HANDLING VIRTUAL MACHINE MIGRATION IN A COMPUTING SYSTEM WITH MULTI-SITE STRETCHED GATEWAYS

    公开(公告)号:US20240113971A1

    公开(公告)日:2024-04-04

    申请号:US17959989

    申请日:2022-10-04

    Applicant: VMware, Inc.

    CPC classification number: H04L45/76 H04L45/02

    Abstract: An example method of handling traffic for an existing connection of a virtual machine (VM) migrated from a source site to a destination site includes: receiving, at an edge server of the destination site, the traffic, the traffic being associated with a network flow; determining, by the edge server of the destination site, that a stateful service of the edge server does not have state for the network flow; sending, by the edge server of the destination site, a threshold number of packets of the traffic to a plurality of sites; receiving, at the edge server of the destination site, an acknowledgement from the source site that the source site has the state for the network flow; and creating, by the edge server of the destination site, a flow mapping to send the traffic associated with the network flow to the source site.

    Network attack identification, defense, and prevention

    公开(公告)号:US11757917B2

    公开(公告)日:2023-09-12

    申请号:US17078203

    申请日:2020-10-23

    Applicant: VMWARE, INC.

    Abstract: The disclosure provides an approach for detecting and preventing attacks in a network. Embodiments include receiving network traffic statistics of a system. Embodiments include determining a set of features of the system based on the network traffic statistics. Embodiments include inputting the set of features to a classification model that has been trained using historical features associated with labels indicating whether the historical features correspond to attacks. Embodiments include receiving, as output from the classification model, an indication of whether the system is a target of an attack. Embodiments include receiving additional statistics related to the system. Embodiments include analyzing, in response to the indication that the system is the target of the attack, the additional statistics to identify a source of the attack. Embodiments include performing an action to prevent the attack based on the source of the attack.

    Auto-configuration of routes between neighbor devices

    公开(公告)号:US11265246B2

    公开(公告)日:2022-03-01

    申请号:US17008781

    申请日:2020-09-01

    Applicant: VMWARE, INC.

    Abstract: In some embodiments, a method inserts, by a first computing device, a first value for a capability in a first message that is used in a process to automatically exchange capability values with a second computing device. The first value for the capability indicates the first computing device requires a default route to reach the second computing device as a next hop for sending a packet to a destination. The first computing device sends the first message to the second computing device; and receives a second value for the capability in a second message from the second computing device. The second value indicating the second computing device will send the default route to reach the second computing device. When the default route is received from the second computing device, the first computing device stores the default route from the second computing device in a route table.

    METHODS FOR RESILIENT MULTI CLOUD GATEWAY INTERCONNECTS

    公开(公告)号:US20240147297A1

    公开(公告)日:2024-05-02

    申请号:US17976717

    申请日:2022-10-28

    Applicant: VMware, Inc.

    CPC classification number: H04W28/0268 H04W28/021 H04W28/0242

    Abstract: Some embodiments of the invention provide a method for enabling inter-gateway connectivity in an SD-WAN (software-defined wide area network) that connects multiple sites. The method deploys to the SD-WAN a floating hub gateway router that that (1) connects to multiple gateway routers each of which is deployed in a cloud and connects to at least one edge router in at least one site, and (2) does not connect to edge routers at any site. The method provides a network address associated with the floating hub gateway router to the multiple gateway routers deployed in one or more clouds for the SD-WAN. The method configures the floating hub gateway router to establish a tunnel with each gateway router in the multiple gateway routers to enable inter-gateway connectivity between the multiple gateway routers.

    Uplink-aware monitoring of logical overlay tunnels

    公开(公告)号:US11558220B2

    公开(公告)日:2023-01-17

    申请号:US16944205

    申请日:2020-07-31

    Applicant: VMWARE, INC.

    Abstract: Example methods and systems for uplink-aware logical overlay tunnel monitoring are described. In one example, a first computer system may establish a logical overlay tunnel with a second computer system. The first computer system may generate and send, over the logical overlay tunnel via the first uplink, a first encapsulated monitoring packet identifying the first uplink. Based on a first reply, first performance metric information associated with the first uplink may be determined. The first computer system may generate and send, over the logical overlay tunnel via the second uplink, a second encapsulated monitoring packet identifying the second uplink. Based on a second reply, second performance metric information associated with the second uplink may be determined. Based on the first performance metric information and the second performance metric information, the first uplink or the second uplink may be selected to send encapsulated data packet(s) over the logical overlay tunnel.

    CAPACITY-AWARE LAYER-4 LOAD BALANCER
    6.
    发明公开

    公开(公告)号:US20230403319A1

    公开(公告)日:2023-12-14

    申请号:US18227304

    申请日:2023-07-28

    Applicant: VMware, Inc.

    CPC classification number: H04L67/1008 H04L67/101

    Abstract: Some embodiments provide a method of implementing capacity-aware load balancing across a set of data compute nodes (DCNs) by reducing latency for the set of DCNs. From the set of DCNs, the method identifies (1) a first subset of DCNs including DCNs that have a latency that is higher than an average latency computed for the set of DCNs and (2) a second subset of DCNs including DCNs that have a latency that is lower than the average latency computed for the set of DCNs. For each DCN in the first subset of DCNs, the method assigns to the DCN a weight value that corresponds to a target latency computed for the set of DCNs. Based on the assigned weight values for the first subset of DCNs, the method computes an excess weight value to be redistributed across the second subset of DCNs. The method redistributes the computed excess weight value across the second subset of DCNs.

    CONTEXT-AWARE ROUTING FOR SD-WAN
    7.
    发明公开

    公开(公告)号:US20230396538A1

    公开(公告)日:2023-12-07

    申请号:US17833555

    申请日:2022-06-06

    Applicant: VMware, Inc.

    CPC classification number: H04L45/42 H04L45/123 H04L45/24 H04L47/125

    Abstract: Some embodiments provide a method for implementing context-aware routing for a software-defined wide-area network (SD-WAN). The method is performed at a particular SD-WAN edge forwarding element (FE) connected to a particular cloud datacenter. The method receives a message specifying a weight for a virtual network address associated with a set of application resources distributed across multiple cloud datacenters including the particular cloud datacenter. The method converts the specified weight into a route weight for the SD-WAN. The method provides the converted route weight to a set of SD-WAN edge FEs connected to a set of branch networks, and each SD-WAN edge FE in the set of SD-WAN edge FEs uses the provided route weight to calculate a total cost for routing data messages directed to the virtual network address to the particular cloud datacenter.

    Capacity-aware layer-4 load balancer

    公开(公告)号:US11757983B1

    公开(公告)日:2023-09-12

    申请号:US17746830

    申请日:2022-05-17

    Applicant: VMware, Inc.

    CPC classification number: H04L67/1008 H04L67/101

    Abstract: Some embodiments provide a method of implementing capacity-aware load balancing across a set of data compute nodes (DCNs) by reducing latency for the set of DCNs. From the set of DCNs, the method identifies (1) a first subset of DCNs including DCNs that have a latency that is higher than an average latency computed for the set of DCNs and (2) a second subset of DCNs including DCNs that have a latency that is lower than the average latency computed for the set of DCNs. For each DCN in the first subset of DCNs, the method assigns to the DCN a weight value that corresponds to a target latency computed for the set of DCNs. Based on the assigned weight values for the first subset of DCNs, the method computes an excess weight value to be redistributed across the second subset of DCNs. The method redistributes the computed excess weight value across the second subset of DCNs.

    ROUTING BASED ON GEOLOCATION COSTS
    10.
    发明公开

    公开(公告)号:US20230396670A1

    公开(公告)日:2023-12-07

    申请号:US17833566

    申请日:2022-06-06

    Applicant: VMware, Inc.

    CPC classification number: H04L67/1021

    Abstract: Some embodiments provide a method of implementing context-aware routing for a software-defined wide-area network, at an SD-WAN edge forwarding element (FE) located at a branch network connected to the SD-WAN. The method receives, from an SD-WAN controller, geolocation route weights for each of multiple cloud datacenters across which a set of application resources is distributed. The application resources are all reachable at a same virtual network address. For each of the cloud datacenters, the method installs a route for the virtual network address between the branch network and the cloud datacenter. The routes have different total costs based at least in part on the geolocation metrics received from the SD-WAN controller. The SD-WAN edge FE selects between the routes to establish connections to the set of application resources.

Patent Agency Ranking