公开(公告)号：US20230370417A1

公开(公告)日：2023-11-16

申请号：US18226776

申请日：2023-07-27

Applicant: VMware, Inc.

Inventor： Avinash Nigam ,  Devraj Narendra Baheti ,  Amol Manohar Vaikar

IPC: H04L61/2557 ,  H04L61/2517 ,  H04L61/256 ,  H04L45/741

CPC classification number: H04L61/2557 ,  H04L61/2517 ,  H04L61/256 ,  H04L45/741

Abstract: Some embodiments provide a novel method of tracking connections in a network. The method receives an identification of a first network endpoint and a second network endpoint. The method then determines that the first network endpoint cannot directly address a packet flow to the second network endpoint. The method identifies an address translation rule of a network device that translates an address of the second network endpoint into a translated address. The method then determines that the first network endpoint can directly address a packet flow to the translated address. The method then identifies a route from the first network endpoint to the second endpoint through the network device that translates the address and displays the route including an identifier of the network device.

公开(公告)号：US20230022134A1

公开(公告)日：2023-01-26

申请号：US17474082

申请日：2021-09-14

Applicant: VMWARE, INC.

Inventor： Shriya Talwar ,  Prahalad Deshpande ,  Ambarish Prashant Pande ,  Devraj Narendra Baheti

IPC: H04L29/06 ,  G06F9/455

Abstract: This document describes a network policy evaluation platform that evaluates, validates, and troubleshoots network policy configurations. In one aspect, a method includes obtaining a first network policy applied by a container orchestration platform for managing network traffic for a cluster of container workloads. First network rules are extracted from the first network policy. A canonical rule model is generated for the first network rule(s). A second network policy applied by a network provider plugin configured to run within the cluster and to manage the network traffic for the cluster of container workloads is obtained. Second network rules are extracted from the second network policy. A canonical rule model is generated for the one or more second network rules. One or more conflicts between the first network policy and the second network policy are detected based on an evaluation of each first canonical rule model and each second canonical rule model.