公开(公告)号：US20250147795A1

公开(公告)日：2025-05-08

申请号：US19018197

申请日：2025-01-13

Applicant: VMware LLC

Inventor： Boon S. Ang ,  Wenyi Jiang ,  Guolin Yang ,  Jin Heo

IPC: G06F9/455

Abstract: Some embodiments provide a method for a first smart NIC of multiple smart NICs of a host computer. Each of the smart NICs executes a smart NIC operating system that performs virtual networking operations for a set of data compute machines executing on the host computer. The method receives a data message sent by one of the data compute machines executing on the host computer. The method performs virtual networking operations on the data message to determine that the data message is to be transmitted from a port of a second smart NIC of the multiple smart NICs. The method passes the data message to the second smart NIC via a private communication channel connecting the plurality of smart NICs.

公开(公告)号：US20250039129A1

公开(公告)日：2025-01-30

申请号：US18229645

申请日：2023-08-02

Applicant: VMware LLC

Inventor： Pierluigi Rolando ,  Peng Li ,  Boon S. Ang ,  Guolin Yang ,  Wenyi Jiang ,  Yuxiao Zhang ,  Raju Koganty ,  Subrahmanyam Manuguri ,  Kok Pyng Liew ,  Jin Heo ,  Srinath Suriyanarayanan Thillaisthanam

IPC: H04L9/40 ,  G06F9/455

Abstract: Some embodiments provide a novel method for processing flows at an embedded hardware switch of a physical network interface card (PNIC) connected to a host computer. A firewall of the PNIC detects an end of a particular data message flow associated with a particular VM of the host computer. Processing of the particular data message flow was offloaded from the firewall to an embedded hardware switch of the PNIC. After detecting the end of the particular data message flow, the firewall ends offloading of the particular data message flow by deleting a first flow record stored at the embedded hardware switch for the particular data message flow. The firewall deletes a second flow record stored at the first firewall for the particular data message flow.

公开(公告)号：US12229578B2

公开(公告)日：2025-02-18

申请号：US17560142

申请日：2021-12-22

Applicant: VMware LLC

Inventor： Boon S. Ang ,  Wenyi Jiang ,  Guolin Yang ,  Jin Heo

IPC: G06F9/455

Abstract: Some embodiments provide a method for a first smart NIC of multiple smart NICs of a host computer. Each of the smart NICs executes a smart NIC operating system that performs virtual networking operations for a set of data compute machines executing on the host computer. The method receives a data message sent by one of the data compute machines executing on the host computer. The method performs virtual networking operations on the data message to determine that the data message is to be transmitted from a port of a second smart NIC of the multiple smart NICs. The method passes the data message to the second smart NIC via a private communication channel connecting the plurality of smart NICs.

公开(公告)号：US20250039128A1

公开(公告)日：2025-01-30

申请号：US18229633

申请日：2023-08-02

Applicant: VMware LLC

Inventor： Pierluigi Rolando ,  Peng Li ,  Boon S. Ang ,  Guolin Yang ,  Wenyi Jiang ,  Yuxiao Zhang ,  Raju Koganty ,  Subrahmanyam Manuguri ,  Kok Pyng Liew ,  Jin Heo ,  Srinath Suriyanarayanan Thillaisthanam

IPC: H04L9/40 ,  G06F9/455

Abstract: Some embodiments provide a novel method for offloading firewall operations from a host computer executing a set of one or more virtual machines (VMs) to a physical network interface card (PNIC) connected to the host computer. The method configures, on the PNIC, a first firewall to determine actions to perform on flows associated with the set of VMs, and to offload processing of the flows to a flow-cache second firewall of the PNIC. The method configures, on the PNIC, the flow-cache second firewall to process a first set of flows based on a first set of actions determined by the first firewall, and to offload processing of a second set of flows to an embedded hardware switch of the PNIC. The method configures, on the PNIC, the embedded hardware switch to process the second set of flows based on a second set of actions determined by the first firewall.

公开(公告)号：US20250039140A1

公开(公告)日：2025-01-30

申请号：US18229647

申请日：2023-08-02

Applicant: VMware LLC

Inventor： Pierluigi Rolando ,  Peng Li ,  Boon S. Ang ,  Guolin Yang ,  Wenyi Jiang ,  Yuxiao Zhang ,  Raju Koganty ,  Subrahmanyam Manuguri ,  Kok Pyng Liew ,  Jin Heo ,  Srinath Suriyanarayanan Thillaisthanam

IPC: H04L9/40

Abstract: Some embodiments provide a novel method for using connection tracking records to process data messages at a physical network interface card (PNIC) connected to a host computer. A first software firewall of the PNIC determines whether processing of a flow is passable to a second software firewall of the PNIC and to a third hardware firewall of the PNIC. The first software firewall creates a connection tracking record for the flow and data specifying whether processing of the flow is passable to the second software firewall and independently whether processing of the flow is passable to the third hardware firewall. The first software firewall provides the connection tracking record and said data to the second software firewall of the PNIC so that the second software firewall processes the flow or passes the connection tracking record and the data to the third hardware firewall if determination was that the flow is passable to the third hardware firewall.

公开(公告)号：US20250039139A1

公开(公告)日：2025-01-30

申请号：US18229646

申请日：2023-08-02

Applicant: VMware LLC

Inventor： Pierluigi Rolando ,  Peng Li ,  Boon S. Ang ,  Guolin Yang ,  Wenyi Jiang ,  Yuxiao Zhang ,  Raju Koganty ,  Subrahmanyam Manuguri ,  Kok Pyng Liew ,  Jin Heo ,  Srinath Suriyanarayanan Thillaisthanam

IPC: H04L9/40

Abstract: Some embodiments provide a novel method for updating firewall rules for data message flows processed at a physical network interface card (PNIC) connected to a host computer. A firewall of the PNIC receives an update to a particular firewall rule. The firewall identifies a particular data message flow that is processed at an embedded hardware switch of the PNIC using the particular firewall rule. The firewall updates a flow record associated with the particular data message flow to reflect the received update to the particular firewall rule. The firewall provides the updated flow record to the embedded hardware switch for the embedded hardware switch to process the particular flow according to the received update.

公开(公告)号：US11995024B2

公开(公告)日：2024-05-28

申请号：US17560148

申请日：2021-12-22

Applicant: VMware LLC

Inventor： Boon S. Ang ,  Wenyi Jiang ,  Guolin Yang ,  Jin Heo

IPC: G06F13/42 ,  G06F13/38

CPC classification number: G06F13/4282 ,  G06F13/387 ,  G06F2213/0026 ,  G06F2213/3808

Abstract: Some embodiments provide a method for synchronizing state between multiple smart NICs of a host computer that perform operations using dynamic state information. At a first smart NIC of the plurality of smart NICs, the method stores a set of dynamic state information. The method synchronizes the set of dynamic state information across a communication channel that connects the smart NICs so that each of the smart NICs also stores the set of dynamic state information.

公开(公告)号：US12192116B2

公开(公告)日：2025-01-07

申请号：US18235860

申请日：2023-08-20

Applicant: VMware LLC

Inventor： Boon S. Ang ,  Wenyi Jiang ,  Guolin Yang ,  Jin Heo ,  Srividya Murali

IPC: H04L47/80 ,  H04L45/00 ,  H04L47/12 ,  H04L47/78 ,  H04L49/00 ,  H04L49/109

Abstract: Some embodiments of the invention provide a method for configuring a physical network card or physical network controller (pNIC) to provide flow processing offload (FPO) for a host computer connected to the pNIC. The host computers host a set of compute nodes in a virtual network. The set of compute nodes are each associated with a set of interfaces that are each assigned a locally-unique virtual port identifier (VPID) by a flow processing and action generator. The pNIC includes a set of interfaces that are assigned physical port identifiers (PPIDs) by the pNIC. The method includes providing the pNIC with a set of mappings between VPIDs and PPIDs. The method also includes sending updates to the mappings as compute nodes migrate, connect to different interfaces of the pNIC, are assigned different VPIDs, etc. In some embodiments, the flow processing and action generator executes on processing units of the host computer, while in other embodiments, the flow processing and action generator executes on a set of processing units of a pNIC that includes flow processing hardware and a set of programmable processing units.

公开(公告)号：US20250106172A1

公开(公告)日：2025-03-27

申请号：US18974114

申请日：2024-12-09

Applicant: VMware LLC

Inventor： Boon S. Ang ,  Wenyi Jiang ,  Guolin Yang ,  Jin Heo ,  Srividya Murali

IPC: H04L47/80 ,  H04L45/00 ,  H04L47/12 ,  H04L47/78 ,  H04L49/00 ,  H04L49/109

Abstract: Some embodiments of the invention provide a method for configuring a physical network card or physical network controller (pNIC) to provide flow processing offload (FPO) for a host computer connected to the pNIC. The host computers host a set of compute nodes in a virtual network. The set of compute nodes are each associated with a set of interfaces that are each assigned a locally-unique virtual port identifier (VPID) by a flow processing and action generator. The pNIC includes a set of interfaces that are assigned physical port identifiers (PPIDs) by the pNIC. The method includes providing the pNIC with a set of mappings between VPIDs and PPIDs. The method also includes sending updates to the mappings as compute nodes migrate, connect to different interfaces of the pNIC, are assigned different VPIDs, etc.

公开(公告)号：US20250036439A1

公开(公告)日：2025-01-30

申请号：US18229644

申请日：2023-08-02

Applicant: VMware LLC

Inventor： Pierluigi Rolando ,  Peng Li ,  Boon S. Ang ,  Guolin Yang ,  Wenyi Jiang ,  Yuxiao Zhang ,  Raju Koganty ,  Subrahmanyam Manuguri ,  Kok Pyng Liew ,  Jin Heo ,  Srinath Suriyanarayanan Thillaisthanam

IPC: G06F9/455 ,  H04L41/0897

Abstract: Some embodiments provide a novel method for migrating virtual machines (VMs) from a first host computer to a second host computer. The first host computer is connected to a physical network interface card (PNIC) that performs middlebox service operations for flows associated with the VMs. At the PNIC, the method receives a notification that a VM is to be migrated from the first to the second host computer. The method configures an embedded hardware switch of the PNIC to forward a set of flows associated with the VM to a firewall of the PNIC. The embedded hardware switch was initially programmed to process the set of flows instead of the firewall. The method synchronizes flow cache information regarding the set of flows from the embedded hardware switch to the firewall. The method processes the set of flows at the firewall until the VM is migrated to the second host computer.