公开(公告)号：US12113773B2

公开(公告)日：2024-10-08

申请号：US17570364

申请日：2022-01-06

Applicant: VMware LLC

Inventor： Deepika Solanki ,  Awan Kumar Sharma ,  Yong Wang ,  Sourabh Bhattacharya ,  Sarthak Ray

IPC: H04L9/40 ,  H04L12/46 ,  H04L45/24

CPC classification number: H04L63/0272 ,  H04L12/4641 ,  H04L63/0428 ,  H04L45/24

Abstract: Some embodiments provide a method that identifies multiple paths between a first site and a second site. A security association (SA) is established for transmitting encrypted payload from the first site to the second site in a virtual private network (VPN) session. The method selects a path based on metrics that are obtained for the paths. The selected path is defined by a first endpoint address of the first site and a second endpoint address of the second site. The method sends a message from the first site to the second site to update the SA to switch from using an original path to using the selected path. The message indicates the first and second endpoint addresses. The method transmits a packet including a payload that is encrypted according to the updated SA.

公开(公告)号：US12231407B2

公开(公告)日：2025-02-18

申请号：US17564274

申请日：2021-12-29

Applicant: VMware LLC

Inventor： Deepika Solanki ,  Yong Wang ,  Sarthak Ray

IPC: H04L9/40

Abstract: The disclosure provides an approach for logical switch level load balancing of Layer 2 virtual private network (L2VPN) traffic. A method of securing communications with a peer gateway generally includes establishing, at a virtual tunnel interface of a local gateway, a plurality of security tunnels with the peer gateway. Each of the plurality of security tunnels is associated with a different set of one or more layer 2 segments and with one or more security associations (SAs) with the peer gateway. The method generally includes receiving a packet, at the local gateway, via a first L2 segment. The method generally includes selecting one of the plurality of security tunnels and an SA associated with the selected security tunnel based on the L2 segment via which the packet was received. The method generally includes encrypting and encapsulating the packet based on the selected security tunnel and SA.

公开(公告)号：US12107834B2

公开(公告)日：2024-10-01

申请号：US17570363

申请日：2022-01-06

Applicant: VMware LLC

Inventor： Yong Wang ,  Awan Kumar Sharma ,  Sourabh Bhattacharya ,  Deepika Solanki ,  Sarthak Ray

IPC: G06F9/00 ,  H04L9/40 ,  H04L29/06 ,  H04L45/12 ,  H04L45/24 ,  H04L45/42 ,  H04L47/125

CPC classification number: H04L63/029 ,  H04L45/123 ,  H04L45/24 ,  H04L45/42 ,  H04L47/125 ,  H04L63/0435 ,  H04L63/20

Abstract: Some embodiments provide a method that collects metrics for one or more paths of a first tunnel implementing a first security association (SA) and for one or more paths of a second tunnel implementing a second SA. The method selects a path based on the collected metrics of the paths of the first and second tunnels. When the selected path belongs to the first tunnel, the method encrypts data transmitted as encrypted payload of the first SA and transmits the encrypted payload in the first tunnel. When the selected path belongs to the second tunnel, the method encrypts data to be transmitted as encrypted payload of the second SA and transmits the encrypted payload in the second tunnel.