公开(公告)号：US20200028730A1

公开(公告)日：2020-01-23

申请号：US16037969

申请日：2018-07-17

Applicant: VMWARE, INC.

Inventor： Kai-Wei FAN

IPC: H04L12/24 ,  H04L12/939 ,  H04L12/26 ,  G06F11/20 ,  H04L29/12

Abstract: A method for a service router (“SR”) implemented in an active-active SR cluster to move logical resources without explicit negotiations between the service routers (“SRs”) in the cluster to provide high availability of services is disclosed. In an embodiment, the method comprises: determining, by an active SR of a plurality of SRs implemented in an active-active SR cluster, that a particular SR has failed; and obtaining, by the active SR, a plurality of hash values computed for the particular SR. The plurality of hash values comprises hash values for the active SR. The active SR determines a maximum hash value of the plurality of hash values, and if the maximum hash value corresponds to, and only to, the hash value determined for the active SR, then the active SR configures a port IP address of the particular SR on the active SR.

公开(公告)号：US20200028731A1

公开(公告)日：2020-01-23

申请号：US16037992

申请日：2018-07-17

Applicant: VMware, Inc.

Inventor： Haihua LUO ,  Jerry CHENG ,  Kai-Wei FAN ,  Michael HU

IPC: H04L12/24 ,  H04L12/725 ,  H04L12/26

Abstract: A method for cooperative active-standby failover between service routers based on health of services configured on the service routers is presented. In an embodiment, a method comprises determining, by a first service router (“SR”) of a SR cluster, a plurality of aggregate score values for a plurality of SRs of the SR clusters. The SR cluster comprises the first SR which is active, and a second SR. An aggregate score value, of the plurality of aggregate score values, indicates health of one or more services configured on a SR. The method further comprises determining, based on the plurality of aggregate score values, whether the first SR, of the SR cluster, is healthier than the second SR. In response to determining that the first SR is healthier than the second SR, the first SR continues to operate in the active mode; otherwise, the first SR switches to a standby mode.

公开(公告)号：US20200036576A1

公开(公告)日：2020-01-30

申请号：US16048107

申请日：2018-07-27

Applicant: VMware, Inc.

Inventor： Kai-Wei FAN ,  Haihua LUO ,  Stephen TAN

IPC: H04L12/24 ,  H04L12/703 ,  H04L12/707 ,  H04L12/751 ,  H04L12/26 ,  H04L29/06

Abstract: A method for providing two-channel-based high-availability in a cluster of nodes is disclosed. In an embodiment, a method comprises: initiating, by a local control plane executing on a first node, a first state for an underlay control channel and a second state for a management control channel; detecting a bidirectional forwarding detection (“BFD”) control packet from a second node; determining whether the BFD control packet has been received from the underlay control channel; in response to determining that the BFD control packet was received from the underlay control channel: parsing the BFD control packet to extract a first diagnostic code; updating the first state with the first diagnostic code; determining whether both the first state and the second state indicate that the second node is unreachable; in response to determining that the second node is unreachable, initiating a switchover of services configured on the second node.

公开(公告)号：US20190334880A1

公开(公告)日：2019-10-31

申请号：US15963187

申请日：2018-04-26

Applicant: VMware, Inc.

Inventor： Yong WANG ,  Xinhua HONG ,  Kai-Wei FAN

IPC: H04L29/06 ,  H04L12/24

Abstract: Example methods are provided for a network device to perform packet capture in a software-defined networking (SDN) environment. One example method may comprise detecting an egress packet that includes an inner header addressed from a first node to a second node; and identifying a security policy applicable to the egress packet by comparing one or more fields in the inner header with one or more match fields specified by the security policy. The method may further comprise: based on the security policy, capturing the egress packet in an unencrypted form; performing encryption on the egress packet to generate an encrypted packet that includes the egress packet in an encrypted form; and sending the encrypted packet to the second node.