公开(公告)号：US20230026865A1

公开(公告)日：2023-01-26

申请号：US17384738

申请日：2021-07-24

Applicant: VMware, Inc.

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Shadab Shah ,  Abhishek Goliya ,  Chandran Anjur Narasimhan ,  Gurudutt Maiya Belur ,  Vikas Kamath

IPC: H04L29/06 ,  H04L12/717 ,  H04L12/713 ,  H04L12/721

Abstract: A software-defined wide area network (SD-WAN) environment that leverages network virtualization management deployment is provided. Edge security services managed by the network virtualization management deployment are made available in the SD-WAN environment. Cloud gateways forward SD-WAN traffic to managed service nodes to apply security services. Network traffic is encapsulated with corresponding metadata to ensure that services can be performed according to the desired policy. Point-to-point tunnels are established between cloud gateways and the managed service nodes to transport the metadata to the managed service nodes using an overlay logical network. Virtual network identifiers (VNIs) in the metadata are used by the managed service nodes to identify tenants/policies. A managed service node receiving a packet uses provider service routers (T0-SR) and tenant service routers (T1-SRs) based on the VNI to apply the prescribed services for the tenant, and the resulting traffic is returned to the cloud gateway that originated the traffic.

公开(公告)号：US20230024885A1

公开(公告)日：2023-01-26

申请号：US17502081

申请日：2021-10-15

Applicant: VMWARE, INC.

Inventor： Yong Wang ,  Awan Kumar Sharma ,  Xinhua Hong ,  Abhishek Goliya

IPC: H04L12/747 ,  H04L12/66 ,  H04L12/46

Abstract: Described herein are systems, methods, and software to manage the selection of an edge gateway or edge for processing a packet. In one implementation, a first edge may receive a packet and hash addressing information in the packet to select a second edge to process the packet. The first edge may further forward the packet to the second edge, permitting the second edge to process the packet. Once processed, the second edge may forward the packet to a destination host computing system and notify the host computing system to use the second edge for response packets directed at a source internet protocol (IP) address in the packet.

公开(公告)号：US20210314193A1

公开(公告)日：2021-10-07

申请号：US16906902

申请日：2020-06-19

Applicant: VMware, Inc.

Inventor： Ganesan Chandrashekhar ,  Hongwei Zhu ,  Jia Yu ,  Abhishek Goliya

IPC: H04L12/66 ,  H04L12/46 ,  H04L12/741 ,  H04L12/713 ,  H04L12/931 ,  H04L29/12

Abstract: Some embodiments provide a method for an edge computing device in a first datacenter that implements a logical network gateway for processing data traffic for a particular LFE between the first datacenter and multiple other datacenters. For each particular other datacenter, the method stores a record that maps logical network addresses for DCNs connected to the particular LFE and operating in the particular datacenter to a group of TEP addresses corresponding to logical network gateways that handle data traffic for the particular LFE between the particular datacenter and the other datacenters, including the first datacenter. Upon receiving a data message for the particular LFE from a host computer in the first datacenter, the method uses a destination address of the data message to identify one of the groups of TEP addresses. The method encapsulates the data message with one of the TEP addresses from the identified group of TEP addresses.

公开(公告)号：US11088935B2

公开(公告)日：2021-08-10

申请号：US16727968

申请日：2019-12-27

Applicant: VMWARE, INC.

Inventor： Ankur Dubey ,  Sami Boutros ,  Abhishek Goliya

IPC: G06F15/16 ,  H04L12/751 ,  H04L12/24 ,  H04L29/12 ,  H04L12/745 ,  H04L12/46

Abstract: Example methods and network devices for tunnel-based routing calculation. One example method may comprise establishing a tunnel between a first tunnel interface and a second tunnel interface; establishing a first session for routing information exchange between a first tunnel endpoint and an underlay network device; establishing a second session for routing information exchange between the first tunnel interface and the second tunnel interface over the tunnel. In response to receiving first routing information over the first session, the underlay network device may be configured to be a next hop to reach the second tunnel endpoint by updating a routing table to include a first entry. In response to receiving second routing information from the second tunnel interface over the second session, the underlay network device may be retained as the next hop based on an excluded address specified in the second routing information.

公开(公告)号：US20240113971A1

公开(公告)日：2024-04-04

申请号：US17959989

申请日：2022-10-04

Applicant: VMware, Inc.

Inventor： Abhishek Goliya ,  Santosh Pallagatti Kotrabasappa

IPC: H04L45/76 ,  H04L45/02

CPC classification number: H04L45/76 ,  H04L45/02

Abstract: An example method of handling traffic for an existing connection of a virtual machine (VM) migrated from a source site to a destination site includes: receiving, at an edge server of the destination site, the traffic, the traffic being associated with a network flow; determining, by the edge server of the destination site, that a stateful service of the edge server does not have state for the network flow; sending, by the edge server of the destination site, a threshold number of packets of the traffic to a plurality of sites; receiving, at the edge server of the destination site, an acknowledgement from the source site that the source site has the state for the network flow; and creating, by the edge server of the destination site, a flow mapping to send the traffic associated with the network flow to the source site.

公开(公告)号：US20230412495A1

公开(公告)日：2023-12-21

申请号：US17845716

申请日：2022-06-21

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Jayant Jain ,  Ganesh Sadasivan ,  Abhishek Goliya

IPC: H04L45/00 ,  H04L61/256 ,  H04L61/2596

CPC classification number: H04L45/38 ,  H04L61/256 ,  H04L61/2596

Abstract: Some embodiments provide a method for forwarding data messages at multiple edge gateways of a logical network that process data messages between the logical network and an external network. At a first edge gateway, the method receives a data message, having an external address as a destination address, from the logical network. Based on the destination address, the method applies a default route to the data message that routes the data message to a second edge gateway and specifies a first output interface of the first edge gateway for the data message. After routing the data message, the method applies a stored NAT entry that (i) modifies a source address of the data message to be a public NAT address associated with the first edge gateway and (ii) redirects the modified data message to a second output interface of the first edge gateway instead of the first output interface.

公开(公告)号：US20210314258A1

公开(公告)日：2021-10-07

申请号：US16906908

申请日：2020-06-19

Applicant: VMware, Inc.

Inventor： Ganesan Chandrashekhar ,  Abhishek Goliya

IPC: H04L12/717 ,  H04L12/713 ,  H04L12/931 ,  H04L12/24

Abstract: Some embodiments provide a method for implementing a logical router that spans multiple datacenters. The method receives a configuration for a set of logical switches and a logical router (LR) that (i) handles data traffic between data compute nodes (DCNs) connected to the logical switches and endpoints not connected to the set of logical switches and (ii) performs stateful services on the traffic. The DCNs include at least one DCN operating in each datacenter. For each datacenter, the method defines a centralized routing component (SR) for the LR for handling the traffic between the DCNs in the datacenter and the endpoints not connected to the set of logical switches. The method designates one of the SRs as a primary SR and the other SRs as secondary SRs. The secondary SRs forward traffic, received from DCNs in their respective datacenters and for which stateful services are required, to the primary SR.

公开(公告)号：US20210314256A1

公开(公告)日：2021-10-07

申请号：US16906889

申请日：2020-06-19

Applicant: VMware, Inc.

Inventor： Ganesan Chandrashekhar ,  Abhishek Goliya ,  Ankur Dubey ,  Sami Boutros ,  Yashika Narang

IPC: H04L12/717 ,  H04L12/713 ,  H04L12/707 ,  H04L12/715 ,  H04L12/723 ,  H04L12/751 ,  H04L29/12

Abstract: Some embodiments provide a method for a first edge device in a first datacenter that implements a centralized routing component of a logical router that spans multiple datacenters and handles data traffic between a logical network implemented across the multiple datacenters and external networks. From a second edge device in a second datacenter, the method receives via routing protocol a route having a particular routing protocol tag. When the first datacenter is a primary datacenter for the logical router such that all data traffic between the logical network and the external networks is handled by one or more centralized routing components implemented at the first datacenter, the method uses the routing protocol tag to determine whether to advertise the received route to the external networks.

公开(公告)号：US20230396670A1

公开(公告)日：2023-12-07

申请号：US17833566

申请日：2022-06-06

Applicant: VMware, Inc.

Inventor： Santosh Pallagatti Kotrabasappa ,  Abhishek Goliya ,  Sajan Liyon ,  Sairam Veeraswamy ,  Sumit Mundhra

IPC: H04L67/1021

CPC classification number: H04L67/1021

Abstract: Some embodiments provide a method of implementing context-aware routing for a software-defined wide-area network, at an SD-WAN edge forwarding element (FE) located at a branch network connected to the SD-WAN. The method receives, from an SD-WAN controller, geolocation route weights for each of multiple cloud datacenters across which a set of application resources is distributed. The application resources are all reachable at a same virtual network address. For each of the cloud datacenters, the method installs a route for the virtual network address between the branch network and the cloud datacenter. The routes have different total costs based at least in part on the geolocation metrics received from the SD-WAN controller. The SD-WAN edge FE selects between the routes to establish connections to the set of application resources.

公开(公告)号：US11824780B2

公开(公告)日：2023-11-21

申请号：US17502081

申请日：2021-10-15

Applicant: VMWARE, INC.

Inventor： Yong Wang ,  Awan Kumar Sharma ,  Xinhua Hong ,  Abhishek Goliya

IPC: H04L12/747 ,  H04L12/66 ,  H04L12/46 ,  H04L45/74

CPC classification number: H04L45/742 ,  H04L12/4633 ,  H04L12/66 ,  H04L2212/00

Abstract: Described herein are systems, methods, and software to manage the selection of an edge gateway or edge for processing a packet. In one implementation, a first edge may receive a packet and hash addressing information in the packet to select a second edge to process the packet. The first edge may further forward the packet to the second edge, permitting the second edge to process the packet. Once processed, the second edge may forward the packet to a destination host computing system and notify the host computing system to use the second edge for response packets directed at a source internet protocol (IP) address in the packet.