公开(公告)号：US20220255896A1

公开(公告)日：2022-08-11

申请号：US17731232

申请日：2022-04-27

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Mukesh Hira ,  Su Wang

IPC: H04L9/40 ,  G06F9/455

Abstract: Some embodiments provide a method for a managed forwarding element (MFE) executing on a data compute node (DCN) that operates on a host computer in a public datacenter. The MFE implements a logical network that connects multiple DCNs within the public datacenter. The method receives a packet, directed to the DCN, that (i) has a first logical network source address and (ii) is encapsulated with a second source address associated with an underlying public datacenter network. The method determines whether the first logical network source address is a valid source address for the packet based on a mapping table that maps logical network addresses to underlying public datacenter network addresses. When the first source address is not a valid source address for the packet, the method drops the packet.

公开(公告)号：US11032162B2

公开(公告)日：2021-06-08

申请号：US16515026

申请日：2019-07-18

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Mukesh Hira ,  Su Wang

IPC: G06F15/173 ,  G06F15/16 ,  H04L12/24 ,  H04L12/46 ,  H04L29/08

Abstract: Example methods and computer systems are provided for east-west service insertion in a public cloud environment. An example method may comprise detecting an egress packet that is destined for a second endpoint located in the same virtual network as a first endpoint. The method may also comprise: in response to determination that service insertion is required, identifying a service path based on a service insertion rule; generating an encapsulated packet by encapsulating the egress packet with an outer header that is addressed from the first endpoint to a network device; and sending the encapsulated packet to cause the network device to send the egress packet towards the service path, thereby steering the egress packet towards the service path for processing.

公开(公告)号：US11343229B2

公开(公告)日：2022-05-24

申请号：US16022657

申请日：2018-06-28

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Mukesh Hira ,  Su Wang

IPC: G06F21/00 ,  H04L29/06 ,  G06F9/455 ,  G06F9/50

Abstract: Some embodiments provide a method for a managed forwarding element (MFE) executing on a data compute node (DCN) that operates on a host computer in a public datacenter. The MFE implements a logical network that connects multiple DCNs within the public datacenter. The method receives a packet, directed to the DCN, that (i) has a first logical network source address and (ii) is encapsulated with a second source address associated with an underlying public datacenter network. The method determines whether the first logical network source address is a valid source address for the packet based on a mapping table that maps logical network addresses to underlying public datacenter network addresses. When the first source address is not a valid source address for the packet, the method drops the packet.

公开(公告)号：US11323340B2

公开(公告)日：2022-05-03

申请号：US16240792

申请日：2019-01-07

Applicant: VMware, Inc.

Inventor： Mukesh Hira

IPC: H04L12/26 ,  H04L43/026 ,  H04L43/065

Abstract: Example methods are provided a first host to perform packet flow monitoring in a software-defined networking (SDN) environment. One example may comprise the first host receiving a request to monitor a packet flow and triggering a telemetry process based on a predetermined event associated with the packet flow. The method may also comprise: in response to the triggered telemetry process and detecting an egress packet associated with the packet flow, generating an encapsulated packet by encapsulating the egress packet with an outer header; configuring a telemetry instruction in the outer header; and sending the encapsulated packet with the telemetry instruction to the second host via one or more intermediate network devices. The telemetry instruction may be configured to cause the one or more intermediate network devices to add, to the encapsulated packet, metadata associated with a network state experienced by the encapsulated packet.

公开(公告)号：US10999196B2

公开(公告)日：2021-05-04

申请号：US16384666

申请日：2019-04-15

Applicant: VMware, Inc.

Inventor： Da Wan ,  Mukesh Hira ,  Feng Gu ,  Jianjun Shen ,  Pankaj Thakkar ,  Donghai Han ,  Wen Feng Liu ,  Tao Ma

IPC: H04L12/715 ,  H04L12/933 ,  H04L12/931 ,  H04L12/46

Abstract: Systems and methods of communicating between a plurality of hosts comprising one or more first hosts controlled by a first control plane and one or more second hosts controlled by a second control plane are disclosed herein. Each of the one or more first hosts runs at least one tunneling endpoint of one or more first tunneling endpoints, and each of the one or more second hosts runs at least one tunneling endpoint of one or more second tunneling endpoint. The method includes storing, at each of the one or more first hosts, a global list identifying at least the one or more second tunneling endpoints. The method further includes receiving a packet at one of the one or more first tunneling endpoints. The method further includes replicating, encapsulating, and transmitting the packet to each of the one or more second tunneling endpoints based on the global list.

公开(公告)号：US20230246907A1

公开(公告)日：2023-08-03

申请号：US17592451

申请日：2022-02-03

Applicant: VMware, Inc.

Inventor： Valentina Reutova ,  Petro Rudy ,  Poonam Chugh ,  Mukesh Hira ,  Vivek Ganesan ,  Ankur Dubey ,  Bo Hu

IPC: H04L41/0816 ,  H04L41/084 ,  H04L41/0853 ,  H04L41/08

CPC classification number: H04L41/0816 ,  H04L41/0846 ,  H04L41/0853 ,  H04L41/0883

Abstract: Some embodiments provide a method of migrating a first software defined (SD) network managed by a first network manager to a second SD network managed by a second network manager. The method of some embodiments is performed by a third network manager that provides an interface that allows a set of users to specify and review logical network components, which the first and second network managers can then respectively deploy in the first and second SD networks. The third network manager in some embodiments identifies for a migration manager a first group of two or more logical network components that the third network manager previously specified for the first network manager to deploy in the first SD network. The migration manager then uses this information to correctly convert the first group of logical network components to a second group of two or more logical components in an appropriate manner that will allow the third network manager to manage the second group of logical network components that is implemented in the second SD network.

公开(公告)号：US20230171193A1

公开(公告)日：2023-06-01

申请号：US18103366

申请日：2023-01-30

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04L45/745 ,  G06F9/455 ,  H04L12/46 ,  H04L49/354 ,  H04L49/00

CPC classification number: H04L45/745 ,  G06F9/45558 ,  H04L12/4633 ,  H04L12/4641 ,  H04L49/354 ,  H04L49/70 ,  H04L2212/00

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US11570104B2

公开(公告)日：2023-01-31

申请号：US17133555

申请日：2020-12-23

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04W4/00 ,  H04L45/745 ,  G06F9/455 ,  H04L12/46 ,  H04L49/354 ,  H04L49/00

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US20220329461A1

公开(公告)日：2022-10-13

申请号：US17849669

申请日：2022-06-26

Applicant: VMware, Inc.

Inventor： Mukesh Hira ,  Su Wang ,  Rahul Jain ,  Ganesan Chandrashekhar ,  Sandeep Siroya

IPC: H04L12/66 ,  H04L45/74 ,  H04L12/46 ,  H04L45/00 ,  H04L67/10

Abstract: Some embodiments provide a centralized overlay-network cloud gateway and a set of centralized services in a transit virtual cloud network (VCN) connected to multiple other compute VCNs hosting compute nodes (VMs, containers, etc.) that are part of (belong to) the overlay network. The centralized overlay-network cloud gateway provides connectivity between compute nodes of the overlay network (e.g., a logical network spanning multiple VCNs) and compute nodes in external networks. Some embodiments use the centralized overlay-network cloud gateway to provide transitive routing (e.g., routing through a transit VCN) in the absence of direct peering between source and destination VCNs. The overlay network, of some embodiments, uses the same subnetting and default gateway address for each compute node as the cloud provider network provided by the virtual private cloud provider.

公开(公告)号：US11374794B2

公开(公告)日：2022-06-28

申请号：US16112597

申请日：2018-08-24

Applicant: VMware, Inc.

Inventor： Mukesh Hira ,  Su Wang ,  Rahul Jain ,  Ganesan Chandrashekhar ,  Sandeep Siroya

IPC: H04L12/66 ,  H04L45/74 ,  H04L12/46 ,  H04L45/00 ,  H04L67/10

Abstract: Some embodiments provide a centralized overlay-network cloud gateway and a set of centralized services in a transit virtual cloud network (VCN) connected to multiple other compute VCNs hosting compute nodes (VMs, containers, etc.) that are part of (belong to) the overlay network. The centralized overlay-network cloud gateway provides connectivity between compute nodes of the overlay network (e.g., a logical network spanning multiple VCNs) and compute nodes in external networks. Some embodiments use the centralized overlay-network cloud gateway to provide transitive routing (e.g., routing through a transit VCN) in the absence of direct peering between source and destination VCNs. The overlay network, of some embodiments, uses the same subnetting and default gateway address for each compute node as the cloud provider network provided by the virtual private cloud provider.