公开(公告)号：US20210218652A1

公开(公告)日：2021-07-15

申请号：US16742919

申请日：2020-01-15

Applicant: VMware, Inc.

Inventor： Abhishek RAUT ,  Kai SU ,  Jianjun SHEN ,  Salvatore ORLANDO ,  Tong LIU ,  Shih-Hao LI

IPC: H04L12/26 ,  H04L12/931 ,  H04L29/06 ,  H04L12/713

Abstract: Example methods and systems for container-based connectivity check in a software-defined networking (SDN) environment are disclosed. One example method may comprise detecting, a request for a connectivity check between a first container-based resource and a second container-based resource; identifying a first logical network element and a second logical network element; and injecting a connectivity check packet at the first logical network element for forwarding towards the second logical network element. The example method also may comprise: obtaining report information associated with one or more intermediate logical network elements located along a path that is traversed by the connectivity check packet; and determining a connectivity status associated with the first container-based resource and the second container-based resource based on the report information.

公开(公告)号：US20240031265A1

公开(公告)日：2024-01-25

申请号：US17820328

申请日：2022-08-17

Applicant: VMware, Inc.

Inventor： Jianwei SUI ,  Danting LIU ,  Donghai HAN ,  Wenfeng LIU ,  Jianjun SHEN

IPC: H04L43/0876 ,  G06F9/54 ,  G06F9/455

CPC classification number: H04L43/0876 ,  G06F9/547 ,  G06F9/45558 ,  G06F2009/45595

Abstract: A system and method for capturing resource usage information in a network for namespaces in which pods operate are described herein. A data structure specifies a topology that includes a gateway and routing addresses in a network whose usage is to be captured. The data structure is provided to an API of a master node controlling the pods. A controller in the master node enforces the data structure and reports results back to the API.

公开(公告)号：US20230127141A1

公开(公告)日：2023-04-27

申请号：US18086067

申请日：2022-12-21

Applicant: VMware, Inc.

Inventor： Aditi GHAG ,  Pranshu JAIN ,  Yaniv BEN-ITZHAK ,  Jianjun SHEN

IPC: G06F9/455 ,  G06F9/48 ,  G06F9/50 ,  H04L43/065 ,  H04L43/0876

Abstract: A method for microservice scheduling can include determining a network state for a first hypervisor in a virtual computing cluster (VCC). The method can further include determining a network state for a second hypervisor. Microservice scheduling can further include deploying a container to run a microservice on a virtual computing instance (VCI) deployed on the first hypervisor or the second hypervisor based, at least in part, on the determined network state for the first hypervisor and the second hypervisor.

公开(公告)号：US20200220784A1

公开(公告)日：2020-07-09

申请号：US16283823

申请日：2019-02-25

Applicant: VMware, Inc.

Inventor： Da WAN ,  Qi WU ,  Donghai HAN ,  Jianjun SHEN ,  Pankaj THAKKAR ,  Mengdie SONG ,  Haoran CHEN

IPC: H04L12/24

Abstract: Example methods and systems for a network management entity to perform topology-aware control information dissemination in a software-defined networking (SDN) environment. The method may comprise obtaining group topology information specifying a network group, and a network configuration object that references the network group. The method may also comprise: processing the group topology information to identify, from multiple members of the network group, a first member that is relevant to a first host; and processing the group topology information to identify, from the multiple members, a second member that is irrelevant to the first host. The method may further comprise: generating and sending, to the first host, control information associated with a subset of the network group. The subset may include the first member but exclude the second member.

公开(公告)号：US20240022542A1

公开(公告)日：2024-01-18

申请号：US17820351

申请日：2022-08-17

Applicant: VMware, Inc.

Inventor： Xiaopei LIU ,  Jianjun SHEN ,  Donghai HAN ,  Wenfeng LIU ,  Danting LIU

IPC: H04L61/5061

CPC classification number: H04L61/5061

Abstract: A method for network address management is provided. Embodiments include determining a creation of a namespace associated with a cluster of computing devices, wherein a subset of computing resources of the cluster of computing devices is allocated to the namespace. Embodiments include assigning, to the namespace, a network address pool comprising a plurality of network addresses in a subnet, wherein the assigning causes the plurality of network addresses to be reserved exclusively for the namespace. Embodiments include receiving an indication that a pod is added to the namespace. Embodiments include, in response to the receiving of the indication, assigning a network address from the network address pool to the pod.

公开(公告)号：US20200274802A1

公开(公告)日：2020-08-27

申请号：US16384666

申请日：2019-04-15

Applicant: VMware, Inc.

Inventor： Da WAN ,  Mukesh HIRA ,  Feng GU ,  Jianjun SHEN ,  Pankaj THAKKAR ,  Donghai HAN ,  Wen Feng LIU ,  Tao MA

IPC: H04L12/715 ,  H04L12/46 ,  H04L12/931 ,  H04L12/933

Abstract: Systems and methods of communicating between a plurality of hosts comprising one or more first hosts controlled by a first control plane and one or more second hosts controlled by a second control plane are disclosed herein. Each of the one or more first hosts runs at least one tunneling endpoint of one or more first tunneling endpoints, and each of the one or more second hosts runs at least one tunneling endpoint of one or more second tunneling endpoint. The method includes storing, at each of the one or more first hosts, a global list identifying at least the one or more second tunneling endpoints. The method further includes receiving a packet at one of the one or more first tunneling endpoints. The method further includes replicating, encapsulating, and transmitting the packet to each of the one or more second tunneling endpoints based on the global list.

公开(公告)号：US20240244053A1

公开(公告)日：2024-07-18

申请号：US18185746

申请日：2023-03-17

Applicant: VMware, Inc.

Inventor： Quan TIAN ,  Wenfeng LIU ,  Jianjun SHEN ,  Donghai HAN

IPC: H04L9/40

CPC classification number: H04L63/0892 ,  H04L63/0245

Abstract: An example method of packet capture in a container orchestration (CO) system includes: receiving, from a user interface executing on a client device, a packet capture request from a user at a packet capture agent executing in a node of the CO system; authenticating and authorizing, by the packet capture agent in cooperation with an application programming interface (API) server executing in a master server of the CO system, the user specified in the packet capture request; capturing, by the packet capture agent, packets from at least one network interface based on the packet capture request; and returning information based on the packets as captured from the packet capture agent to the user interface.

公开(公告)号：US20240028358A1

公开(公告)日：2024-01-25

申请号：US17821232

申请日：2022-08-22

Applicant: VMware, Inc.

Inventor： Danting LIU ,  Qian SUN ,  Jianjun SHEN ,  Wenfeng LIU ,  Donghai HAN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45595 ,  G06F2009/4557

Abstract: Disclosed herein is a system and method for controlling network traffic among namespaces in which various entities, such as virtual machines, pod virtual machines, and a container orchestration system, such as Kubernetes, reside and operate. The entities have access to a network that includes one or more firewalls. The traffic that is permitted to flow over the network among and between the namespaces is defined by a security policy definition. The security policy definition is posted to a master node in a supervisor cluster that supports and provisions the namespaces. The master node invokes a network manager to generate a set of firewall rules and program the one or more firewalls in the network to enforce the rules.

公开(公告)号：US20220159080A1

公开(公告)日：2022-05-19

申请号：US16953269

申请日：2020-11-19

Applicant: VMware, Inc.

Inventor： Zi FENG ,  Jianjun SHEN ,  Fangyuan LI

IPC: H04L29/08 ,  G06F9/455 ,  G06F9/451

Abstract: A computing system and method for providing a service for a guest container-based cluster of the computing system utilizes a translated service software object created in a supervisor container-based cluster of the computing system to create at least one resource to support the service requested for the guest container-based cluster. The translated service software object is created in response to a service software object being created in the guest container-based cluster. In response to the translated service software object being created in the supervisor container-based cluster, at least one service-related software object is then created in the supervisor container-based cluster that corresponds to the translated service software object. Provider-specific instructions are then sent to a resource provider from the supervisor container-based cluster to create at least one resource associated with the at least one service-related software object to support the requested service for the guest container-based cluster.