公开(公告)号：US20200186412A1

公开(公告)日：2020-06-11

申请号：US16212379

申请日：2018-12-06

Applicant: VMware, Inc.

Inventor： Xinhua HONG ,  Dexiang WANG ,  Sharath BHAT ,  Xinghua HU ,  Jia YU

IPC: H04L12/24 ,  H04L12/46 ,  H04L12/18 ,  H04L12/26

Abstract: In an embodiment, a computer-implemented method for a MAC addresses synchronization mechanism for a bridge port failover is disclosed. In an embodiment, the method comprises: upon detecting a failover of a previously active bridge node, a standby bridge node performing: detecting a failover of a previously active bridge node; sending a request to one or more hosts to cause the one or more hosts to remove, from one or more corresponding forwarding tables, one or more MAC addresses, of one or more virtual machines, that the one or more hosts learned based on communications tunnels established with the previously active bridge node; for each MAC address stored in a MAC-SYNC table maintained by the standby bridge node: generating a first-type reverse address resolution protocol (“RARP”) packet having a source MAC address retrieved from the MAC-SYNC table; broadcasting the first RARP message to a virtual extensible LAN (“VXLAN”) switch via a bridge port of the VXLAN switch for the VXLAN switch to register the MAC address on the bridge port; storing an association of the MAC address and an identifier of the bridge port in a forwarding table maintained by the standby bridge node; for each MAC address that is stored in the forwarding table, but not in the MAC-SYNC table: generating a second-type RARP packet with such a MAC address to be the source MAC address; broadcasting the second RARP message from the VXLAN switch to a VLAN switch causing a physical switch to update a forwarding table maintained by the physical switch; and starting to forward traffic, via the bridge port, as an active bridge node.

公开(公告)号：US20200186409A1

公开(公告)日：2020-06-11

申请号：US16212170

申请日：2018-12-06

Applicant: VMware, Inc.

Inventor： Zhen MO ,  Dexiang WANG ,  Bin ZAN ,  Vijay GANTI ,  Amit CHOPRA ,  Ruimin SUN

IPC: H04L12/24 ,  G06F9/455

Abstract: A method for managing alarms in a virtual machine environment includes receiving alarm data related to a process and storing the alarm data in a database, where the alarm data comprises one or more features. The method further includes retrieving intended state information for the process and comparing the one more features of the alarm data to the intended state information to determine whether the alarm is an outlier. The method also includes computing a normal score for the alarm if the alarm is not an outlier, and computing an abnormal score for the alarm if the alarm is an outlier. The method also includes sending a notification for the alarm and the computed score.

公开(公告)号：US20220217006A1

公开(公告)日：2022-07-07

申请号：US17141226

申请日：2021-01-05

Applicant: VMware, Inc.

Inventor： Dexiang WANG ,  Xinhua HONG ,  Yong WANG ,  Yu YING ,  Jochen BEHRENS

IPC: H04L12/18 ,  H04L29/08

Abstract: Example methods and systems for multicast packet handling based on flow cache information are described. In one example, a network element may configure flow cache information associated with a multicast flow. The flow cache information may specify a set of actions that is configured based on a sequence of function calls. In response to detecting a multicast packet associated with the multicast flow, fast-path processing may be performed based on the flow cache information. This may include executing a replication action to generate a first packet replica and a second packet replica. First processing action(s) may be executed to process the first packet replica to generate and send a first output packet towards a first multicast destination. Second processing action(s) may be executed to process the second packet replica to generate and send a first output packet towards a second multicast destination.

公开(公告)号：US20210385203A1

公开(公告)日：2021-12-09

申请号：US16893450

申请日：2020-06-05

Applicant: VMware, Inc.

Inventor： Dexiang WANG ,  Yong WANG

IPC: H04L29/06 ,  H04L9/06 ,  G06F9/455 ,  G06F16/22 ,  H04L29/08

Abstract: Example methods and computer systems for encapsulated encrypted packet handling for receive-side scaling (RSS). One example may comprise a first computer system performing encryption and encapsulation on a first inner packet to generate a first encapsulated encrypted packet that includes (a) a first security protocol header and (b) a first outer header configured based on a first security association (SA). The first encapsulated encrypted packet may be forwarded to cause receive-side processing using a first core of a second computer system based on the first outer header. The first computer system may further perform encryption and encapsulation on a second inner packet to generate a second encapsulated encrypted packet that includes (a) a second security protocol header (b) a second outer header configured based on a second SA. The second encapsulated encrypted packet may be forwarded to cause receive-side processing using a second core based on the second outer header.

公开(公告)号：US20210226839A1

公开(公告)日：2021-07-22

申请号：US17107170

申请日：2020-11-30

Applicant: VMware, Inc.

Inventor： Xinhua HONG ,  Dexiang WANG ,  Sharath BHAT ,  Xinghua HU ,  Jia YU

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/18 ,  H04L12/46

Abstract: In an embodiment, a computer-implemented method for a MAC addresses synchronization mechanism for a bridge port failover is disclosed. In an embodiment, the method comprises: upon detecting a failover of a previously active bridge node, a standby bridge node performing: detecting a failover of a previously active bridge node; sending a request to one or more hosts to cause the one or more hosts to remove, from one or more corresponding forwarding tables, one or more MAC addresses, of one or more virtual machines, that the one or more hosts learned based on communications tunnels established with the previously active bridge node; for each MAC address stored in a MAC-SYNC table maintained by the standby bridge node: generating a first-type reverse address resolution protocol (“RARP”) packet having a source MAC address retrieved from the MAC-SYNC table; broadcasting the first RARP message to a virtual extensible LAN (“VXLAN”) switch via a bridge port of the VXLAN switch for the VXLAN switch to register the MAC address on the bridge port; storing an association of the MAC address and an identifier of the bridge port in a forwarding table maintained by the standby bridge node; for each MAC address that is stored in the forwarding table, but not in the MAC-SYNC table: generating a second-type RARP packet with such a MAC address to be the source MAC address; broadcasting the second RARP message from the VXLAN switch to a VLAN switch causing a physical switch to update a forwarding table maintained by the physical switch; and starting to forward traffic, via the bridge port, as an active bridge node.

公开(公告)号：US20210184970A1

公开(公告)日：2021-06-17

申请号：US16715247

申请日：2019-12-16

Applicant: VMware, Inc.

Inventor： Xinhua HONG ,  Yong WANG ,  Jia YU ,  Dexiang WANG

IPC: H04L12/713 ,  H04L12/66 ,  H04L12/46 ,  H04L12/715 ,  H04L12/931 ,  H04L12/751

Abstract: The disclosure provides an approach for routing traffic in a network. Embodiments include receiving, by a service router of an edge services gateway (ESG), a packet comprising a virtual network identifier (VNI) and a virtual local area network (VLAN) identifier. Embodiments include sending, by the service router, the packet to a virtual switch of the ESG based on the VNI of the packet. Embodiments include determining, by the virtual switch, a virtual routing and forwarding (VRF) router of the ESG for the packet based on the VLAN identifier. Embodiments include forwarding, by the virtual switch, the packet to the VRF router.

公开(公告)号：US20200059482A1

公开(公告)日：2020-02-20

申请号：US16103108

申请日：2018-08-14

Applicant: VMware, Inc.

Inventor： Bin ZAN ,  Dexiang WANG ,  Zhen MO MO ,  Vijay GANTI

IPC: H04L29/06 ,  G06K9/62

Abstract: Feature vectors are abstracted from data describing application processes. The feature vectors are grouped to define non-anomalous clusters of feature vectors corresponding to normal application behavior. Subsequent feature vectors are considered anomalous if they do not fall within one of the non-anomalous clusters; alerts are issued for anomalous feature vectors. In addition, the subsequent feature vectors may be used to regroup feature vectors to adapt to changes in what constitutes normal application behavior.

公开(公告)号：US20190319918A1

公开(公告)日：2019-10-17

申请号：US15950983

申请日：2018-04-11

Applicant: VMWARE, INC.

Inventor： Daniel G. WING ,  Dexiang WANG ,  Nidheesh DUBEY

IPC: H04L29/12 ,  H04L29/08 ,  H04L29/06 ,  H04L9/08 ,  G06F9/455

Abstract: The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.

公开(公告)号：US20220303231A1

公开(公告)日：2022-09-22

申请号：US17208608

申请日：2021-03-22

Applicant: VMware, Inc.

Inventor： Jia YU ,  Yong WANG ,  Xinhua HONG ,  Wenyi JIANG ,  Guolin YANG ,  Dexiang WANG

IPC: H04L12/861 ,  H04L29/06 ,  H04L12/715 ,  H04L12/66

Abstract: In some embodiments, a method fragments a first packet into a plurality of fragments when a length of an encapsulated first packet is larger than a maximum transmission unit size. For each fragment in the plurality of fragments, fragmentation information is generated. The method encapsulates each fragment in the plurality of fragments with an outer header to form a plurality of encapsulated packets. The respective fragmentation information for each fragment is inserted in a portion of the outer header that is processed by endpoints of an overlay tunnel and not processed by a device along a path of the overlay tunnel. The plurality of encapsulated packets are sent via the overlay tunnel.

公开(公告)号：US20220078109A1

公开(公告)日：2022-03-10

申请号：US17456054

申请日：2021-11-22

Applicant: VMware, Inc.

Inventor： Xinhua HONG ,  Yong WANG ,  Jia YU ,  Dexiang WANG

IPC: H04L12/713 ,  H04L12/66 ,  H04L12/46 ,  H04L12/931 ,  H04L12/751 ,  H04L12/715

Abstract: The disclosure provides an approach for routing traffic in a network. Embodiments include receiving, by a service router of an edge services gateway (ESG), a packet comprising a virtual network identifier (VNI) and a virtual local area network (VLAN) identifier. Embodiments include sending, by the service router, the packet to a virtual switch of the ESG based on the VNI of the packet. Embodiments include determining, by the virtual switch, a virtual routing and forwarding (VRF) router of the ESG for the packet based on the VLAN identifier. Embodiments include forwarding, by the virtual switch, the packet to the VRF router.