公开(公告)号：US10693806B2

公开(公告)日：2020-06-23

申请号：US14644789

申请日：2015-03-11

Applicant: VMware, Inc.

Inventor： Chi-Hsiang Su ,  Akshay Katrekar ,  Guolin Yang

IPC: H04L12/927 ,  H04L12/911 ,  H04L12/915 ,  H04L12/24

Abstract: Virtual computing instances are provisioned with network resource allocation constraints, which may include hard constraints that must be met in order for the virtual computing instances to be created in a host server. Network resources from multiple hosts may be pooled in a virtual switch, and a cloud management system (CMS) may ensure that a network bandwidth reservation for a new virtual computing instance can be accommodated by network bandwidth in the pool that is reserved for communication endpoint traffic. In addition to such CMS-level constraint enforcement, techniques disclosed herein may also enforce network bandwidths constraints at the host level to guarantee that network bandwidth reservation requirements for communication endpoint(s) of a new virtual computing instance can be satisfied by a particular host before creating the virtual computing instance in that host.

公开(公告)号：US20250030663A1

公开(公告)日：2025-01-23

申请号：US18235772

申请日：2023-08-18

Applicant: VMware, Inc.

Inventor： Yang Ding ,  Jiahao Wu ,  Jianjun Shen ,  Lan Luo ,  Akshay Katrekar ,  Guna Singh Bagavath Singh Chidambaram Udhaya Singh

IPC: H04L9/40

Abstract: Techniques associated with exchanging data between clusters are disclosed. A data packet can be received from a first pod in a first cluster of a cluster set that targets a second pod or service in a second cluster of the cluster set. A label identity is determined for the first pod from a table of pods and label identities. The label identity for the first pod is added in a virtual network identifier field of a data packet header. The data packet is communicated from a first virtual switch to the second cluster through a tunnel interface and gateway node. Upon receipt of the data packet, the label identity is extracted from the data packet header, and an ingress rule associated with the label identity can be determined. Access to the second pod is controlled based on the rule.

公开(公告)号：US20210152467A1

公开(公告)日：2021-05-20

申请号：US17155658

申请日：2021-01-22

Applicant: VMware, Inc.

Inventor： Maheedhar Nallapareddy ,  Akshay Katrekar ,  Aarti Lolage ,  Nikhil Rajguru ,  Shyam Ramachandran ,  Tanmay Kumar

IPC: H04L12/721 ,  H04L12/931

Abstract: The disclosure provides an approach for decentralizing control plane operations in a network environment that includes transport nodes configured to implement a logical overlay network. A method includes transmitting a global list of transport nodes to each of the plurality of transport nodes from a management plane, the global list including an ordered list of the plurality of transport nodes. The method also includes transmitting a neighbor index value to each of the plurality of transport nodes, where the transport nodes each compute a corresponding list of neighbor transport nodes based on the neighbor index value and the global list of transport nodes. The method also includes, based on determining an update to a state of the logical overlay network has occurred by a first transport node, transmitting an update message from the first transport node to each transport node in the first transport node's list of neighbor transport nodes.

公开(公告)号：US11831610B2

公开(公告)日：2023-11-28

申请号：US16938989

申请日：2020-07-26

Applicant: VMWARE, INC.

Inventor： Vaibhav Kulkarni ,  Ganesan Chandrashekhar ,  Mukesh Hira ,  Akshay Katrekar ,  Prashant Mane ,  Rompicherla Sai Pavan Kumar ,  Sachin Kalkur ,  Amey Borkar

IPC: H04L9/40 ,  G06F9/455

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  H04L63/104 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: A system and method for using private native security groups and private native firewall policy rules for a private cloud computing environment and a public cloud computing environment uses a public cloud gateway for routing data traffic between at least a cloud network created in the public cloud computing environment and the private cloud computing environment. For each of some private native firewall policy rules that has any of newly created private native security groups as one of source and destination, a cloud native security group (CNSG) rule object with an CNSG outbound rule object and an CNSG inbound rule object for the public cloud is created and at least one of the CNSG outbound rule object and the CNSG inbound rule object is updated so that the private native firewall policy rule can be used in the cloud network.

公开(公告)号：US11689522B2

公开(公告)日：2023-06-27

申请号：US17010052

申请日：2020-09-02

Applicant: VMWARE, INC.

Inventor： Vaibhav Kulkarni ,  Mukesh Hira ,  Akshay Katrekar ,  Suyash Vishwas Gogte ,  Prem Shankar Sharma ,  Nikolay Semenov ,  Saqib Raza

IPC: H04L9/40 ,  G06F9/455 ,  H04L67/10 ,  H04L67/53

CPC classification number: H04L63/0823 ,  G06F9/45558 ,  H04L63/0236 ,  H04L63/20 ,  H04L67/10 ,  H04L67/53 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: System and computer-implemented method for secure hybrid cloud connectivity between an application in a public cloud service and an on-premises service supported by an on-premises appliance includes launching a public cloud gateway appliance in the public cloud service. The public cloud gateway appliance is configured with security information associated with the on-premises appliance. The on-premises appliance is provided with contact information associated with the public cloud gateway appliance. A communication channel is established, using an outbound port, from the on-premises appliance to the public cloud gateway appliance that is secured based on the security information associated with the on-premises appliance and the contact information associated with the public cloud gateway appliance.

公开(公告)号：US11528222B2

公开(公告)日：2022-12-13

申请号：US17155658

申请日：2021-01-22

Applicant: VMware, Inc.

Inventor： Maheedhar Nallapareddy ,  Akshay Katrekar ,  Aarti Lolage ,  Nikhil Rajguru ,  Shyam Ramachandran ,  Tanmay Kumar

IPC: H04L45/44 ,  H04L49/00

Abstract: The disclosure provides an approach for decentralizing control plane operations in a network environment that includes transport nodes configured to implement a logical overlay network. A method includes transmitting a global list of transport nodes to each of the plurality of transport nodes from a management plane, the global list including an ordered list of the plurality of transport nodes. The method also includes transmitting a neighbor index value to each of the plurality of transport nodes, where the transport nodes each compute a corresponding list of neighbor transport nodes based on the neighbor index value and the global list of transport nodes. The method also includes, based on determining an update to a state of the logical overlay network has occurred by a first transport node, transmitting an update message from the first transport node to each transport node in the first transport node's list of neighbor transport nodes.

公开(公告)号：US10931572B2

公开(公告)日：2021-02-23

申请号：US16253935

申请日：2019-01-22

Applicant: VMware, Inc.

Inventor： Maheedhar Nallapareddy ,  Akshay Katrekar ,  Aarti Lolage ,  Nikhil Rajguru ,  Shyam Ramachandran ,  Tanmay Kumar

IPC: H04L12/721 ,  H04L12/931

Abstract: The disclosure provides an approach for decentralizing control plane operations in a network environment that includes transport nodes configured to implement a logical overlay network. A method includes transmitting a global list of transport nodes to each of the plurality of transport nodes from a management plane, the global list including an ordered list of the plurality of transport nodes. The method also includes transmitting a neighbor index value to each of the plurality of transport nodes, where the transport nodes each compute a corresponding list of neighbor transport nodes based on the neighbor index value and the global list of transport nodes. The method also includes, based on determining an update to a state of the logical overlay network has occurred by a first transport node, transmitting an update message from the first transport node to each transport node in the first transport node's list of neighbor transport nodes.