公开(公告)号：US12170616B2

公开(公告)日：2024-12-17

申请号：US18103366

申请日：2023-01-30

Applicant: VMware LLC

Inventor： Rahul Jain ,  Kantesh Mundaragi ,  Pierluigi Rolando ,  Jayant Jain ,  Mukesh Hira

IPC: H04L45/745 ,  G06F9/455 ,  H04L12/46 ,  H04L49/00 ,  H04L49/354

Abstract: Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

公开(公告)号：US11962493B2

公开(公告)日：2024-04-16

申请号：US17845716

申请日：2022-06-21

Applicant: VMware LLC

Inventor： Yong Wang ,  Jayant Jain ,  Ganesh Sadasivan ,  Abhishek Goliya

IPC: H04L45/00 ,  H04L61/256 ,  H04L61/2596

CPC classification number: H04L45/38 ,  H04L61/256 ,  H04L61/2596

Abstract: Some embodiments provide a method for forwarding data messages at multiple edge gateways of a logical network that process data messages between the logical network and an external network. At a first edge gateway, the method receives a data message, having an external address as a destination address, from the logical network. Based on the destination address, the method applies a default route to the data message that routes the data message to a second edge gateway and specifies a first output interface of the first edge gateway for the data message. After routing the data message, the method applies a stored NAT entry that (i) modifies a source address of the data message to be a public NAT address associated with the first edge gateway and (ii) redirects the modified data message to a second output interface of the first edge gateway instead of the first output interface.

公开(公告)号：US11954005B2

公开(公告)日：2024-04-09

申请号：US18196367

申请日：2023-05-11

Applicant: VMware LLC

Inventor： Jingmin Zhou ,  Subrahmanyam Manuguri ,  Jayant Jain ,  Anirban Sengupta

IPC: G06F9/44 ,  G06F11/30 ,  G06F40/205 ,  G06V10/94

CPC classification number: G06F11/3072 ,  G06F40/205 ,  G06V10/955

Abstract: In some embodiments, a method stores a plurality of identifiers for a plurality of rules. The plurality of rules each include a set of patterns, and a rule and a pattern combination is associated with an identifier in the plurality of identifiers. Information being sent on a network is scanned and the method determines when a pattern in the information matches a pattern for a rule. The method identifies an identifier for the pattern where the identifier identifies a rule and a pattern combination. Then, the method identifies the rule and the pattern combination based on the identifier. The set of patterns for the rule is found in the information based on determining that the rule and the pattern combinations for the rule have been found in the information.

公开(公告)号：US12301475B2

公开(公告)日：2025-05-13

申请号：US18372627

申请日：2023-09-25

Applicant: VMware LLC

Inventor： Jayant Jain ,  Raju Koganty ,  Anirban Sengupta

IPC: H04L47/70 ,  G06F9/50 ,  H04L41/50 ,  H04L41/5041 ,  H04L41/5051

Abstract: A novel method for dynamic network service allocation that maps generic services into specific configurations of service resources in a network is provided. An application that is assigned to be performed by computing resources in the network is associated with a set of generic services, and the method maps the set of generic services to the service resources based on the assignment of the application to the computing resources. The mapping of generic services is further based on a level of service that is chosen for the application, where the set of generic services are mapped to different sets of network resources according to different levels of services.

公开(公告)号：US20240250903A1

公开(公告)日：2024-07-25

申请号：US18605095

申请日：2024-03-14

Applicant: VMware LLC

Inventor： Yong Wang ,  Jayant Jain ,  Ganesh Sadasivan ,  Abhishek Goliya

IPC: H04L45/00 ,  H04L61/256 ,  H04L61/2596

CPC classification number: H04L45/38 ,  H04L61/256 ,  H04L61/2596

Abstract: Some embodiments provide a method for forwarding data messages at multiple edge gateways of a logical network that process data messages between the logical network and an external network. At a first edge gateway, the method receives a data message, having an external address as a destination address, from the logical network. Based on the destination address, the method applies a default route to the data message that routes the data message to a second edge gateway and specifies a first output interface of the first edge gateway for the data message. After routing the data message, the method applies a stored NAT entry that (i) modifies a source address of the data message to be a public NAT address associated with the first edge gateway and (ii) redirects the modified data message to a second output interface of the first edge gateway instead of the first output interface.

公开(公告)号：US12301479B2

公开(公告)日：2025-05-13

申请号：US18431813

申请日：2024-02-02

Applicant: VMware LLC

Inventor： Jayant Jain ,  Ganesan Chandrashekhar ,  Anirban Sengupta ,  Pankaj Thakkar ,  Alexander Tessmer

IPC: H04L49/00 ,  H04L12/46 ,  H04L41/0803 ,  H04L45/00 ,  H04L45/64

Abstract: Described herein are systems, methods, and software to enhance network traffic management. In one implementation, a first host identifies a packet to be transferred from a first virtual machine on the first host to a second virtual machine on a second host. In response to identifying the packet, the first host identifies a source logical port for the first virtual machine, and transferring a communication to the second host, wherein the communication encapsulates the data packet and the source logical port. Once the packet is received by the second host, the second host may use the source logical port to determine a forwarding action for the packet.

公开(公告)号：US12250194B2

公开(公告)日：2025-03-11

申请号：US18102697

申请日：2023-01-28

Applicant: VMware LLC

Inventor： Sami Boutros ,  Mani Kancherla ,  Jayant Jain ,  Anirban Sengupta

IPC: H04L61/256 ,  H04L12/66 ,  H04L45/745 ,  H04L61/2592 ,  H04L61/5007 ,  H04L101/659

Abstract: Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPV6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

公开(公告)号：US12177067B2

公开(公告)日：2024-12-24

申请号：US18102684

申请日：2023-01-28

Applicant: VMware LLC

Inventor： Akhila Naveen ,  Kantesh Mundaragi ,  Rahul Mishra ,  Fenil Kavathia ,  Raju Koganty ,  Pierluigi Rolando ,  Yong Feng ,  Jayant Jain

IPC: H04L41/0806 ,  H04L12/66 ,  H04L45/42 ,  H04L49/35 ,  H04L67/53

Abstract: Some embodiments provide a method for configuring a gateway machine in a datacenter. The method receives a definition of a logical network for implementation in the datacenter. The logical network includes at least one logical switch to which logical network endpoints attach and a logical router for handling data traffic between the logical network endpoints in the datacenter and an external network. The method receives configuration data attaching a third-party service to at least one interface of the logical router via an additional logical switch designated for service attachments. The third-party service is for performing non-forwarding processing on the data traffic between the logical network endpoints and the external network. The method configures the gateway machine in the datacenter to implement the logical router and redirect at least a subset of the data traffic between the logical network endpoints and the external network to the attached third-party service.

公开(公告)号：US11909558B2

公开(公告)日：2024-02-20

申请号：US17880899

申请日：2022-08-04

Applicant: VMware LLC

Inventor： Dexiang Wang ,  Jia Yu ,  Jayant Jain ,  Mike Parsa ,  Haihua Luo

IPC: H04L12/18 ,  H04L12/66 ,  H04L9/40 ,  H04L45/24 ,  H04L49/25

CPC classification number: H04L12/66 ,  H04L45/24 ,  H04L49/25 ,  H04L63/0254

Abstract: Some embodiments of the invention provide novel methods for providing a stateful service at a network edge device (e.g., an NSX edge) that has a plurality of north-facing interfaces (e.g., interfaces to an external network) and a plurality of corresponding south-facing interfaces (e.g., interfaces to a logical network). A set of interfaces on each side of the network edge device for a set of equal cost paths, in some embodiments, are bonded together in the network edge device to correspond to a single interface on either side of a logical bridge including at least one logical switch providing a stateful service implemented by the network edge device. The bond is implemented, in some embodiments, by a bonding module executing on the network edge device that maintains a mapping between ingress and egress interfaces to allow deterministic forwarding through the network edge device in the presence of bonded interfaces.

公开(公告)号：US12267364B2

公开(公告)日：2025-04-01

申请号：US17384738

申请日：2021-07-24

Applicant: VMware LLC

Inventor： Pierluigi Rolando ,  Jayant Jain ,  Raju Koganty ,  Shadab Shah ,  Abhishek Goliya ,  Chandran Anjur Narasimhan ,  Gurudutt Maiya Belur ,  Vikas Kamath

IPC: H04L45/42 ,  H04L9/40 ,  H04L45/00 ,  H04L45/586

Abstract: A software-defined wide area network (SD-WAN) environment that leverages network virtualization management deployment is provided. Edge security services managed by the network virtualization management deployment are made available in the SD-WAN environment. Cloud gateways forward SD-WAN traffic to managed service nodes to apply security services. Network traffic is encapsulated with corresponding metadata to ensure that services can be performed according to the desired policy. Point-to-point tunnels are established between cloud gateways and the managed service nodes to transport the metadata to the managed service nodes using an overlay logical network. Virtual network identifiers (VNIs) in the metadata are used by the managed service nodes to identify tenants/policies. A managed service node receiving a packet uses provider service routers (T0-SR) and tenant service routers (T1-SRs) based on the VNI to apply the prescribed services for the tenant, and the resulting traffic is returned to the cloud gateway that originated the traffic.