公开(公告)号：US11929920B2

公开(公告)日：2024-03-12

申请号：US17467479

申请日：2021-09-07

Applicant: VMware LLC

Inventor： Bhargav Puvvada ,  Sourabh Bhattacharya ,  Awan Kumar Sharma

IPC: H04L45/00 ,  H04L12/46 ,  H04L45/02 ,  H04L45/748

CPC classification number: H04L45/38 ,  H04L12/4633 ,  H04L45/04 ,  H04L45/566 ,  H04L45/748

Abstract: Described herein are systems, methods, and software to manage processing queue allocation based on addressing attributes of an inner packet. In one implementation, a first gateway identifies processing queues at a second gateway and assigns a unique flow label to each of the processing queues. The first gateway further receives a packet from a computing node that is directed toward the second gateway. The first gateway hashes addressing information in the packet to select a flow label, encapsulates the packet with the flow label in the outer encapsulation header for the encapsulated packet, and forwards the packet toward the second gateway.

公开(公告)号：US11902264B2

公开(公告)日：2024-02-13

申请号：US17016596

申请日：2020-09-10

Applicant: VMware LLC

Inventor： Yong Wang ,  Todd Sabin ,  Weiqing Wu ,  Awan Kumar Sharma ,  Jia Yu

IPC: H04L9/40 ,  H04L43/0829 ,  H04L43/0864 ,  H04L61/2592 ,  H04L61/2578 ,  H04L61/2517 ,  H04L61/2514 ,  H04L101/663

CPC classification number: H04L63/0485 ,  H04L43/0829 ,  H04L43/0864 ,  H04L61/2514 ,  H04L61/2517 ,  H04L61/2578 ,  H04L61/2592 ,  H04L63/029 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/164 ,  H04L63/18 ,  H04L63/061 ,  H04L2101/663

Abstract: A method for selecting between a plurality of paths for sending an encrypted packet from a source endpoint to a destination endpoint is provided. The method selects a first path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, each of the plurality of paths associated with a different one of a plurality of source ports, the encrypted packet being encrypted based on a security association established between the source endpoint and the destination endpoint in accordance with an IPSec protocol. The method further encapsulates, based on the SA having NAT-T enabled, the encrypted packet with a UDP header having a first source port associated with the first path. The method then transmits the encapsulated encrypted packet from the source endpoint to the destination endpoint via the first path.

公开(公告)号：US12126598B2

公开(公告)日：2024-10-22

申请号：US17715993

申请日：2022-04-08

Applicant: VMware LLC

Inventor： Yong Wang ,  Awan Kumar Sharma ,  Abhishek Goliya ,  Xinhua Hong ,  Bhargav Puvvada

IPC: H04L12/66 ,  H04L9/40 ,  H04L61/2592

CPC classification number: H04L63/0272 ,  H04L12/66 ,  H04L61/2592 ,  H04L63/0485

Abstract: Described herein are systems, methods, and software to manage secure tunnel communications in multi-edge gateway computing environments. In one implementation, a control system identifies an edge gateway from a plurality of edge gateways to support a private network tunnel. The control system further identifies addressing attributes associated with communications directed over the private network tunnel and configures the plurality of edge gateways to forward packets associated with the addressing attributes to the identified edge gateway, wherein the edge gateway can process and forward the packets over the private network tunnel.

公开(公告)号：US12107834B2

公开(公告)日：2024-10-01

申请号：US17570363

申请日：2022-01-06

Applicant: VMware LLC

Inventor： Yong Wang ,  Awan Kumar Sharma ,  Sourabh Bhattacharya ,  Deepika Solanki ,  Sarthak Ray

IPC: G06F9/00 ,  H04L9/40 ,  H04L29/06 ,  H04L45/12 ,  H04L45/24 ,  H04L45/42 ,  H04L47/125

CPC classification number: H04L63/029 ,  H04L45/123 ,  H04L45/24 ,  H04L45/42 ,  H04L47/125 ,  H04L63/0435 ,  H04L63/20

Abstract: Some embodiments provide a method that collects metrics for one or more paths of a first tunnel implementing a first security association (SA) and for one or more paths of a second tunnel implementing a second SA. The method selects a path based on the collected metrics of the paths of the first and second tunnels. When the selected path belongs to the first tunnel, the method encrypts data transmitted as encrypted payload of the first SA and transmits the encrypted payload in the first tunnel. When the selected path belongs to the second tunnel, the method encrypts data to be transmitted as encrypted payload of the second SA and transmits the encrypted payload in the second tunnel.

公开(公告)号：US12095736B2

公开(公告)日：2024-09-17

申请号：US17213321

申请日：2021-03-26

Applicant: VMware LLC

Inventor： Awan Kumar Sharma ,  Yong Wang ,  Sourabh Bhattacharya ,  Bhargav Puvvada ,  Sarthak Ray ,  Mayur Katke

IPC: H04L9/40 ,  H04L45/00 ,  H04L45/586

CPC classification number: H04L63/0272 ,  H04L45/38 ,  H04L45/586 ,  H04L63/029 ,  H04L63/0485

Abstract: A method for IPSec communication between a source machine and a destination machine is provided. The method includes receiving, at the destination machine, first and second packets from the source machine through first and second VPN tunnels established between a first VTI of the source machine and a second VTI of the destination machine; determining the first packet corresponds to a first SA and the second packet corresponds to a second SA; processing, by a first processing core, the first packet based on the first SA, and processing, by a second processing core, the second packet based on the second SA; and updating, at the second VTI, states of one or more flows based on the first and second packets, the second VTI providing one or more stateful services for the one or more packet flows based on the one or more states.

公开(公告)号：US20240223515A1

公开(公告)日：2024-07-04

申请号：US18108683

申请日：2023-02-13

Applicant: VMware, LLC

Inventor： BHARGAV PUVVADA ,  Awan Kumar Sharma

IPC: H04L49/90 ,  H04L47/34

CPC classification number: H04L49/90 ,  H04L47/34

Abstract: Described herein are systems, methods, and software manage the allocation of packets to processing queues at a gateway. In one example, a first gateway receives a packet from a second gateway, wherein the packet comprises an internet protocol security (IPsec) packet. The first gateway identifies a value in a subset of bits in a sequence number portion of the packet and selects a queue from a plurality of queues at the first gateway based on the value.

公开(公告)号：US12113773B2

公开(公告)日：2024-10-08

申请号：US17570364

申请日：2022-01-06

Applicant: VMware LLC

Inventor： Deepika Solanki ,  Awan Kumar Sharma ,  Yong Wang ,  Sourabh Bhattacharya ,  Sarthak Ray

IPC: H04L9/40 ,  H04L12/46 ,  H04L45/24

CPC classification number: H04L63/0272 ,  H04L12/4641 ,  H04L63/0428 ,  H04L45/24

Abstract: Some embodiments provide a method that identifies multiple paths between a first site and a second site. A security association (SA) is established for transmitting encrypted payload from the first site to the second site in a virtual private network (VPN) session. The method selects a path based on metrics that are obtained for the paths. The selected path is defined by a first endpoint address of the first site and a second endpoint address of the second site. The method sends a message from the first site to the second site to update the SA to switch from using an original path to using the selected path. The message indicates the first and second endpoint addresses. The method transmits a packet including a payload that is encrypted according to the updated SA.