公开(公告)号：US20240022452A1

公开(公告)日：2024-01-18

申请号：US17958513

申请日：2022-10-03

Applicant: VMWARE, INC.

Inventor： GAURAV JINDAL ,  HUSSAINA BEGUM NANDYALA ,  BHARGAV PUVVADA

IPC: H04L12/46 ,  H04L12/66 ,  H04L61/256

CPC classification number: H04L12/4641 ,  H04L12/66 ,  H04L61/256

Abstract: The disclosure provides an approach for processing inter-network communications. Embodiments include configuring, by a management component of a data center, a first virtual private network (VPN) session between a first endpoint outside of the data center and a first gateway of the data center. Embodiments include configuring, by the management component, a second VPN session between a second endpoint outside of the data center and a second gateway of the data center. Embodiments include programming, by the management component, one or more network address translation (NAT) tables of the data center such that, for the first VPN session and the second VPN session, a single public network address of the data center is exposed to the first endpoint and the second endpoint.

公开(公告)号：US20220231993A1

公开(公告)日：2022-07-21

申请号：US17213321

申请日：2021-03-26

Applicant: VMWARE, INC.

Inventor： AWAN KUMAR SHARMA ,  YONG WANG ,  SOURABH BHATTACHARYA ,  BHARGAV PUVVADA ,  SARTHAK RAY ,  MAYUR KATKE

IPC: H04L29/06 ,  H04L12/713 ,  H04L12/721

Abstract: A method for IPSec communication between a source machine and a destination machine is provided. The method includes receiving, at the destination machine, first and second packets from the source machine through first and second VPN tunnels established between a first VTI of the source machine and a second VTI of the destination machine; determining the first packet corresponds to a first SA and the second packet corresponds to a second SA; processing, by a first processing core, the first packet based on the first SA, and processing, by a second processing core, the second packet based on the second SA; and updating, at the second VTI, states of one or more flows based on the first and second packets, the second VTI providing one or more stateful services for the one or more packet flows based on the one or more states.

公开(公告)号：US20220021687A1

公开(公告)日：2022-01-20

申请号：US17012235

申请日：2020-09-04

Applicant: VMWARE, INC.

Inventor： SOURABH BHATTACHARYA ,  YONG WANG ,  AWAN KUMAR SHARMA ,  BHARGAV PUVVADA ,  MAYUR KATKE

IPC: H04L29/06 ,  H04L9/08 ,  H04L12/803

Abstract: Certain embodiments described herein are relate to a method for dynamically rekeying a security association. The method includes establishing, by a destination tunnel endpoint (TEP), an in-bound security association with a source TEP, with a first security parameter index (SPI) value, for encrypting data packets communicated between the source TEP and the destination TEP. The method further includes rekeying, by the destination TEP, the in-bound security association, the rekeying including generating a second SPI value for replacing the first SPI value based on a trigger event relating to at least one of a real-time security score of the in-bound security association, a number of security associations assigned to a compute resource that the in-bound security resource is assigned to, an amount of load managed by the compute resource that the in-bound security resource is assigned to, and an indication received from an administrator.

公开(公告)号：US20230239274A1

公开(公告)日：2023-07-27

申请号：US17715993

申请日：2022-04-08

Applicant: VMWARE, INC.

Inventor： YONG WANG ,  AWAN KUMAR SHARMA ,  ABHISHEK GOLIYA ,  XINHUA HONG ,  BHARGAV PUVVADA

IPC: H04L9/40 ,  H04L12/66 ,  H04L61/2592

CPC classification number: H04L63/0272 ,  H04L63/0485 ,  H04L12/66 ,  H04L61/2592

Abstract: Described herein are systems, methods, and software to manage secure tunnel communications in multi-edge gateway computing environments. In one implementation, a control system identifies an edge gateway from a plurality of edge gateways to support a private network tunnel. The control system further identifies addressing attributes associated with communications directed over the private network tunnel and configures the plurality of edge gateways to forward packets associated with the addressing attributes to the identified edge gateway, wherein the edge gateway can process and forward the packets over the private network tunnel.

公开(公告)号：US20230028529A1

公开(公告)日：2023-01-26

申请号：US17467479

申请日：2021-09-07

Applicant: Vmware, Inc.

Inventor： BHARGAV PUVVADA ,  SOURSBH BHATTACHARYA, ,  Awan Kumar Sharma

IPC: H04L12/721 ,  H04L12/745 ,  H04L12/46 ,  H04L12/715

Abstract: Described herein are systems, methods, and software to manage processing queue allocation based on addressing attributes of an inner packet. In one implementation, a first gateway identifies processing queues at a second gateway and assigns a unique flow label to each of the processing queues. The first gateway further receives a packet from a computing node that is directed toward the second gateway. The first gateway hashes addressing information in the packet to select a flow label, encapsulates the packet with the flow label in the outer encapsulation header for the encapsulated packet, and forwards the packet toward the second gateway.