公开(公告)号：US20240089257A1

公开(公告)日：2024-03-14

申请号：US17945833

申请日：2022-09-15

Applicant: VMware, Inc.

Inventor： Santhosh Prabhu Muraleedhara Prabhu ,  Kuan-Yen Chou ,  Aanand Nayyar ,  Giri Prashanth Subramanian ,  Wenxuan Zhou ,  Philip Brighten Godfrey

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/0869 ,  H04L63/1408

Abstract: Some embodiments provide a method for evaluating a network correctness requirement at an evaluation program instance assigned to evaluate a particular network correctness requirement. The method identifies data message properties associated with the particular network correctness requirement. The method evaluates the particular network correctness requirement by (i) determining a path through a set of network devices for a data message having the identified data message properties and (ii) from a data storage that stores data message processing rules for a plurality of network devices including the set of network devices and additional network devices, retrieving and storing in memory data specifying data message processing rules for the set of network devices to use in evaluating the particular network correctness requirement.

公开(公告)号：US11411833B1

公开(公告)日：2022-08-09

申请号：US17239366

申请日：2021-04-23

Applicant: VMware, Inc.

Inventor： Giri Prashanth Subramanian ,  Santhosh Prabhu Muraleedhara Prabhu ,  Ravi Singhal ,  Atul Jadhav ,  Rohit Reja

IPC: H04L41/14 ,  H04L45/00 ,  H04L41/12

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed herein to formally verify a network with both physical and virtual components. The modeling and formal verification is performed by an apparatus comprising: a topology generator to generate a network model including a plurality of devices connected in a network; a flow modeler to add a rule to the network model, the rule to define a flow of network packets through the network model; a reduction mapper to identify the rules common to ones of the devices; and a mapping verifier to verify the network meets a user specification.

公开(公告)号：US20240380670A1

公开(公告)日：2024-11-14

申请号：US18195551

申请日：2023-05-10

Applicant: VMware, Inc.

Inventor： Giri Prashanth Subramanian ,  Wenxuan Zhou ,  Satyandra Guthula ,  Santhosh Prabhu Muraleedhara Prabhu ,  Philip Brighten Godfrey

IPC: H04L41/14

Abstract: Some embodiments provide a method for identifying anomalies in a network. The method uses a model of the network to determine connectivity for each of multiple network endpoints to other network endpoints. The method quantifies differences in the determined connectivity for pairs of the network endpoints. The method uses the quantified differences to identify (i) clusters of network endpoints with similar properties and connectivity and (ii) anomalous network endpoints that do not fit the clusters. The anomalous endpoints are reported as potential network anomalies.

公开(公告)号：US20240089184A1

公开(公告)日：2024-03-14

申请号：US17945831

申请日：2022-09-15

Applicant: VMware, Inc.

Inventor： Santhosh Prabhu Muraleedhara Prabhu ,  Kuan-Yen Chou ,  Aanand Nayyar ,  Giri Prashanth Subramanian ,  Wenxuan Zhou ,  Philip Brighten Godfrey

IPC: H04L43/04

CPC classification number: H04L43/04

Abstract: Some embodiments provide a method for evaluating a network. The method identifies multiple network correctness requirements configured for the network. The method instantiates a separate respective evaluation program instance for each respective identified network correctness requirement to evaluate the respective network correctness requirement. At least two evaluation program instances are instantiated on different machines. Each respective evaluation program instance stores in a respective memory a respective set of network device data to evaluate the respective network correctness requirement. Each set of network device data requires less memory than storing network device data for the entire network.

公开(公告)号：US12149441B2

公开(公告)日：2024-11-19

申请号：US18343038

申请日：2023-06-28

Applicant: VMware, Inc.

Inventor： Wenxuan Zhou ,  Giri Prashanth Subramanian

IPC: H04L45/00 ,  H04L9/40 ,  H04L41/12 ,  H04L41/22 ,  H04L45/122 ,  H04L45/741 ,  H04L101/622

Abstract: A search engine queries a network model for behavior of the entire network, such as data flow, based on combinations of multiple network elements. The search engine provides the state information and/or predicted behavior of the network by searching network objects in a graph-based model or a network state database that satisfy constraints given in a search query. The search engine provides the state information and/or predicted behavior based on regular-expression or plain language search expressions that do not provide packet header information. The search engine parses such search expression into a sequence of atoms that encode forwarding paths of interest to the user. A flow path through the modeled network can be generated dynamically, within the context of the search queries.

公开(公告)号：US20240086221A1

公开(公告)日：2024-03-14

申请号：US17945837

申请日：2022-09-15

Applicant: VMware, Inc.

Inventor： Santhosh Prabhu Muraleedhara Prabhu ,  Kuan-Yen Chou ,  Aanand Nayyar ,  Giri Prashanth Subramanian ,  Wenxuan Zhou ,  Philip Brighten Godfrey

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45595

Abstract: Some embodiments provide a method for an orchestration program instance assigned a particular network device in a network. Each network device of multiple network devices is assigned to a different orchestration program instance in a cluster. The method receives a notification message that a configuration for the particular network device has been modified. In response to the notification message, the method identifies a set of network correctness requirements to be evaluated for the network. The method sends a separate notification message for each identified network correctness requirement specifying that the particular network device configuration has been modified so that a set of evaluation program instances can re-evaluate any network correctness requirements dependent on the particular network device.

公开(公告)号：US11757768B1

公开(公告)日：2023-09-12

申请号：US16748660

申请日：2020-01-21

Applicant: VMware, Inc.

Inventor： Wenxuan Zhou ,  Giri Prashanth Subramanian

IPC: H04L45/00 ,  H04L45/122 ,  H04L45/741 ,  H04L9/40 ,  H04L41/12 ,  H04L41/22 ,  H04L101/622

CPC classification number: H04L45/38 ,  H04L41/12 ,  H04L41/22 ,  H04L45/122 ,  H04L45/741 ,  H04L63/0245 ,  H04L2101/622

Abstract: A search engine queries a network model for behavior of the entire network, such as data flow, based on combinations of multiple network elements. The search engine provides the state information and/or predicted behavior of the network by searching network objects in a graph-based model or a network state database that satisfy constraints given in a search query. The search engine provides the state information and/or predicted behavior based on regular-expression or plain language search expressions that do not provide packet header information. The search engine parses such search expression into a sequence of atoms that encode forwarding paths of interest to the user. A flow path through the modeled network can be generated dynamically, within the context of the search queries.

公开(公告)号：US20230096394A1

公开(公告)日：2023-03-30

申请号：US17570336

申请日：2022-01-06

Applicant: VMware, Inc.

Inventor： Santhosh Prabhu Muraleedhara Prabhu ,  Giri Prashanth Subramanian ,  Atul Jadhav ,  Devraj N. Baheti

IPC: H04L43/04 ,  H04L45/00

Abstract: Some embodiments provide a method. The method determines a forwarding path for a packet set by using a data plane model of a network. The method identifies a rule table implementing a step in the forwarding path of the packet set. The method retrieves an indexing file at a scalable storage based on the identified rule table. The indexing file stores rule entries for one or more rule tables of the network. The method retrieves provenance data regarding a rule of the rule table that is applicable to the packet set from the indexing file. The method presents the retrieved provenance information of the identified rule.

公开(公告)号：US11438237B1

公开(公告)日：2022-09-06

申请号：US16748655

申请日：2020-01-21

Applicant: VMware, Inc.

Inventor： Giri Prashanth Subramanian ,  Sajid Awan

IPC: H04L41/12 ,  H04L47/2483 ,  H04L12/46

Abstract: Physical communication links are determined between devices in a network of devices without human input. A network topology engine determines the physical communication links between devices in the network and constructs a network topology based on the determined physical communication links. The network topology engine infers the presence of each physical communication link from network traffic that is currently flowing in the network. The network topology engine collects reachability information from the network devices included in the network that are already stored by the network devices, such as device identification entries included in address resolution protocol tables and media access control address tables. The network topology engine populates a flow graph of potential physical links between network interfaces that is weighted based on the collected reachability. The network topology engine then selects the highest weighted potential physical links between network interfaces to be the actual physical links of the network.