POLICY-BASED FORWARDING TO A LOAD BALANCER OF A LOAD BALANCING CLUSTER

    公开(公告)号:US20230231905A1

    公开(公告)日:2023-07-20

    申请号:US18123314

    申请日:2023-03-19

    Applicant: VMware, Inc.

    CPC classification number: H04L67/1027 H04L47/125

    Abstract: Some embodiments of the invention provide a method for forwarding data messages between a client and a server (e.g., between client and server machines and/or applications). In some embodiments, the method receives a data message that a load balancer has directed from a particular client to a particular server after selecting the particular server from a set of several candidate servers for the received data message's flow. The method stores an association between an identifier associated with the load balancer and a flow identifier associated with the message flow, and then forwards the received data message to the particular server. The method subsequently uses the load balancer identifier in the stored association to forward to the particular load balancer a data message that is sent by the particular server. The method of some embodiments is implemented by an intervening forwarding element (e.g., a router) between the load balancer set and the server set.

    DYNAMIC CORE ALLOCATION
    2.
    发明公开

    公开(公告)号:US20230168947A1

    公开(公告)日:2023-06-01

    申请号:US18103515

    申请日:2023-01-31

    Applicant: VMware, Inc.

    CPC classification number: G06F9/5083 G06F9/546

    Abstract: Some embodiments provide a method for updating a core allocation among processes of a gateway datapath executing on a gateway computing device having multiple cores. The gateway datapath processes include a first set of data message processing processes to which a first set of the cores are allocated and a second set of processes to which a second set of the cores are allocated in a first core allocation. Based on data regarding usage of the cores, the method determines a second core allocation that allocates a third set of the cores to the first set of processes and a fourth set of the cores to the second set of processes. The method updates a load balancing operation to load balance received data messages over the third set of cores rather than the first set of cores. The method reallocates the cores from the first allocation to the second allocation.

    Host computer configured to facilitate distributed SNAT service

    公开(公告)号:US11606294B2

    公开(公告)日:2023-03-14

    申请号:US16931207

    申请日:2020-07-16

    Applicant: VMware, Inc.

    Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

    Managing firewall rules based on triggering statistics

    公开(公告)号:US11258816B2

    公开(公告)日:2022-02-22

    申请号:US16546513

    申请日:2019-08-21

    Applicant: VMware, Inc.

    Abstract: Embodiments described herein relate to managing firewall rules. Embodiments include identifying a plurality of firewall rules for request handling. Embodiments include determining a deny count for each given firewall rule of the plurality of firewall rules based on a number of requests flagged on account of the given firewall rule. Embodiments include determining an anomaly score for each given firewall rule of the plurality of firewall rules indicating a severity of attacks the given firewall rule protects against. Embodiments include determining an urgency measure for each given firewall rule of the plurality of firewall rules based on the deny count for the given firewall rule and the anomaly score for the given firewall rule. Embodiments include determining an update to at least one firewall rule of the plurality of firewall rules based on the urgency measure for each given firewall rule of the plurality of firewall rules.

    DYNAMIC CORE ALLOCATION
    5.
    发明申请

    公开(公告)号:US20210255903A1

    公开(公告)日:2021-08-19

    申请号:US16795376

    申请日:2020-02-19

    Applicant: VMware, Inc.

    Abstract: Some embodiments provide a method for updating a core allocation among processes of a gateway datapath executing on a gateway computing device having multiple cores. The gateway datapath processes include a first set of data message processing processes to which a first set of the cores are allocated and a second set of processes to which a second set of the cores are allocated in a first core allocation. Based on data regarding usage of the cores, the method determines a second core allocation that allocates a third set of the cores to the first set of processes and a fourth set of the cores to the second set of processes. The method updates a load balancing operation to load balance received data messages over the third set of cores rather than the first set of cores. The method reallocates the cores from the first allocation to the second allocation.

    Adaptive polling in software-defined networking (SDN) environments

    公开(公告)号:US11082354B2

    公开(公告)日:2021-08-03

    申请号:US16439689

    申请日:2019-06-12

    Applicant: VMware, Inc.

    Abstract: Example methods and systems for adaptive polling. One example may comprise operating in a polling mode to poll, from a network interface, zero or more packets that require packet processing by the network device. The method may also comprise: in response to detecting a non-zero polling round, adjusting a polling parameter to delay switching from the polling mode to a sleep mode. The method may further comprise: in response to detecting a zero polling round and determining that a switch condition is satisfied, adjusting a sleep parameter associated with the sleep mode based on traffic characteristic information associated with one or more polling rounds; and switching from the polling mode to the sleep mode in which polling from the network interface is halted based on the sleep parameter.

    FACILITATING DISTRIBUTED SNAT SERVICE
    7.
    发明公开

    公开(公告)号:US20230179564A1

    公开(公告)日:2023-06-08

    申请号:US18102697

    申请日:2023-01-28

    Applicant: VMware, Inc.

    Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

    Facilitating distributed SNAT service

    公开(公告)号:US11616755B2

    公开(公告)日:2023-03-28

    申请号:US16931196

    申请日:2020-07-16

    Applicant: VMware, Inc.

    Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

    Fast distribution of port identifiers for rule processing

    公开(公告)号:US11539659B2

    公开(公告)日:2022-12-27

    申请号:US17461900

    申请日:2021-08-30

    Applicant: VMware, Inc.

    Abstract: Some embodiments of the invention provide a method for managing logical forwarding elements (LFEs) implemented by multiple physical forwarding elements (PFEs) operating on multiple devices, each LFE including multiple logical ports. On a host computer executing a particular machine connected to the LFE and a PFE implementing the LFE, the method identifies an address discovery message associating a particular network address of the particular machine with another network address of the particular machine. The method identifies an LFE logical port associated with the particular machine, stores in an encapsulation header an identifier that identifies this port, and then forwards the encapsulated message to a set of one or more devices implementing the LFE for the devices to use in processing data messages associated with the particular machine.

    METHOD FOR ADVERTISING AVAILABILITY OF DISTRIBUTED GATEWAY SERVICE AND MACHINES AT HOST COMPUTER

    公开(公告)号:US20220038309A1

    公开(公告)日:2022-02-03

    申请号:US16941467

    申请日:2020-07-28

    Applicant: VMware, Inc.

    Abstract: Some embodiments of the invention provide a novel network architecture for advertising routes in an availability zone (AZ). The novel network architecture includes a set of route servers for receiving advertisements of network addresses as being available in the AZ from different routers in the AZ. The novel network architecture also includes multiple host computers that each execute a router that (i) identifies network addresses available on the host computer, (ii) sends advertisements of the identified network addresses to the set of route servers, and (iii) receives advertisements from the set of route servers regarding network addresses available on other host computers. The identified network addresses, in some embodiments, include at least one of network addresses associated with data compute nodes (DCNs) and network addresses associated with services available at the host computer. The route servers advertise the received network addresses to other routers in the AZ.

Patent Agency Ranking