associated with the virtualized computing instance. The network alert information may specify security threat signature(s) detected based on the network traffic. The computer system may map the network alert information to threat information that specifies indicator(s) of compromise associated with the signature(s) and perform a correlation analysis based on the event information, network alert information and threat information. Based on the correlation analysis, it is determined whether there is a potential security threat associated with the virtualized computing instance.

公开(公告)号：US20210083894A1

公开(公告)日：2021-03-18

申请号：US16570344

申请日：2019-09-13

Applicant: VMware, Inc.

Inventor： Sami BOUTROS ,  Mani KANCHERLA ,  Jayant JAIN ,  Ankur DUBEY ,  Rajeev NAIR

IPC: H04L12/28 ,  H04L12/721 ,  H04L29/12 ,  H04L12/851 ,  H04L12/741

Abstract: Embodiments described herein involve appliance migration. Embodiments include connecting, by a second appliance that is configured to perform a service, to a first uplink and a first downlink of a first appliance that is configured to perform the service. Embodiments include connecting, by the second appliance, to a first endpoint and a second endpoint to which the first appliance is connected. Embodiments include determining, by the second appliance, existing flows processed by the first appliance. Embodiments include processing, by the second appliance, a plurality of packets received via the first endpoint by: forwarding, by the second appliance, first packets of the plurality of packets that correspond to the existing flows to the first appliance; and performing, by the second appliance, the service for second packets of the plurality of packets that do not correspond to the existing flows.

公开(公告)号：US20160072684A1

公开(公告)日：2016-03-10

申请号：US14945334

申请日：2015-11-18

Applicant: VMware, Inc.

Inventor： Subrahmanyam MANUGURI ,  Jayant JAIN ,  Anirban SENGUPTA

IPC: H04L12/26 ,  H04L12/813 ,  H04L12/24

CPC classification number: H04L43/028 ,  H04L41/12 ,  H04L47/12 ,  H04L47/125 ,  H04L47/20 ,  H04L63/20

Abstract: Exemplary methods, apparatuses, and systems receive a copy of or make a copy of one or more packets of a flow of packets between a source and a destination. While or after the one or more packets are forwarded to the destination, the content of the one or more packets is compared to a policy to determine if the flow of packets triggers a policy response. A map of devices within a datacenter cluster of devices is maintained and used to select one or more available devices when packet inspection is distributed.

Abstract translation: 示例性方法，装置和系统在源和目的地之间接收一组或多个分组流的分组的副本。 在将一个或多个分组转发到目的地之后或之后，将一个或多个分组的内容与策略进行比较以确定分组的流是否触发策略响应。 维护数据中心集群设备中的设备的映射，并用于在分发数据包检查时选择一个或多个可用设备。

公开(公告)号：US20210367830A1

公开(公告)日：2021-11-25

申请号：US16879796

申请日：2020-05-21

Applicant: VMware, Inc.

Inventor： Jayant JAIN ,  Sushruth GOPAL ,  Russell LU ,  Anirban SENGUPTA ,  Yangyang ZHU

IPC: H04L12/24 ,  H04L12/26 ,  G06F9/455

Abstract: Example methods and systems for dynamic event processing for network diagnosis are described. In one example, a computer system may monitor a runtime flow of multiple packets to detect a set of multiple events associated with the runtime flow. The computer system may perform a first stage of event processing by matching the set of multiple events to a set of multiple signatures that includes a first signature and a second signature. The first signature may be associated with a first mapping rule that is fully satisfied by the set of multiple events. The second signature may be associated with a second mapping rule that is partially satisfied. During a second stage of event processing, the second signature is disregarded. In response to diagnosing an issue associated with the runtime flow, remediation action(s) may be performed.

公开(公告)号：US20210314299A1

公开(公告)日：2021-10-07

申请号：US16841962

申请日：2020-04-07

Applicant: VMware, Inc.

Inventor： Sushruth GOPAL ,  Jayant JAIN ,  Davide CELOTTO ,  Josh SWERDLOW

IPC: H04L29/06 ,  G06F9/455

Abstract: A method comprises: in response to detecting a new expression in a policy rule, updating a global version number to a new value; identifying a particular IP address that corresponds to an FQDN matching on the new expression; storing an entry comprising the particular IP address, the new expression, and an entry version number in a first data structure, the entry version number being assigned the new value; in response to detecting a new connection to a destination IP address: finding a matching entry in the first data structure corresponding to the destination IP address; determining whether the global version number matches the entry version number for the matching entry; and in response to determining that the global version number does not match the entry version number for the matching entry, sending update information to a slowpath process that associates an updated configuration information for the matching entry.

公开(公告)号：US20200076928A1

公开(公告)日：2020-03-05

申请号：US16114987

申请日：2018-08-28

Applicant: VMware, Inc.

Inventor： Yong WANG ,  Xinhua HONG ,  Jayant JAIN

IPC: H04L29/06 ,  H04L12/747 ,  H04L12/741 ,  H04L29/08

Abstract: Certain embodiments described herein are generally directed to using a flow cache with packets comprising dynamic headers. Embodiments include receiving a packet of a packet flow from a network, parsing the packet in order to determine a flow key, and comparing the flow key to entries in the flow cache. Upon determining that the flow key does not match any of the entries, embodiments include determining whether the packet comprises a dynamic header. Upon determining that the packet comprises a dynamic header, embodiments include canceling recorded flow cache information for the packet, performing an operation on the packet, reparsing the packet in order to determine a new flow key, and comparing the new flow key to the entries in the flow cache. Upon determining that the flow key matches an entry, embodiments include determining cached actions to perform for the packet based on the entry and performing the cached actions.

公开(公告)号：US20200045148A1

公开(公告)日：2020-02-06

申请号：US16051048

申请日：2018-07-31

Applicant: VMware, Inc.

Inventor： Rahul MISHRA ,  Jayant JAIN ,  Pierluigi ROLANDO ,  Kantesh MUNDARAGI ,  Raju KOGANTY

IPC: H04L29/06 ,  H04L12/751 ,  G06F9/455 ,  H04L12/46

Abstract: Example methods are provided for packet handling during service virtualized computing instance migration in a software-defined networking (SDN) environment. The method may comprise configuring first reachability information to associate a first service virtualized computing instance with an active role, and second reachability information to associate a second service virtualized computing instance with a standby role. In response to determination that a switchover is required to facilitate a migration of the first service virtualized computing instance, the first reachability information may be updated to associate the first service virtualized computing instance with the standby role, and the second reachability information to associate the second service virtualized computing instance with the active role. The method may also comprise: in response to detecting a completion of the migration, updating the first reachability information to associate the first service virtualized computing instance with a target host instead of a source host.

公开(公告)号：US20190342191A1

公开(公告)日：2019-11-07

申请号：US16396758

申请日：2019-04-28

Applicant: VMware, Inc.

Inventor： Subrahmanyam MANUGURI ,  Jayant JAIN ,  Anirban SENGUPTA

IPC: H04L12/26 ,  H04L29/06 ,  H04L12/813 ,  H04L12/801 ,  H04L12/24

Abstract: Exemplary methods, apparatuses, and systems receive a copy of or make a copy of one or more packets of a flow of packets between a source and a destination. While or after the one or more packets are forwarded to the destination, the content of the one or more packets is compared to a policy to determine if the flow of packets triggers a policy response. A map of devices within a datacenter cluster of devices is maintained and used to select one or more available devices when packet inspection is distributed.