公开(公告)号：US11102100B2

公开(公告)日：2021-08-24

申请号：US16733285

申请日：2020-01-03

Applicant: VMWARE, INC.

Inventor： Sudesh Pawar

IPC: H04L12/26 ,  H04L12/46 ,  H04L29/06

Abstract: Certain embodiments described herein relate to a method for performing dead peer detection (DPD) by a local gateway. The method includes periodically examining one or more array elements of a timestamp array. The method further includes, for each of the examined one or more array elements, determining whether a corresponding idle timeout threshold is met. The method further includes, upon determining that the corresponding idle timeout threshold is not met, refraining from causing a notification to be transmitted to a peer gateway. The method also includes, upon determining that the corresponding idle timeout threshold is met, causing a notification to be transmitted to the peer gateway to determine whether the peer gateway is responsive with respect to a tunnel associated with the examined array element.

公开(公告)号：US20230403252A1

公开(公告)日：2023-12-14

申请号：US18238177

申请日：2023-08-25

Applicant: VMware, Inc.

Inventor： Sudesh Pawar

IPC: H04L61/251 ,  H04L12/46 ,  H04L61/256

CPC classification number: H04L61/251 ,  H04L12/4633 ,  H04L61/2571

Abstract: Some embodiments provide a method of load balancing data message flows across multiple secure connections. The method receives a data message having source and destination addresses formatted according to a first protocol. Based on the source and destination addresses, the method selects one of the multiple secure connections for the data message. Each of the secure connections handles a first set of connections formatted according to the first protocol and a second set of connections formatted according to a second protocol that is an alternative to the first protocol. The method securely encapsulates the data message and forwards the encapsulated data message onto a network. The encapsulation includes an identifier for the selected secure connection.

公开(公告)号：US11863514B2

公开(公告)日：2024-01-02

申请号：US17715510

申请日：2022-04-07

Applicant: VMware, Inc.

Inventor： Sudesh Pawar

IPC: G06F15/173 ,  H04L61/251 ,  H04L12/46 ,  H04L61/256

CPC classification number: H04L61/251 ,  H04L12/4633 ,  H04L61/2571

Abstract: Some embodiments provide a method of load balancing data message flows across multiple secure connections. The method receives a data message having source and destination addresses formatted according to a first protocol. Based on the source and destination addresses, the method selects one of the multiple secure connections for the data message. Each of the secure connections handles a first set of connections formatted according to the first protocol and a second set of connections formatted according to a second protocol that is an alternative to the first protocol. The method securely encapsulates the data message and forwards the encapsulated data message onto a network. The encapsulation includes an identifier for the selected secure connection.

公开(公告)号：US11711292B2

公开(公告)日：2023-07-25

申请号：US16820750

申请日：2020-03-17

Applicant: VMWARE, INC.

Inventor： Sudesh Pawar ,  Pierluigi Rolando ,  Rahul Mishra

IPC: H04L45/00 ,  H04L45/122 ,  H04L45/745 ,  H04L45/42 ,  H04L9/40 ,  H04L69/22 ,  G06F9/455 ,  H04L45/586

CPC classification number: H04L45/20 ,  G06F9/45558 ,  H04L45/122 ,  H04L45/42 ,  H04L45/586 ,  H04L45/745 ,  H04L63/0245 ,  H04L69/22 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: The disclosure provides an approach for pre-filtering traffic in a logical network. One method includes receiving, by a hypervisor, a packet from a virtual computing instance (VCI) and determining a service path for the packet based on a service table. The method further includes setting, by the hypervisor, a pre-filter component as a next hop for the packet based on the service path. The method further includes receiving, by the pre-filter component, the packet. The method further includes making a determination, by the pre-filter component, of whether the packet requires processing by the security component. The method further includes performing, by the pre-filter component, based on the determination, one of: forwarding the packet to its destination and bypassing the security component; or forwarding the packet to the security component.

公开(公告)号：US20230231826A1

公开(公告)日：2023-07-20

申请号：US17715510

申请日：2022-04-07

Applicant: VMware, Inc.

Inventor： Sudesh Pawar

IPC: H04L61/251 ,  H04L61/256 ,  H04L12/46

CPC classification number: H04L61/251 ,  H04L61/2571 ,  H04L12/4633

Abstract: Some embodiments provide a method of load balancing data message flows across multiple secure connections. The method receives a data message having source and destination addresses formatted according to a first protocol. Based on the source and destination addresses, the method selects one of the multiple secure connections for the data message. Each of the secure connections handles a first set of connections formatted according to the first protocol and a second set of connections formatted according to a second protocol that is an alternative to the first protocol. The method securely encapsulates the data message and forwards the encapsulated data message onto a network. The encapsulation includes an identifier for the selected secure connection.

公开(公告)号：US11323349B2

公开(公告)日：2022-05-03

申请号：US16733281

申请日：2020-01-03

Applicant: VMWARE, INC.

Inventor： Sudesh Pawar

IPC: H04L29/06 ,  H04L43/0876 ,  H04L43/0823 ,  H04L43/065 ,  H04L12/46 ,  H04L43/106

Abstract: Certain embodiments described herein relate to a method for performing dead peer detection (DPD) by a local gateway. The method includes periodically examining one or more array elements of a timestamp array. The method further includes, for each of the examined one or more array elements, determining whether a corresponding idle timeout threshold is met. The method further includes, upon determining that the corresponding idle timeout threshold is not met, refraining from causing a notification to be transmitted to a peer gateway. The method also includes, upon determining that the corresponding idle timeout threshold is met, causing a notification to be transmitted to the peer gateway to determine whether the peer gateway is responsive with respect to a tunnel associated with the examined array element.