MAC-SYNC BASED MECHANISM FOR BRIDGE PORT FAILOVER

    公开(公告)号:US20200186412A1

    公开(公告)日:2020-06-11

    申请号:US16212379

    申请日:2018-12-06

    Applicant: VMware, Inc.

    Abstract: In an embodiment, a computer-implemented method for a MAC addresses synchronization mechanism for a bridge port failover is disclosed. In an embodiment, the method comprises: upon detecting a failover of a previously active bridge node, a standby bridge node performing: detecting a failover of a previously active bridge node; sending a request to one or more hosts to cause the one or more hosts to remove, from one or more corresponding forwarding tables, one or more MAC addresses, of one or more virtual machines, that the one or more hosts learned based on communications tunnels established with the previously active bridge node; for each MAC address stored in a MAC-SYNC table maintained by the standby bridge node: generating a first-type reverse address resolution protocol (“RARP”) packet having a source MAC address retrieved from the MAC-SYNC table; broadcasting the first RARP message to a virtual extensible LAN (“VXLAN”) switch via a bridge port of the VXLAN switch for the VXLAN switch to register the MAC address on the bridge port; storing an association of the MAC address and an identifier of the bridge port in a forwarding table maintained by the standby bridge node; for each MAC address that is stored in the forwarding table, but not in the MAC-SYNC table: generating a second-type RARP packet with such a MAC address to be the source MAC address; broadcasting the second RARP message from the VXLAN switch to a VLAN switch causing a physical switch to update a forwarding table maintained by the physical switch; and starting to forward traffic, via the bridge port, as an active bridge node.

    HOLO-ENTROPY BASED ALARM SCORING APPROACH
    2.
    发明申请

    公开(公告)号:US20200186409A1

    公开(公告)日:2020-06-11

    申请号:US16212170

    申请日:2018-12-06

    Applicant: VMware, Inc.

    Abstract: A method for managing alarms in a virtual machine environment includes receiving alarm data related to a process and storing the alarm data in a database, where the alarm data comprises one or more features. The method further includes retrieving intended state information for the process and comparing the one more features of the alarm data to the intended state information to determine whether the alarm is an outlier. The method also includes computing a normal score for the alarm if the alarm is not an outlier, and computing an abnormal score for the alarm if the alarm is an outlier. The method also includes sending a notification for the alarm and the computed score.

    MULTICAST PACKET HANDLING BASED ON FLOW CACHE INFORMATION

    公开(公告)号:US20220217006A1

    公开(公告)日:2022-07-07

    申请号:US17141226

    申请日:2021-01-05

    Applicant: VMware, Inc.

    Abstract: Example methods and systems for multicast packet handling based on flow cache information are described. In one example, a network element may configure flow cache information associated with a multicast flow. The flow cache information may specify a set of actions that is configured based on a sequence of function calls. In response to detecting a multicast packet associated with the multicast flow, fast-path processing may be performed based on the flow cache information. This may include executing a replication action to generate a first packet replica and a second packet replica. First processing action(s) may be executed to process the first packet replica to generate and send a first output packet towards a first multicast destination. Second processing action(s) may be executed to process the second packet replica to generate and send a first output packet towards a second multicast destination.

    ENCAPSULATED ENCRYPTED PACKET HANDLING FOR RECEIVE-SIDE SCALING (RSS)

    公开(公告)号:US20210385203A1

    公开(公告)日:2021-12-09

    申请号:US16893450

    申请日:2020-06-05

    Applicant: VMware, Inc.

    Abstract: Example methods and computer systems for encapsulated encrypted packet handling for receive-side scaling (RSS). One example may comprise a first computer system performing encryption and encapsulation on a first inner packet to generate a first encapsulated encrypted packet that includes (a) a first security protocol header and (b) a first outer header configured based on a first security association (SA). The first encapsulated encrypted packet may be forwarded to cause receive-side processing using a first core of a second computer system based on the first outer header. The first computer system may further perform encryption and encapsulation on a second inner packet to generate a second encapsulated encrypted packet that includes (a) a second security protocol header (b) a second outer header configured based on a second SA. The second encapsulated encrypted packet may be forwarded to cause receive-side processing using a second core based on the second outer header.

    MAC-SYNC BASED MECHANISM FOR BRIDGE PORT FAILOVER

    公开(公告)号:US20210226839A1

    公开(公告)日:2021-07-22

    申请号:US17107170

    申请日:2020-11-30

    Applicant: VMware, Inc.

    Abstract: In an embodiment, a computer-implemented method for a MAC addresses synchronization mechanism for a bridge port failover is disclosed. In an embodiment, the method comprises: upon detecting a failover of a previously active bridge node, a standby bridge node performing: detecting a failover of a previously active bridge node; sending a request to one or more hosts to cause the one or more hosts to remove, from one or more corresponding forwarding tables, one or more MAC addresses, of one or more virtual machines, that the one or more hosts learned based on communications tunnels established with the previously active bridge node; for each MAC address stored in a MAC-SYNC table maintained by the standby bridge node: generating a first-type reverse address resolution protocol (“RARP”) packet having a source MAC address retrieved from the MAC-SYNC table; broadcasting the first RARP message to a virtual extensible LAN (“VXLAN”) switch via a bridge port of the VXLAN switch for the VXLAN switch to register the MAC address on the bridge port; storing an association of the MAC address and an identifier of the bridge port in a forwarding table maintained by the standby bridge node; for each MAC address that is stored in the forwarding table, but not in the MAC-SYNC table: generating a second-type RARP packet with such a MAC address to be the source MAC address; broadcasting the second RARP message from the VXLAN switch to a VLAN switch causing a physical switch to update a forwarding table maintained by the physical switch; and starting to forward traffic, via the bridge port, as an active bridge node.

    ADAPTIVE ANOMALY DETECTION FOR COMPUTER SYSTEMS

    公开(公告)号:US20200059482A1

    公开(公告)日:2020-02-20

    申请号:US16103108

    申请日:2018-08-14

    Applicant: VMware, Inc.

    Abstract: Feature vectors are abstracted from data describing application processes. The feature vectors are grouped to define non-anomalous clusters of feature vectors corresponding to normal application behavior. Subsequent feature vectors are considered anomalous if they do not fall within one of the non-anomalous clusters; alerts are issued for anomalous feature vectors. In addition, the subsequent feature vectors may be used to regroup feature vectors to adapt to changes in what constitutes normal application behavior.

    PORT AND LOOPBACK IP ADDRESSES ALLOCATION SCHEME FOR FULL-MESH COMMUNICATIONS WITH TRANSPARENT TLS TUNNELS

    公开(公告)号:US20190319918A1

    公开(公告)日:2019-10-17

    申请号:US15950983

    申请日:2018-04-11

    Applicant: VMWARE, INC.

    Abstract: The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.

    PACKET FRAGMENTATION USING OUTER HEADER

    公开(公告)号:US20220303231A1

    公开(公告)日:2022-09-22

    申请号:US17208608

    申请日:2021-03-22

    Applicant: VMware, Inc.

    Abstract: In some embodiments, a method fragments a first packet into a plurality of fragments when a length of an encapsulated first packet is larger than a maximum transmission unit size. For each fragment in the plurality of fragments, fragmentation information is generated. The method encapsulates each fragment in the plurality of fragments with an outer header to form a plurality of encapsulated packets. The respective fragmentation information for each fragment is inserted in a portion of the outer header that is processed by endpoints of an overlay tunnel and not processed by a device along a path of the overlay tunnel. The plurality of encapsulated packets are sent via the overlay tunnel.

Patent Agency Ranking