公开(公告)号：US20250106141A1

公开(公告)日：2025-03-27

申请号：US18648171

申请日：2024-04-26

Applicant: VMware LLC

Inventor： Minjal Agarwal ,  Yong Wang ,  Abhishek Goliya ,  Kai-Wei Fan

IPC: H04L45/12 ,  H04L43/10 ,  H04L45/24

Abstract: Some embodiments provide a method for controlling flow processing by an edge cluster including a first edge machine set operating in a first location set of a public cloud and a second edge machine set operating in a second location set of the public cloud. A controller set configures first and second managed forwarding element (MFE) sets operating in the first and second location sets respectively, with first and second forwarding rule sets to respectively forward first and second flows sets to the first and second edge machine sets for performing services. The first forwarding rule set specifies a first network address set for the first edge machine set, and the second forwarding rule set specifies a second network address set for the second edge machine set. The controller set monitors each edge machine to determine whether it is available to perform the services.

公开(公告)号：US12021682B1

公开(公告)日：2024-06-25

申请号：US18239923

申请日：2023-08-30

Applicant: VMware LLC

Inventor： Abhishek Goliya ,  Yu Ying ,  Yong Wang

IPC: H04L41/0803 ,  H04L41/0893

CPC classification number: H04L41/0803 ,  H04L41/0893

Abstract: Some embodiments provide a method for configuring logical routers of a logical network. The logical routers are implemented in a Kubernetes cluster as a first set of Pods that each perform logical forwarding operations for the logical routers and a second set of Pods that each perform L7 service operations for a respective logical router. From a Kubernetes control plane component, the method receives a notification that the first set requires scaling to include an additional Pod. The first-set Pods process data messages between the logical network and external networks. Within the network management system, the method defines at least one new interface for processing data messages between the logical network and external networks. The method configures the at least one interface on the additional Pod to communicate with external physical routers to receive traffic from the external networks and send traffic to the external networks.

公开(公告)号：US12267364B2

公开(公告)日：2025-04-01

申请号：US17384738

申请日：2021-07-24

Applicant: VMware LLC

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Shadab Shah ,  Abhishek Goliya ,  Chandran Anjur Narasimhan ,  Gurudutt Maiya Belur ,  Vikas Kamath

IPC: H04L45/42 ,  H04L9/40 ,  H04L45/00 ,  H04L45/586

Abstract: A software-defined wide area network (SD-WAN) environment that leverages network virtualization management deployment is provided. Edge security services managed by the network virtualization management deployment are made available in the SD-WAN environment. Cloud gateways forward SD-WAN traffic to managed service nodes to apply security services. Network traffic is encapsulated with corresponding metadata to ensure that services can be performed according to the desired policy. Point-to-point tunnels are established between cloud gateways and the managed service nodes to transport the metadata to the managed service nodes using an overlay logical network. Virtual network identifiers (VNIs) in the metadata are used by the managed service nodes to identify tenants/policies. A managed service node receiving a packet uses provider service routers (T0-SR) and tenant service routers (T1-SRs) based on the VNI to apply the prescribed services for the tenant, and the resulting traffic is returned to the cloud gateway that originated the traffic.

公开(公告)号：US20250080630A1

公开(公告)日：2025-03-06

申请号：US18239921

申请日：2023-08-30

Applicant: VMware LLC

Inventor： Abhishek Goliya ,  Yu Ying ,  Yong Wang

IPC: H04L69/22 ,  H04L45/76 ,  H04L69/321

Abstract: Some embodiments provide a method for configuring a logical router implemented in a Kubernetes cluster. The method receives configuration data specifying a service rule for the logical router. The service rule requires processing of L5-L7 headers of data messages sent to the logical router. Based on the service rule, the method defines (i) a redirection rule specifying a set of data messages to which the service rule applies based on L2-L4 header values and (ii) an L5-L7 processing rule for application of the service rule. the method provides the redirection rule to a first set of Pods in the cluster and the L5-L7 processing rule to a second set of Pods in the cluster.

公开(公告)号：US20250080411A1

公开(公告)日：2025-03-06

申请号：US18752352

申请日：2024-06-24

Applicant: VMware LLC

Inventor： Abhishek Goliya ,  Yu Ying ,  Yong Wang

IPC: H04L41/0803 ,  H04L41/0893

Abstract: Some embodiments provide a method for configuring logical routers of a logical network. The logical routers are implemented in a Kubernetes cluster as a first set of Pods that each perform logical forwarding operations for the logical routers and a second set of Pods that each perform L7 service operations for a respective logical router. From a Kubernetes control plane component, the method receives a notification that the first set requires scaling to include an additional Pod. The first-set Pods process data messages between the logical network and external networks. Within the network management system, the method defines at least one new interface for processing data messages between the logical network and external networks. The method configures the at least one interface on the additional Pod to communicate with external physical routers to receive traffic from the external networks and send traffic to the external networks.

公开(公告)号：US11888735B2

公开(公告)日：2024-01-30

申请号：US17223398

申请日：2021-04-06

Applicant: VMware LLC

Inventor： Sami Boutros ,  Ganesan Chandrashekhar ,  Sri Mohana Singamsetty ,  Ankur Dubey ,  Abhishek Goliya

IPC: H04L12/741 ,  H04L45/00 ,  H04L45/44 ,  H04L45/16 ,  H04L45/74 ,  H04L45/586

CPC classification number: H04L45/54 ,  H04L45/16 ,  H04L45/44 ,  H04L45/46 ,  H04L45/586 ,  H04L45/74

Abstract: In some embodiments, a method for selecting an egress point for accessing an external network associated with a distributed logical router that is distributed across at least a first computing device and a second computing device is provided. The method receives, by an instance of the logical router at the first computing device, first identification information and a first preference value. The method compares the first preference value to a second preference value. The second preference value is associated with second identification information corresponding to a current computing device that is identified as a current preferred egress point for the logical router. The method determines whether to set the egress point connected to the instance of the logical router in the second computing device as a new preferred egress point for the logical router.

公开(公告)号：US20250106108A1

公开(公告)日：2025-03-27

申请号：US18827558

申请日：2024-09-06

Applicant: VMware LLC

Inventor： Minjal Agarwal ,  Abhishek Goliya ,  Yong Wang

IPC: H04L41/0893

Abstract: Some embodiments provide a novel method for deploying an edge device as a cluster of pods. The method receives a set of criteria for deploying the edge device. The method uses the set of criteria to deploy the edge device as a set of one or more pods executing on a set of one or more nodes. The method implements, on the set of pods, a set of one or more services to perform on data message flows. At least two pods deployed for the edge cluster perform different service operations of different service types such that the different service types are able to be scaled independently.

公开(公告)号：US20250077249A1

公开(公告)日：2025-03-06

申请号：US18239920

申请日：2023-08-30

Applicant: VMware, LLC

Inventor： Abhishek Goliya ,  Yu Ying ,  Yong Wang

IPC: G06F9/455

Abstract: Some embodiments provide a method for configuring a logical network in a Kubernetes cluster, at a network management system external to the Kubernetes cluster. The method receives a definition of a logical router for the logical network. The logical router definition specifies a set of one or more L7 services to be performed on data messages processed by the logical router. Via a control plane of the Kubernetes cluster, the method defines (i) a first CR instance associated with a first CRD for implementing logical forwarding for the logical router and (ii) for each L7 service, a separate CR instance associated with a second CRD for implementing the L7 service.

公开(公告)号：US12170622B2

公开(公告)日：2024-12-17

申请号：US18358864

申请日：2023-07-25

Applicant: VMware LLC

Inventor： Santosh Pallagatti Kotrabasappa ,  Sairam Veeraswamy ,  Abhishek Goliya ,  Abbas Mohamed

IPC: H04L47/10 ,  G06F16/245 ,  G06N20/00 ,  H04L47/2441

Abstract: In some embodiments, a method receives a set of packets for a flow and determines a set of features for the flow from the set of packets. A classification of an elephant flow or a mice flow is selected based on the set of features. The classification is selected before assigning the flow to a network resource in a plurality of network resources. The method assigns the flow to a network resource in the plurality of network resources based on the classification for the flow and a set of classifications for flows currently assigned to the plurality of network resources. Then, the method sends the set of packets for the flow using the assigned network resource.

公开(公告)号：US20240250903A1

公开(公告)日：2024-07-25

申请号：US18605095

申请日：2024-03-14

Applicant: VMware LLC

Inventor： Yong Wang ,  Jayant Jain ,  Ganesh Sadasivan ,  Abhishek Goliya

IPC: H04L45/00 ,  H04L61/256 ,  H04L61/2596

CPC classification number: H04L45/38 ,  H04L61/256 ,  H04L61/2596

Abstract: Some embodiments provide a method for forwarding data messages at multiple edge gateways of a logical network that process data messages between the logical network and an external network. At a first edge gateway, the method receives a data message, having an external address as a destination address, from the logical network. Based on the destination address, the method applies a default route to the data message that routes the data message to a second edge gateway and specifies a first output interface of the first edge gateway for the data message. After routing the data message, the method applies a stored NAT entry that (i) modifies a source address of the data message to be a public NAT address associated with the first edge gateway and (ii) redirects the modified data message to a second output interface of the first edge gateway instead of the first output interface.