公开(公告)号：US11848800B2

公开(公告)日：2023-12-19

申请号：US17510141

申请日：2021-10-25

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Mukesh Hira

IPC: H04L12/46 ,  H04L45/586 ,  H04L61/2521 ,  H04L45/64 ,  H04L61/5061

CPC classification number: H04L12/4641 ,  H04L45/586 ,  H04L45/64 ,  H04L61/2535 ,  H04L61/5061

Abstract: A system and method for connecting virtual computer networks in a public cloud computing environment using a transit virtual computer network uses a cloud gateway device in the transit virtual computer network that includes a first-tier logical router and a plurality of second-tier logical routers connected to the virtual computer networks. A source Internet Protocol (IP) address of outgoing data packets from a particular virtual computer network is translated at a particular second-tier logical router of the cloud gateway device from an IP address of the particular virtual computer network to an internal IP address from a particular pool of IP addresses. The outgoing data packets are then routed to the first-tier logical router of the cloud gateway device, where the outgoing data packets are transmitted a destination network from a particular interface of the first-tier logical router of the cloud gateway device.

公开(公告)号：US11627080B2

公开(公告)日：2023-04-11

申请号：US16251083

申请日：2019-01-18

Applicant: VMware, Inc.

Inventor： Mukesh Hira ,  Rahul Jain

IPC: H04L12/46 ,  H04L12/28 ,  H04L12/66 ,  H04L41/122 ,  H04W72/04 ,  H04L41/12 ,  H04L45/302 ,  H04L49/20 ,  H04L45/745 ,  G06F9/455 ,  H04L45/02 ,  H04L49/354 ,  H04L49/00 ,  H04L69/22

Abstract: Example methods are provided a network device to perform service insertion in a public cloud environment that includes a first virtual network and a second virtual network. In one example method, in response to receiving a first encapsulated packet from a first virtualized computing instance located in the first virtual network, the network device may generate a decapsulated packet by performing decapsulation to remove, from the first encapsulated packet. The method may also comprise identifying a service path specified by a service insertion rule, and sending the decapsulated packet to the service path to cause the service path to process the decapsulated packet according to one or more services. The method may further comprise: in response to the network device receiving the decapsulated packet processed by the service path, sending the decapsulated packet, or generating and sending a second encapsulated packet, towards a destination address.

公开(公告)号：US11177978B2

公开(公告)日：2021-11-16

申请号：US16525426

申请日：2019-07-29

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Mukesh Hira

IPC: H04L12/46 ,  H04L12/713 ,  H04L29/12 ,  H04L12/715

Abstract: A system and method for connecting virtual computer networks in a public cloud computing environment using a transit virtual computer network uses a cloud gateway device in the transit virtual computer network that includes a first-tier logical router and a plurality of second-tier logical routers connected to the virtual computer networks. A source Internet Protocol (IP) address of outgoing data packets from a particular virtual computer network is translated at a particular second-tier logical router of the cloud gateway device from an IP address of the particular virtual computer network to an internal IP address from a particular pool of IP addresses. The outgoing data packets are then routed to the first-tier logical router of the cloud gateway device, where the outgoing data packets are transmitted a destination network from a particular interface of the first-tier logical router of the cloud gateway device.

公开(公告)号：US20210194807A1

公开(公告)日：2021-06-24

申请号：US17133555

申请日：2020-12-23

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04L12/741 ,  G06F9/455 ,  H04L12/46 ,  H04L12/931

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US20200067733A1

公开(公告)日：2020-02-27

申请号：US16112597

申请日：2018-08-24

Applicant: VMware, Inc.

Inventor： Mukesh Hira ,  Su Wang ,  Rahul Jain ,  Ganesan Chandrashekhar ,  Sandeep Siroya

IPC: H04L12/66 ,  H04L12/741 ,  H04L29/08 ,  H04L12/721 ,  H04L12/46

Abstract: Some embodiments provide a centralized overlay-network cloud gateway and a set of centralized services in a transit virtual cloud network (VCN) connected to multiple other compute VCNs hosting compute nodes (VMs, containers, etc.) that are part of (belong to) the overlay network. The centralized overlay-network cloud gateway provides connectivity between compute nodes of the overlay network (e.g., a logical network spanning multiple VCNs) and compute nodes in external networks. Some embodiments use the centralized overlay-network cloud gateway to provide transitive routing (e.g., routing through a transit VCN) in the absence of direct peering between source and destination VCNs. The overlay network, of some embodiments, uses the same subnetting and default gateway address for each compute node as the cloud provider network provided by the virtual private cloud provider.

公开(公告)号：US11343229B2

公开(公告)日：2022-05-24

申请号：US16022657

申请日：2018-06-28

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Mukesh Hira ,  Su Wang

IPC: G06F21/00 ,  H04L29/06 ,  G06F9/455 ,  G06F9/50

Abstract: Some embodiments provide a method for a managed forwarding element (MFE) executing on a data compute node (DCN) that operates on a host computer in a public datacenter. The MFE implements a logical network that connects multiple DCNs within the public datacenter. The method receives a packet, directed to the DCN, that (i) has a first logical network source address and (ii) is encapsulated with a second source address associated with an underlying public datacenter network. The method determines whether the first logical network source address is a valid source address for the packet based on a mapping table that maps logical network addresses to underlying public datacenter network addresses. When the first source address is not a valid source address for the packet, the method drops the packet.

公开(公告)号：US20220255896A1

公开(公告)日：2022-08-11

申请号：US17731232

申请日：2022-04-27

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Mukesh Hira ,  Su Wang

IPC: H04L9/40 ,  G06F9/455

Abstract: Some embodiments provide a method for a managed forwarding element (MFE) executing on a data compute node (DCN) that operates on a host computer in a public datacenter. The MFE implements a logical network that connects multiple DCNs within the public datacenter. The method receives a packet, directed to the DCN, that (i) has a first logical network source address and (ii) is encapsulated with a second source address associated with an underlying public datacenter network. The method determines whether the first logical network source address is a valid source address for the packet based on a mapping table that maps logical network addresses to underlying public datacenter network addresses. When the first source address is not a valid source address for the packet, the method drops the packet.

公开(公告)号：US11032162B2

公开(公告)日：2021-06-08

申请号：US16515026

申请日：2019-07-18

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Mukesh Hira ,  Su Wang

IPC: G06F15/173 ,  G06F15/16 ,  H04L12/24 ,  H04L12/46 ,  H04L29/08

Abstract: Example methods and computer systems are provided for east-west service insertion in a public cloud environment. An example method may comprise detecting an egress packet that is destined for a second endpoint located in the same virtual network as a first endpoint. The method may also comprise: in response to determination that service insertion is required, identifying a service path based on a service insertion rule; generating an encapsulated packet by encapsulating the egress packet with an outer header that is addressed from the first endpoint to a network device; and sending the encapsulated packet to cause the network device to send the egress packet towards the service path, thereby steering the egress packet towards the service path for processing.

公开(公告)号：US20200067734A1

公开(公告)日：2020-02-27

申请号：US16112602

申请日：2018-08-24

Applicant: VMware, Inc.

Inventor： Mukesh Hira ,  Su Wang ,  Rahul Jain ,  Ganesan Chandrashekhar ,  Sandeep Siroya

IPC: H04L12/66 ,  H04L12/741 ,  H04L29/08 ,  H04L12/721

Abstract: Some embodiments provide a centralized overlay-network cloud gateway and a set of centralized services in a transit virtual private cloud (VPC) connected to multiple other compute VPCs hosting compute nodes (VMs, containers, etc.) that are part of (belong to) the overlay network. The centralized overlay-network cloud gateway provides connectivity between compute nodes of the overlay network (e.g., a logical network spanning multiple VPCs) and compute nodes in external networks. Some embodiments use the centralized overlay-network cloud gateway to provide transitive routing (e.g., routing through a transit VPC) in the absence of direct peering between source and destination VPCs. The overlay network, of some embodiments, uses the same subnetting and default gateway address for each compute node as the cloud provider network provided by the virtual private cloud provider.

公开(公告)号：US20200007497A1

公开(公告)日：2020-01-02

申请号：US16022657

申请日：2018-06-28

Applicant: VMware, Inc.

Inventor： Rahul Jain ,  Mukesh Hira ,  Su Wang

IPC: H04L29/06 ,  G06F9/455

Abstract: Some embodiments provide a method for a managed forwarding element (MFE) executing on a data compute node (DCN) that operates on a host computer in a public datacenter. The MFE implements a logical network that connects multiple DCNs within the public datacenter. The method receives a packet, directed to the DCN, that (i) has a first logical network source address and (ii) is encapsulated with a second source address associated with an underlying public datacenter network. The method determines whether the first logical network source address is a valid source address for the packet based on a mapping table that maps logical network addresses to underlying public datacenter network addresses. When the first source address is not a valid source address for the packet, the method drops the packet.