公开(公告)号：US20240031290A1

公开(公告)日：2024-01-25

申请号：US17938975

申请日：2022-09-07

Applicant: VMware, Inc.

Inventor： Bo LIN ,  Yong WANG ,  Dongping CHEN ,  Xinhua HONG ,  Xinyu HE

IPC: H04L45/76 ,  H04L47/125 ,  H04L45/74

CPC classification number: H04L45/76 ,  H04L47/125 ,  H04L45/74

Abstract: Example methods and systems for centralized service insertion in an active-active cluster are described. In one example, a first service endpoint may operate in an active mode on a first logical service router (SR) supported by the computer system. The first service endpoint may be associated with a second service endpoint operating on the second logical SR in a standby mode. The first logical SR and the second logical SR may be assigned to a first sub-cluster of the active-active cluster. In response to receiving a service request originating from a virtualized computing instance, the service request may be processed using the first service endpoint according to a centralized service that is implemented by both the first service endpoint and the second service endpoint. A processed service request may be forwarded towards a destination capable of generating and sending a service response in reply to the processed service request.

公开(公告)号：US20210014192A1

公开(公告)日：2021-01-14

申请号：US16507045

申请日：2019-07-10

Applicant: VMware, Inc.

Inventor： Jia YU ,  Xinhua HONG ,  Yong WANG

IPC: H04L29/12 ,  H04L12/721 ,  H04L12/713 ,  H04L12/741

Abstract: Example methods for a network device to perform address resolution handling. The method may comprise: in response to a first distributed router (DR) port of a first DR instance detecting an address resolution request from a second DR port of a second DR instance, generating a modified address resolution request that is addressed from a first address associated with the first DR port instead of a second address associated with the second DR port. The modified address resolution request may be broadcasted within a logical network that is connected to the first DR instance through network extension. The method may also comprise: in response to detecting an address resolution response that includes protocol-to-hardware address mapping information associated with an endpoint located on the logical network, generating and sending a modified address resolution response towards the second DR port of the second DR instance.

公开(公告)号：US20220337500A1

公开(公告)日：2022-10-20

申请号：US17689606

申请日：2022-03-08

Applicant: VMware, Inc.

Inventor： Lenin SINGARAVELU ,  Jin HEO ,  Jui-Ting WENG ,  Ayyappan VEERAIYAN ,  Yong WANG

IPC: H04L43/16 ,  H04L43/0894 ,  H04L43/103 ,  G06F9/455

Abstract: A method of optimizing network processing in a system comprising a physical host and a set of physical network interface controllers (PNICs) is provided. The physical host includes a forwarding element. The method includes determining that a set of conditions is satisfied to bypass the forwarding element for exchanging packets between a particular data compute node (DCN) and a particular PNIC. The set of conditions includes the particular DCN being the only DCN connected to the forwarding element and the particular PNIC being the only PNIC connected to the forwarding element. The method exchanges packets between the particular DCN and the particular PNIC bypassing the forwarding element. The method determines that at least one condition in said set of conditions is not satisfied. The method utilizes the forwarding element to exchange packets between the particular DCN and the particular PNIC.

公开(公告)号：US20220103460A1

公开(公告)日：2022-03-31

申请号：US17038555

申请日：2020-09-30

Applicant: VMware, Inc.

Inventor： Jia YU ,  Yong WANG ,  Xinhua HONG ,  Mochi XUE

IPC: H04L12/721 ,  H04L12/813 ,  H04L12/715 ,  H04L12/729

Abstract: The disclosure provides an approach for performance management. Embodiments include receiving, at a port of a router, a transport control protocol (TCP) or user datagram protocol (UDP) packet generated by a performance component of the router. Embodiments include identifying, by the router, a rule related to the TCP or UDP packet. Embodiments include forwarding, by the router, the packet to an interface of a kernel based on the rule. Embodiments include receiving, by the performance component, in response to the TCP or UDP packet, an additional packet from the interface of the kernel. Embodiments include determining, by the performance component, a performance metric based on the TCP or UDP packet and the additional packet.

公开(公告)号：US20210185025A1

公开(公告)日：2021-06-17

申请号：US16714838

申请日：2019-12-16

Applicant: VMware, Inc.

Inventor： Yong WANG ,  Jochen BEHRENS

IPC: H04L29/06 ,  G06F9/50 ,  G06F9/455

Abstract: Example methods and computer systems for receive-side processing for encapsulated encrypted packets. One example may comprise: in response to receiving, over a tunnel, a first encapsulated encrypted packet that includes a first encrypted inner packet and a first outer header, generating a first decrypted inner packet by performing decryption and decapsulation; and based on content of the first decrypted inner packet, assigning the first decrypted inner packet to a first processing unit. The method may further comprise: in response to receiving, over the tunnel, a second encapsulated encrypted packet that includes a second encrypted inner packet and a second outer header, generating a second decrypted inner packet by performing decryption and decapsulation; and based on content of the second decrypted inner packet, assigning the second decrypted inner packet to a second processing unit, thereby distributing post-cryptography processing over multiple processing units.

公开(公告)号：US20210021523A1

公开(公告)日：2021-01-21

申请号：US16514647

申请日：2019-07-17

Applicant: VMware, Inc.

Inventor： Yong WANG ,  Jia YU ,  David LEROY

IPC: H04L12/803 ,  H04L29/06

Abstract: In an embodiment, a computer-implemented method for using virtual tunnel interface teaming to achieve load balance and redundancy in virtual private networks (“VPNs”) is disclosed. In an embodiment, a method comprises: receiving, by a gateway, configuration data from a control plane; based on the configuration data, configuring on the gateway a bonded virtual tunnel interface (“bonded VTI”) having a plurality of slave virtual tunnel interfaces (“slave VTIs”); configuring a plurality of VPN tunnels between the plurality of slave VTIs configured on the gateway and a plurality of slave VTIs configured on a remote gateway; configuring an IPsec VPN tunnel between the bonded VTI configured on the gateway and a corresponding bonded VTI configured on the remote gateway; logically combining the plurality of VPN tunnels into the IPsec VPN tunnel; and enabling communications of IPsec VPN traffic via the IPsec VPN tunnel.

公开(公告)号：US20200028785A1

公开(公告)日：2020-01-23

申请号：US16039946

申请日：2018-07-19

Applicant: VMware, Inc.

Inventor： Boon Seong ANG ,  Yong WANG ,  Guolin YANG ,  Craige Wenyi JIANG

IPC: H04L12/803 ,  H04L12/715 ,  H04L29/12 ,  G06F9/455

Abstract: A method to offload network function packet processing from a virtual machine onto an offload destination is disclosed. In an embodiment, a method comprises: defining an application programing interface (“API”) for capturing, in a packet processor offload, a network function packet processing for a data flow by specifying how to perform the network function packet processing on data packets that belong to the data flow. Based on capabilities of the packet processor offload and available resources, a packet processing offload destination is selected. Based at least on the API, the packet processor offload for the packet processing offload destination is generated. The packet processor offload is downloaded to the packet processing offload destination to configure the packet processing offload destination to provide the network function packet processing on the data packets that belong to the data flow. The packet processing offload destination is a PNIC or a hypervisor.

公开(公告)号：US20220385621A1

公开(公告)日：2022-12-01

申请号：US17877247

申请日：2022-07-29

Applicant: VMware, Inc.

Inventor： Jia YU ,  Xinhua HONG ,  Yong WANG

IPC: H04L61/103 ,  H04L45/44 ,  H04L45/00 ,  H04L45/745 ,  H04L45/586

Abstract: Example methods for a network device to perform address resolution handling. The method may comprise: in response to a first distributed router (DR) port of a first DR instance detecting an address resolution request from a second DR port of a second DR instance, generating a modified address resolution request that is addressed from a first address associated with the first DR port instead of a second address associated with the second DR port. The modified address resolution request may be broadcasted within a logical network that is connected to the first DR instance through network extension. The method may also comprise: in response to detecting an address resolution response that includes protocol-to-hardware address mapping information associated with an endpoint located on the logical network, generating and sending a modified address resolution response towards the second DR port of the second DR instance.

公开(公告)号：US20220231970A1

公开(公告)日：2022-07-21

申请号：US17149760

申请日：2021-01-15

Applicant: VMware, Inc.

Inventor： Yong WANG ,  Boon Seong ANG ,  Wenyi JIANG ,  Guolin YANG

IPC: H04L12/935 ,  H04L29/06 ,  H04L12/743 ,  H04L9/06

Abstract: Example methods and systems for a programmable virtual network interface controller (VNIC) to perform packet processing are described. In one example, the programmable VNIC may modify a packet processing pipeline based on the instruction. The modification may include injecting a second packet processing stage among the multiple first packet processing stages of the packet processing pipeline. In response to detecting an ingress packet that requires processing by the programmable VNIC, the ingress packet may be steered towards the modified packet processing pipeline. The ingress packet may then be processed using the modified packet processing pipeline by performing the second packet processing stage (a) to bypass at least one of the multiple first processing stages, or (b) in addition to the multiple first processing stages.

公开(公告)号：US20220217006A1

公开(公告)日：2022-07-07

申请号：US17141226

申请日：2021-01-05

Applicant: VMware, Inc.

Inventor： Dexiang WANG ,  Xinhua HONG ,  Yong WANG ,  Yu YING ,  Jochen BEHRENS

IPC: H04L12/18 ,  H04L29/08

Abstract: Example methods and systems for multicast packet handling based on flow cache information are described. In one example, a network element may configure flow cache information associated with a multicast flow. The flow cache information may specify a set of actions that is configured based on a sequence of function calls. In response to detecting a multicast packet associated with the multicast flow, fast-path processing may be performed based on the flow cache information. This may include executing a replication action to generate a first packet replica and a second packet replica. First processing action(s) may be executed to process the first packet replica to generate and send a first output packet towards a first multicast destination. Second processing action(s) may be executed to process the second packet replica to generate and send a first output packet towards a second multicast destination.