公开(公告)号：US10225103B2

公开(公告)日：2019-03-05

申请号：US15690237

申请日：2017-08-29

Applicant: VMware, Inc.

Inventor： Laxminarayana Tumuluru

IPC: H04L12/46 ,  H04L12/911 ,  H04L12/26 ,  H04L29/06

Abstract: An approach is disclosed for selecting tunnels through which network traffic can be sent to steer the traffic away from congestion hot-spots. In one embodiment, multiple Foo-over-UDP (FOU) tunnels, each having a distinct source port, are created between two endpoints. Probes are scheduled to measure network metrics, such as latency and liveliness, of each of the FOU tunnels. In turn, the network metrics are used to select particular FOU tunnel(s) to send traffic over in a manner that is fair across source and destination IP addresses of the FOU tunnel(s). In particular, scores are assigned to the source and destination IP addresses based on sums of scores assigned to tunnels having those source and destination IP addresses based on the tunnels' performance metrics. A load balancer then splits a number of buckets across the source and destination IP addresses, and ultimately across the tunnels, based on the assigned scores.

公开(公告)号：US10666729B2

公开(公告)日：2020-05-26

申请号：US15654588

申请日：2017-07-19

Applicant: VMware, Inc.

Inventor： Laxminarayana Tumuluru ,  Todd Sabin ,  Weiqing Wu ,  Uday Masurekar ,  Serge Maskalik ,  Sachin Thakkar ,  Debashis Basak

IPC: H04L12/56 ,  H04L29/08 ,  H04L29/12 ,  H04L29/06 ,  G06F8/65 ,  H04L12/24 ,  G06F9/50 ,  H04L12/801 ,  H04L12/911 ,  H04W28/02 ,  H04L12/931 ,  H04L12/46 ,  H04L12/26 ,  H04L12/721 ,  H04L12/715 ,  H04L12/725 ,  G06F9/455

Abstract: An approach is disclosed for steering network traffic away from congestion hot-spots to achieve better throughput and latency. In one embodiment, multiple Foo-over-UDP (FOU) tunnels, each having a distinct source port, are created between two endpoints. As a result of the distinct source ports, routers that compute hashes of packet fields in order to distribute traffic flows across network paths will compute distinct hash values for the FOU tunnels that may be associated with different paths. Probes are scheduled to measure network metrics, such as latency and liveliness, of each of the FOU tunnels. In turn, the network metrics are used to select particular FOU tunnel(s) to send traffic over so as to avoid congestion and high-latency hotspots in the network.

公开(公告)号：US10681131B2

公开(公告)日：2020-06-09

申请号：US15586225

申请日：2017-05-03

Applicant: VMware, Inc.

Inventor： Laxminarayana Tumuluru

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12 ,  G06F8/65 ,  H04L12/24 ,  G06F9/50 ,  H04L12/801 ,  H04L12/911 ,  H04W28/02 ,  H04L12/931 ,  H04L12/46 ,  H04L12/26 ,  H04L12/721 ,  H04L12/715 ,  H04L12/725 ,  G06F9/455

Abstract: An approach is disclosed for detecting source network address translation in internet protocol (IP) tunneling flows and using learned source IP addresses and source ports from such detection to create new tunnels. In one embodiment, a NAT detection application determines whether source IP addresses and source ports associated with new traffic flows destined to a local Foo-over-UDP (FOU) tunnel endpoint match the source IP address and source port of a previously configured FOU tunnel. Lack of such a match is indicative of source network address translation, and in such a case the NAT detection application creates a new FOU tunnel toward the detected source IP address and source port. In addition, the NAT detection application authenticates the remote endpoint of the newly created FOU tunnel and configures the FOU tunnel for use if the remote endpoint is successfully authenticated.

公开(公告)号：US11012507B2

公开(公告)日：2021-05-18

申请号：US15690222

申请日：2017-08-29

Applicant: VMware, Inc.

Inventor： Laxminarayana Tumuluru ,  Todd Sabin ,  Weiqing Wu ,  Serge Maskalik ,  Sachin Thakkar

IPC: H04L29/08 ,  H04L29/12 ,  H04L29/06 ,  G06F8/65 ,  H04L12/24 ,  G06F9/50 ,  H04L12/801 ,  H04L12/911 ,  H04W28/02 ,  H04L12/931 ,  H04L12/46 ,  H04L12/26 ,  H04L12/721 ,  H04L12/715 ,  H04L12/725 ,  G06F9/455

Abstract: Techniques leveraging CPU flow affinity to increase throughput of a layer 2 (L2) extension network are disclosed. In one embodiment, an L2 concentrator appliance, which bridges a local area network (LAN) and a wide area network (WAN) in a stretched network, is configured such that multiple Internet Protocol Security (IPsec) tunnels are pinned to respective CPUs or cores, which each process traffic flows for one of the IPsec tunnels. Such parallelism can increase the throughput of the stretched network. Further, an L2 concentrator appliance that receives FOU packets is configured to distribute the received FOU packets across receive queues based a deeper inspection of inner headers of such packets.