公开(公告)号：US20230300002A1

公开(公告)日：2023-09-21

申请号：US17724433

申请日：2022-04-19

Applicant: VMware, Inc.

Inventor： Jianjun Shen ,  Ran Gu ,  Caixia Jiang ,  Yves Fauser

IPC: H04L12/46 ,  H04L41/122 ,  H04L41/0803 ,  G06F9/54

CPC classification number: H04L12/4645 ,  H04L41/122 ,  H04L41/0803 ,  G06F9/547

Abstract: Some embodiments of the invention provide a method for adding routable subnets to a logical network that connects multiple machines and is implemented by a software defined network (SDN). The method receives an intent-based API that includes a request to add a routable subnet to the logical network. The method defines (i) a VLAN (virtual local area network) tag associated with the routable subnet, (ii) a first identifier associated with a first logical switch to which at least a first machine in the multiple machines that executes a set of containers belonging to the routable subnet attaches, and (iii) a second identifier associated with a second logical switch designated for the routable subnet. The method generates an API call that maps the VLAN tag and the first identifier to the second identifier. The method provides the API call to a management and control cluster of the SDN to direct the management and control cluster to implement the routable subnet.

公开(公告)号：US20240031267A1

公开(公告)日：2024-01-25

申请号：US17898344

申请日：2022-08-29

Applicant: VMware, Inc.

Inventor： Ran Gu ,  Wenfeng Liu ,  Donghai Han ,  Jianjun Shen ,  Zhengsheng Zhou

IPC: H04L43/10 ,  H04L43/062

CPC classification number: H04L43/10 ,  H04L43/062

Abstract: Some embodiments of the invention provide a method for performing data traffic monitoring for a system that includes a set of heterogeneous networks that includes at least an overlay first network layer that is built on top of an underlay second network layer. The method is performed at a federation controller for the system. The method directs (1) a first set of components in the overlay first network layer to perform a first trace operation to trace a packet exchanged between two machines and passing through network components defined in the overlay first network layer and underlay second network layer and (2) a second set of components in the underlay second network layer to perform a second trace operation to trace the packet. The method receives, from the first and second sets of components, first and second sets of trace data collected during the first and second trace operations. The collected trace data includes correlation data for correlating the first and second sets of data. The method uses the correlation data to correlate the first and second sets of trace data to generate a final trace report identifying a complete path traversed by the packet through the overlay first network layer and underlay second network layer.

公开(公告)号：US20230179513A1

公开(公告)日：2023-06-08

申请号：US18102699

申请日：2023-01-28

Applicant: VMware, Inc.

Inventor： Jianjun Shen ,  Ran Gu ,  Quan Tian ,  Wenying Dong ,  Antonin Bas

IPC: H04L45/00 ,  H04L45/02

CPC classification number: H04L45/38 ,  H04L45/66 ,  H04L45/02 ,  H04L45/46

Abstract: Some embodiments provide a method for an agent executing on a Kubernetes node in a cluster. The method instructs a forwarding element that also executes on the node to process a flow tracing packet. From the forwarding element, the method receives a message indicating a set of flow entries matched by the flow tracing packet as the forwarding element processes the flow tracing packet. For each flow entry of at least a subset of the flow entries matched by the flow tracing packet, the method generates mapping data that maps elements of the flow entry to Kubernetes concepts implemented in the cluster. The method reports data regarding the set of flow entries along with the generated mapping data.

公开(公告)号：US11606254B2

公开(公告)日：2023-03-14

申请号：US17389305

申请日：2021-07-29

Applicant: VMware, Inc.

Inventor： Danting Liu ,  Jianjun Shen ,  Wenfeng Liu ,  Rui Cao ,  Ran Gu ,  Donghai Han

IPC: H04L41/08 ,  H04L12/46

Abstract: The method of some embodiments allocates a secondary network interface for a pod, which has a primary network interface, in a container network operating on an underlying logical network. The method receives an ND that designates a network segment. The method receives the pod, wherein the pod includes an identifier of the ND. The method then creates a secondary network interface for the pod and connects the secondary network interface to the network segment. In some embodiments, the pods include multiple ND identifiers that each identify a network segment. The method of such embodiments creates multiple secondary network interfaces and attaches the multiple network segments to the multiple secondary network interfaces.

公开(公告)号：US20230297404A1

公开(公告)日：2023-09-21

申请号：US17724436

申请日：2022-04-19

Applicant: VMware, Inc.

Inventor： Jianjun Shen ,  Ran Gu ,  Caixia Jiang ,  Yves Fauser

IPC: G06F9/455 ,  G06F9/50 ,  H04L61/2521

CPC classification number: G06F9/45558 ,  G06F9/5016 ,  G06F9/505 ,  H04L61/2535 ,  G06F2009/4557 ,  G06F2009/45595

Abstract: Some embodiments of the invention provide a method for processing data messages for routable subnets of a logical network, the logical network implemented by a software-defined network (SDN) and connecting multiple machines. The method receives an inbound data message. The method performs a DNAT (destination network address translation) operation on the received data message to identify a record associated with a destination IP (Internet protocol) address of the data message. From the record, the method identifies a VLAN (virtual local area network) identifier, an LNI (logical network identifier), and a destination host computer IP address for the data message. The method encapsulates the data message with an outer header containing the destination host computer IP address and the VLAN identifier. The method forwards the encapsulated data message to the destination host computer.

公开(公告)号：US20230179484A1

公开(公告)日：2023-06-08

申请号：US18102700

申请日：2023-01-28

Applicant: VMware, Inc.

Inventor： Danting Liu ,  Jianjun Shen ,  Wenfeng Liu ,  Rui Cao ,  Ran Gu ,  Donghai Han

IPC: H04L41/08 ,  H04L12/46

CPC classification number: H04L41/0876 ,  H04L12/4641

Abstract: The method of some embodiments allocates a secondary network interface for a pod, which has a primary network interface, in a container network operating on an underlying logical network. The method receives an ND that designates a network segment. The method receives the pod, wherein the pod includes an identifier of the ND. The method then creates a secondary network interface for the pod and connects the secondary network interface to the network segment. In some embodiments, the pods include multiple ND identifiers that each identify a network segment. The method of such embodiments creates multiple secondary network interfaces and attaches the multiple network segments to the multiple secondary network interfaces.

公开(公告)号：US20220321495A1

公开(公告)日：2022-10-06

申请号：US17333136

申请日：2021-05-28

Applicant: VMware, Inc.

Inventor： Wenfeng Liu ,  Jianjun Shen ,  Ran Gu ,  Rui Cao ,  Donghai Han

IPC: H04L12/911 ,  H04L12/917 ,  H04L12/24

Abstract: Some embodiments provide a method of tracking errors in a container cluster network overlaying a software defined network (SDN), sometimes referred to as a virtual network. The method sends a request to instantiate a container cluster network object to an SDN manager of the SDN. The method then receives an identifier of a network resource of the SDN for instantiating the container cluster network object. The method associates the identified network resource with the container cluster network object. The method then receives an error message regarding the network resource from the SDN manager. The method identifies the error message as applying to the container cluster network object. The error message, in some embodiments, indicates a failure to initialize the network resource. The container cluster network object may be a namespace, a pod of containers, or a service.

公开(公告)号：US20240031268A1

公开(公告)日：2024-01-25

申请号：US17898351

申请日：2022-08-29

Applicant: VMware, Inc.

Inventor： Ran Gu ,  Wenfeng Liu ,  Donghai Han ,  Jianjun Shen ,  Zhengsheng Zhou

IPC: H04L43/10 ,  H04L45/64

CPC classification number: H04L43/10 ,  H04L45/64

Abstract: Some embodiments of the invention provide a method for performing data traffic monitoring for a system that includes a set of heterogeneous networks that includes at least an overlay first network layer that is built on top of an underlay second network layer. The method is performed at a federation controller for the system. The method directs (1) a first set of components in the overlay first network layer to perform a first trace operation to trace a packet exchanged between two machines and passing through network components defined in the overlay first network layer and underlay second network layer and (2) a second set of components in the underlay second network layer to perform a second trace operation to trace the packet. The method receives, from the first and second sets of components, first and second sets of trace data collected during the first and second trace operations. The collected trace data includes correlation data for correlating the first and second sets of data. The method uses the correlation data to correlate the first and second sets of trace data to generate a final trace report identifying a complete path traversed by the packet through the overlay first network layer and underlay second network layer.

公开(公告)号：US11570090B2

公开(公告)日：2023-01-31

申请号：US17006845

申请日：2020-08-30

Applicant: VMware, Inc.

Inventor： Jianjun Shen ,  Ran Gu ,  Quan Tian ,  Wenying Dong

IPC: H04L45/00 ,  H04L45/02

Abstract: Some embodiments provide a method for an agent executing on a Kubernetes node in a cluster. The method instructs a forwarding element that also executes on the node to process a flow tracing packet. From the forwarding element, the method receives a message indicating a set of flow entries matched by the flow tracing packet as the forwarding element processes the flow tracing packet. For each flow entry of at least a subset of the flow entries matched by the flow tracing packet, the method generates mapping data that maps elements of the flow entry to Kubernetes concepts implemented in the cluster. The method reports data regarding the set of flow entries along with the generated mapping data.

公开(公告)号：US20220400053A1

公开(公告)日：2022-12-15

申请号：US17389305

申请日：2021-07-29

Applicant: VMware, Inc.

Inventor： Danting Liu ,  Jianjun Shen ,  Wenfeng Liu ,  Rui Cao ,  Ran Gu ,  Donghai Han

IPC: H04L12/24 ,  H04L12/46

Abstract: The method of some embodiments allocates a secondary network interface for a pod, which has a primary network interface, in a container network operating on an underlying logical network. The method receives an ND that designates a network segment. The method receives the pod, wherein the pod includes an identifier of the ND. The method then creates a secondary network interface for the pod and connects the secondary network interface to the network segment. In some embodiments, the pods include multiple ND identifiers that each identify a network segment. The method of such embodiments creates multiple secondary network interfaces and attaches the multiple network segments to the multiple secondary network interfaces.