公开(公告)号：US20230231905A1

公开(公告)日：2023-07-20

申请号：US18123314

申请日：2023-03-19

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Anand Parthasarathy ,  Mani Kancherla ,  Anirban Sengupta

IPC: H04L67/1027 ,  H04L47/125

CPC classification number: H04L67/1027 ,  H04L47/125

Abstract: Some embodiments of the invention provide a method for forwarding data messages between a client and a server (e.g., between client and server machines and/or applications). In some embodiments, the method receives a data message that a load balancer has directed from a particular client to a particular server after selecting the particular server from a set of several candidate servers for the received data message's flow. The method stores an association between an identifier associated with the load balancer and a flow identifier associated with the message flow, and then forwards the received data message to the particular server. The method subsequently uses the load balancer identifier in the stored association to forward to the particular load balancer a data message that is sent by the particular server. The method of some embodiments is implemented by an intervening forwarding element (e.g., a router) between the load balancer set and the server set.

公开(公告)号：US20230168947A1

公开(公告)日：2023-06-01

申请号：US18103515

申请日：2023-01-31

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Mani Kancherla ,  Kevin Li ,  Sreeram Ravinoothala ,  Mochi Xue

IPC: G06F9/50 ,  G06F9/54

CPC classification number: G06F9/5083 ,  G06F9/546

Abstract: Some embodiments provide a method for updating a core allocation among processes of a gateway datapath executing on a gateway computing device having multiple cores. The gateway datapath processes include a first set of data message processing processes to which a first set of the cores are allocated and a second set of processes to which a second set of the cores are allocated in a first core allocation. Based on data regarding usage of the cores, the method determines a second core allocation that allocates a third set of the cores to the first set of processes and a fourth set of the cores to the second set of processes. The method updates a load balancing operation to load balance received data messages over the third set of cores rather than the first set of cores. The method reallocates the cores from the first allocation to the second allocation.

公开(公告)号：US11606294B2

公开(公告)日：2023-03-14

申请号：US16931207

申请日：2020-07-16

Applicant: VMware, Inc.

Inventor： Sami Boutros ,  Mani Kancherla ,  Jayant Jain ,  Anirban Sengupta

IPC: H04L45/741 ,  H04L61/256 ,  H04L12/66 ,  H04L41/0803 ,  H04L45/02 ,  H04L61/2517

Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

公开(公告)号：US11258816B2

公开(公告)日：2022-02-22

申请号：US16546513

申请日：2019-08-21

Applicant: VMware, Inc.

Inventor： Mani Kancherla ,  Jian Lan ,  Xi Zeng ,  Hailing Xu ,  K. Antion Shiban

IPC: H04L29/06 ,  H04W12/08

Abstract: Embodiments described herein relate to managing firewall rules. Embodiments include identifying a plurality of firewall rules for request handling. Embodiments include determining a deny count for each given firewall rule of the plurality of firewall rules based on a number of requests flagged on account of the given firewall rule. Embodiments include determining an anomaly score for each given firewall rule of the plurality of firewall rules indicating a severity of attacks the given firewall rule protects against. Embodiments include determining an urgency measure for each given firewall rule of the plurality of firewall rules based on the deny count for the given firewall rule and the anomaly score for the given firewall rule. Embodiments include determining an update to at least one firewall rule of the plurality of firewall rules based on the urgency measure for each given firewall rule of the plurality of firewall rules.

公开(公告)号：US20210255903A1

公开(公告)日：2021-08-19

申请号：US16795376

申请日：2020-02-19

Applicant: VMware, Inc.

Inventor： Yong Wang ,  Mani Kancherla ,  Kevin Li ,  Sreeram Ravinoothala ,  Mochi Xue

IPC: G06F9/50 ,  G06F9/54

Abstract: Some embodiments provide a method for updating a core allocation among processes of a gateway datapath executing on a gateway computing device having multiple cores. The gateway datapath processes include a first set of data message processing processes to which a first set of the cores are allocated and a second set of processes to which a second set of the cores are allocated in a first core allocation. Based on data regarding usage of the cores, the method determines a second core allocation that allocates a third set of the cores to the first set of processes and a fourth set of the cores to the second set of processes. The method updates a load balancing operation to load balance received data messages over the third set of cores rather than the first set of cores. The method reallocates the cores from the first allocation to the second allocation.

公开(公告)号：US11082354B2

公开(公告)日：2021-08-03

申请号：US16439689

申请日：2019-06-12

Applicant: VMware, Inc.

Inventor： Dexiang Wang ,  Eduard Serra Miralles ,  Yong Wang ,  Mani Kancherla ,  Binggang Liu

IPC: H04L12/873 ,  H04L12/12

Abstract: Example methods and systems for adaptive polling. One example may comprise operating in a polling mode to poll, from a network interface, zero or more packets that require packet processing by the network device. The method may also comprise: in response to detecting a non-zero polling round, adjusting a polling parameter to delay switching from the polling mode to a sleep mode. The method may further comprise: in response to detecting a zero polling round and determining that a switch condition is satisfied, adjusting a sleep parameter associated with the sleep mode based on traffic characteristic information associated with one or more polling rounds; and switching from the polling mode to the sleep mode in which polling from the network interface is halted based on the sleep parameter.

公开(公告)号：US20230179564A1

公开(公告)日：2023-06-08

申请号：US18102697

申请日：2023-01-28

Applicant: VMware, Inc.

Inventor： Sami Boutros ,  Mani Kancherla ,  Jayant Jain ,  Anirban Sengupta

IPC: H04L61/256 ,  H04L61/2592 ,  H04L45/745 ,  H04L12/66 ,  H04L61/5007

CPC classification number: H04L61/256 ,  H04L12/66 ,  H04L45/745 ,  H04L61/2592 ,  H04L61/5007 ,  H04L2101/659

Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

公开(公告)号：US11616755B2

公开(公告)日：2023-03-28

申请号：US16931196

申请日：2020-07-16

Applicant: VMware, Inc.

Inventor： Sami Boutros ,  Mani Kancherla ,  Jayant Jain ,  Anirban Sengupta

IPC: H04L61/256 ,  H04L61/2592 ,  H04L45/745 ,  H04L12/66 ,  H04L61/5007 ,  H04L101/659

Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

公开(公告)号：US11539659B2

公开(公告)日：2022-12-27

申请号：US17461900

申请日：2021-08-30

Applicant: VMware, Inc.

Inventor： Sami Boutros ,  W. Andrew Lambeth ,  Jayant Jain ,  Mani Kancherla

IPC: G06F15/16 ,  H04L61/103 ,  H04L9/40 ,  H04L61/5069 ,  H04L101/622

Abstract: Some embodiments of the invention provide a method for managing logical forwarding elements (LFEs) implemented by multiple physical forwarding elements (PFEs) operating on multiple devices, each LFE including multiple logical ports. On a host computer executing a particular machine connected to the LFE and a PFE implementing the LFE, the method identifies an address discovery message associating a particular network address of the particular machine with another network address of the particular machine. The method identifies an LFE logical port associated with the particular machine, stores in an encapsulation header an identifier that identifies this port, and then forwards the encapsulated message to a set of one or more devices implementing the LFE for the devices to use in processing data messages associated with the particular machine.

公开(公告)号：US20220038309A1

公开(公告)日：2022-02-03

申请号：US16941467

申请日：2020-07-28

Applicant: VMware, Inc.

Inventor： Sami Boutros ,  Anirban Sengupta ,  Mani Kancherla ,  Jerome Catrouillet ,  Sri Mohana Singamsetty

IPC: H04L12/46 ,  H04L29/08 ,  H04L12/713 ,  H04L12/715 ,  H04L29/12 ,  H04L12/66 ,  H04L29/06

Abstract: Some embodiments of the invention provide a novel network architecture for advertising routes in an availability zone (AZ). The novel network architecture includes a set of route servers for receiving advertisements of network addresses as being available in the AZ from different routers in the AZ. The novel network architecture also includes multiple host computers that each execute a router that (i) identifies network addresses available on the host computer, (ii) sends advertisements of the identified network addresses to the set of route servers, and (iii) receives advertisements from the set of route servers regarding network addresses available on other host computers. The identified network addresses, in some embodiments, include at least one of network addresses associated with data compute nodes (DCNs) and network addresses associated with services available at the host computer. The route servers advertise the received network addresses to other routers in the AZ.