公开(公告)号：US11552878B1

公开(公告)日：2023-01-10

申请号：US17492723

申请日：2021-10-04

Applicant: VMWARE, INC.

Inventor： Awan Kumar Sharma ,  Yong Wang ,  Sourabh Bhattacharya ,  Deepika Kunal Solanki ,  Sarthak Ray ,  Jochen Behrens

IPC: G06F15/173 ,  H04L45/24 ,  H04L9/40 ,  H04L45/00 ,  H04L45/42

Abstract: Described herein are systems, methods, and software to manage replay windows in multipath connections between gateways. In one implementation, a first gateway may receive a packet directed toward a second gateway and identify a path from a plurality of paths to the second gateway. Once identified, the first gateway may increment a sequence number associated with the path and encapsulate the packet with a unique identifier for the path in the header with the incremented sequence number. The first gateway the communicates the encapsulated packet to the second gateway.

公开(公告)号：US20230118718A1

公开(公告)日：2023-04-20

申请号：US17962419

申请日：2022-10-07

Applicant: VMware, Inc.

Inventor： Deepika Kunal Solanki ,  Awan Kumar Sharma ,  Yong Wang ,  Sarthak Ray

IPC: H04L9/40 ,  H04L12/46

Abstract: Some embodiments provide a method for establishing a virtual private network (VPN) session between a first gateway router located at a first site and a second gateway router located at a second site. The VPN session for exchanging packets along multiple paths between the first and second sites. The method is performed at the second gateway router located at the second site. The method determines whether any intermediate network address translation (NAT) device processes packets on the multiple paths between the first and second sites during the VPN session. Upon determining that no NAT device processes packets on the multiple paths between the first and second sites, the method builds a source port pool at the second site for sending probe packets during the VPN session (1) to identify the multiple paths and (2) to collect metrics associated with each of the identified paths. Upon determining that a NAT device processes packets on the multiple paths between the first and second sites, the method uses destination port identifiers used in probe packets sent by the first gateway at the first site as source port identifiers for sending probe packets during the VPN session (1) to identify the multiple paths and (2) to collect metrics associated with each of the identified paths.

公开(公告)号：US20230396587A1

公开(公告)日：2023-12-07

申请号：US17747969

申请日：2022-05-18

Applicant: VMware, Inc.

Inventor： Deepika Kunal Solanki ,  Yong Wang

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/0263 ,  H04L63/061 ,  H04L63/029 ,  H04L12/4633

Abstract: Some embodiments of the invention provide a method for transmitting data messages via secure tunnels in a network. The method is performed at a gateway device. The method determines that a data message received at the gateway device should be sent via a secure interface of the gateway device. The method matches the data message to a firewall rule that maps to a particular secure tunnel used by the secure interface, with multiple different firewall rules mapping to multiple different secure tunnels used by the secure interface. The method encapsulates the data message with a header that comprises an indicator value specifying the particular secure tunnel and forwards the encapsulated data message to a destination interface.