公开(公告)号：US20240113971A1

公开(公告)日：2024-04-04

申请号：US17959989

申请日：2022-10-04

Applicant: VMware, Inc.

Inventor： Abhishek Goliya ,  Santosh Pallagatti Kotrabasappa

IPC: H04L45/76 ,  H04L45/02

CPC classification number: H04L45/76 ,  H04L45/02

Abstract: An example method of handling traffic for an existing connection of a virtual machine (VM) migrated from a source site to a destination site includes: receiving, at an edge server of the destination site, the traffic, the traffic being associated with a network flow; determining, by the edge server of the destination site, that a stateful service of the edge server does not have state for the network flow; sending, by the edge server of the destination site, a threshold number of packets of the traffic to a plurality of sites; receiving, at the edge server of the destination site, an acknowledgement from the source site that the source site has the state for the network flow; and creating, by the edge server of the destination site, a flow mapping to send the traffic associated with the network flow to the source site.

公开(公告)号：US11757917B2

公开(公告)日：2023-09-12

申请号：US17078203

申请日：2020-10-23

Applicant: VMWARE, INC.

Inventor： Santosh Pallagatti Kotrabasappa ,  Sairam Veeraswamy ,  Jayneeta Sinha ,  Suriyan S.

IPC: H04L9/40 ,  H04L41/0604 ,  H04L41/0213 ,  G06F18/243

CPC classification number: H04L63/1433 ,  G06F18/24323 ,  H04L41/0213 ,  H04L41/0627 ,  H04L63/1425 ,  H04L63/1466

Abstract: The disclosure provides an approach for detecting and preventing attacks in a network. Embodiments include receiving network traffic statistics of a system. Embodiments include determining a set of features of the system based on the network traffic statistics. Embodiments include inputting the set of features to a classification model that has been trained using historical features associated with labels indicating whether the historical features correspond to attacks. Embodiments include receiving, as output from the classification model, an indication of whether the system is a target of an attack. Embodiments include receiving additional statistics related to the system. Embodiments include analyzing, in response to the indication that the system is the target of the attack, the additional statistics to identify a source of the attack. Embodiments include performing an action to prevent the attack based on the source of the attack.

公开(公告)号：US11265246B2

公开(公告)日：2022-03-01

申请号：US17008781

申请日：2020-09-01

Applicant: VMWARE, INC.

Inventor： Santosh Pallagatti Kotrabasappa ,  Sami Boutros ,  Jerome Catrouillet ,  George Mathew

IPC: H04L12/721 ,  H04L29/08 ,  H04L45/00 ,  H04L67/141

Abstract: In some embodiments, a method inserts, by a first computing device, a first value for a capability in a first message that is used in a process to automatically exchange capability values with a second computing device. The first value for the capability indicates the first computing device requires a default route to reach the second computing device as a next hop for sending a packet to a destination. The first computing device sends the first message to the second computing device; and receives a second value for the capability in a second message from the second computing device. The second value indicating the second computing device will send the default route to reach the second computing device. When the default route is received from the second computing device, the first computing device stores the default route from the second computing device in a route table.

公开(公告)号：US20240147297A1

公开(公告)日：2024-05-02

申请号：US17976717

申请日：2022-10-28

Applicant: VMware, Inc.

Inventor： Navaneeth Krishnan Ramaswamy ,  Santosh Pallagatti Kotrabasappa

IPC: H04W28/02

CPC classification number: H04W28/0268 ,  H04W28/021 ,  H04W28/0242

Abstract: Some embodiments of the invention provide a method for enabling inter-gateway connectivity in an SD-WAN (software-defined wide area network) that connects multiple sites. The method deploys to the SD-WAN a floating hub gateway router that that (1) connects to multiple gateway routers each of which is deployed in a cloud and connects to at least one edge router in at least one site, and (2) does not connect to edge routers at any site. The method provides a network address associated with the floating hub gateway router to the multiple gateway routers deployed in one or more clouds for the SD-WAN. The method configures the floating hub gateway router to establish a tunnel with each gateway router in the multiple gateway routers to enable inter-gateway connectivity between the multiple gateway routers.

公开(公告)号：US11558220B2

公开(公告)日：2023-01-17

申请号：US16944205

申请日：2020-07-31

Applicant: VMWARE, INC.

Inventor： Sami Boutros ,  Jerome Catrouillet ,  Santosh Pallagatti Kotrabasappa ,  Jia Yu

IPC: H04L12/46 ,  H04L45/64 ,  H04L43/106 ,  H04L43/08 ,  H04L45/28 ,  H04L43/50

Abstract: Example methods and systems for uplink-aware logical overlay tunnel monitoring are described. In one example, a first computer system may establish a logical overlay tunnel with a second computer system. The first computer system may generate and send, over the logical overlay tunnel via the first uplink, a first encapsulated monitoring packet identifying the first uplink. Based on a first reply, first performance metric information associated with the first uplink may be determined. The first computer system may generate and send, over the logical overlay tunnel via the second uplink, a second encapsulated monitoring packet identifying the second uplink. Based on a second reply, second performance metric information associated with the second uplink may be determined. Based on the first performance metric information and the second performance metric information, the first uplink or the second uplink may be selected to send encapsulated data packet(s) over the logical overlay tunnel.

公开(公告)号：US20230403319A1

公开(公告)日：2023-12-14

申请号：US18227304

申请日：2023-07-28

Applicant: VMware, Inc.

Inventor： Sachin Pandey ,  Rohan Gandhi ,  Sreeram Iyer ,  Santosh Pallagatti Kotrabasappa ,  Sairam Veeraswamy

IPC: H04L67/1008 ,  H04L67/101

CPC classification number: H04L67/1008 ,  H04L67/101

Abstract: Some embodiments provide a method of implementing capacity-aware load balancing across a set of data compute nodes (DCNs) by reducing latency for the set of DCNs. From the set of DCNs, the method identifies (1) a first subset of DCNs including DCNs that have a latency that is higher than an average latency computed for the set of DCNs and (2) a second subset of DCNs including DCNs that have a latency that is lower than the average latency computed for the set of DCNs. For each DCN in the first subset of DCNs, the method assigns to the DCN a weight value that corresponds to a target latency computed for the set of DCNs. Based on the assigned weight values for the first subset of DCNs, the method computes an excess weight value to be redistributed across the second subset of DCNs. The method redistributes the computed excess weight value across the second subset of DCNs.

公开(公告)号：US20230396538A1

公开(公告)日：2023-12-07

申请号：US17833555

申请日：2022-06-06

Applicant: VMware, Inc.

Inventor： Santosh Pallagatti Kotrabasappa ,  Abhishek Goliya ,  Sajan Liyon ,  Sairam Veeraswamy ,  Sumit Mundhra

IPC: H04L45/42 ,  H04L45/12 ,  H04L45/24 ,  H04L47/125

CPC classification number: H04L45/42 ,  H04L45/123 ,  H04L45/24 ,  H04L47/125

Abstract: Some embodiments provide a method for implementing context-aware routing for a software-defined wide-area network (SD-WAN). The method is performed at a particular SD-WAN edge forwarding element (FE) connected to a particular cloud datacenter. The method receives a message specifying a weight for a virtual network address associated with a set of application resources distributed across multiple cloud datacenters including the particular cloud datacenter. The method converts the specified weight into a route weight for the SD-WAN. The method provides the converted route weight to a set of SD-WAN edge FEs connected to a set of branch networks, and each SD-WAN edge FE in the set of SD-WAN edge FEs uses the provided route weight to calculate a total cost for routing data messages directed to the virtual network address to the particular cloud datacenter.

公开(公告)号：US11757983B1

公开(公告)日：2023-09-12

申请号：US17746830

申请日：2022-05-17

Applicant: VMware, Inc.

Inventor： Sachin Pandey ,  Rohan Gandhi ,  Sreeram Iyer ,  Santosh Pallagatti Kotrabasappa ,  Sairam Veeraswamy

IPC: H04L67/1008 ,  H04L67/101

CPC classification number: H04L67/1008 ,  H04L67/101

Abstract: Some embodiments provide a method of implementing capacity-aware load balancing across a set of data compute nodes (DCNs) by reducing latency for the set of DCNs. From the set of DCNs, the method identifies (1) a first subset of DCNs including DCNs that have a latency that is higher than an average latency computed for the set of DCNs and (2) a second subset of DCNs including DCNs that have a latency that is lower than the average latency computed for the set of DCNs. For each DCN in the first subset of DCNs, the method assigns to the DCN a weight value that corresponds to a target latency computed for the set of DCNs. Based on the assigned weight values for the first subset of DCNs, the method computes an excess weight value to be redistributed across the second subset of DCNs. The method redistributes the computed excess weight value across the second subset of DCNs.

公开(公告)号：US20240244036A1

公开(公告)日：2024-07-18

申请号：US18122756

申请日：2023-03-17

Applicant: VMWARE, INC.

Inventor： SARAVANAN KANDASAMY ,  Santosh Pallagatti Kotrabasappa ,  Moses Devadason ,  Hari Narayan Gopalan ,  Praveen Kumar Rajendran ,  Sivakumar Seenivasan ,  Jayaprakash Harikrishnan

IPC: H04L9/40

CPC classification number: H04L63/0263 ,  H04L63/0236

Abstract: A method for flow based breakout of firewall usage based on trust is provided. Some embodiments include receiving flow data for one or more flows associated with an endpoint external to a data center, the flow data indicating the one or more flows meet one or more good flow criteria, the one or more flows corresponding to flows of data communicated via a firewall and determining, based on the flow data meeting one or more trusted endpoint criteria, the endpoint is trusted. Some embodiments of the method include generating one or more policies that flows associated with the endpoint can bypass the firewall and configuring an edge services gateway with the one or more policies to cause the edge services gateway to apply the one or more policies without applying the firewall.

公开(公告)号：US20230396670A1

公开(公告)日：2023-12-07

申请号：US17833566

申请日：2022-06-06

Applicant: VMware, Inc.

Inventor： Santosh Pallagatti Kotrabasappa ,  Abhishek Goliya ,  Sajan Liyon ,  Sairam Veeraswamy ,  Sumit Mundhra

IPC: H04L67/1021

CPC classification number: H04L67/1021

Abstract: Some embodiments provide a method of implementing context-aware routing for a software-defined wide-area network, at an SD-WAN edge forwarding element (FE) located at a branch network connected to the SD-WAN. The method receives, from an SD-WAN controller, geolocation route weights for each of multiple cloud datacenters across which a set of application resources is distributed. The application resources are all reachable at a same virtual network address. For each of the cloud datacenters, the method installs a route for the virtual network address between the branch network and the cloud datacenter. The routes have different total costs based at least in part on the geolocation metrics received from the SD-WAN controller. The SD-WAN edge FE selects between the routes to establish connections to the set of application resources.