-
公开(公告)号:US20240348704A1
公开(公告)日:2024-10-17
申请号:US18750943
申请日:2024-06-21
申请人: Nicira, Inc.
发明人: Madhusudhan Ravi , Wilson Wang , Rajeev Nair
IPC分类号: H04L69/16 , H04L45/00 , H04L45/302 , H04L45/745 , H04L47/125
CPC分类号: H04L69/162 , H04L45/306 , H04L45/54 , H04L45/745 , H04L47/125
摘要: A method of selecting an egress interface for a source process running on an electronic device is provided. The device implements a TCP/IP stack utilized by a plurality of applications for sending network packets. The method receives a packet from a particular application in the plurality of applications to send to a network destination over a socket tagged with an identifier of the particular application. The method compares the socket tag with a set of network egress interface tags. Each network egress interface tag is associated with a network egress interface in a plurality of network egress interfaces. Each network egress interface tag includes the identifier of an application that utilizes the network egress interface. The method selects a network egress interface with a tag that matches the socket tag. The method sends the packet to the network destination through the selected network egress interface.
-
公开(公告)号:US12093406B2
公开(公告)日:2024-09-17
申请号:US17669344
申请日:2022-02-10
申请人: Nicira, Inc.
发明人: Kiran Kumar Thota , Azeem Feroz , James C. Wiese
CPC分类号: G06F21/602 , G06F9/45558 , G06F9/542 , G06F21/56 , G06F21/568 , G06F21/6236 , G09C1/00 , H04L9/14 , H04L63/0428 , H04L63/123 , H04L63/1408 , H04L63/1441 , G06F2009/45587 , G06F2221/034 , H04L2209/24
摘要: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.
-
公开(公告)号:US12081419B2
公开(公告)日:2024-09-03
申请号:US18227302
申请日:2023-07-28
申请人: Nicira, Inc.
发明人: Alok S. Tiagi , Jayant Jain , Anirban Sengupta , Srinivas Nimmagadda , Rick Lund
IPC分类号: H04L43/04 , H04L43/08 , H04L67/02 , H04L67/1001 , H04L69/22 , H04L41/5009
CPC分类号: H04L43/04 , H04L43/08 , H04L67/02 , H04L67/1001 , H04L69/22 , H04L41/5009
摘要: A method of collecting health check metrics for a network is provided. The method, at a deep packet inspector on a physical host in a datacenter, receives a copy of a network packet from a load balancer. The packet includes a plurality of layers. Each layer corresponds to a communication protocol in a plurality of communication protocols. The method identifies an application referenced in the packet. The method analyzes the information in one or more layers of the packet to determine metrics for the source application. The method sends the determined metrics to the load balancer.
-
公开(公告)号:US12073241B2
公开(公告)日:2024-08-27
申请号:US17902881
申请日:2022-09-04
申请人: Nicira, Inc.
发明人: Jianjun Shen , Alexander Tessmer , Mukesh Hira , Pankaj Thakkar , Hua Wang
IPC分类号: G06F9/455 , H04L12/46 , H04L45/00 , H04L45/74 , H04L47/70 , H04L49/00 , H04L101/00 , H04L101/622 , H04L101/677
CPC分类号: G06F9/45558 , H04L12/4633 , H04L45/72 , H04L45/74 , H04L47/825 , H04L49/70 , G06F2009/45595 , H04L2101/00 , H04L2101/622 , H04L2101/677
摘要: Some embodiments provide a method for a managed forwarding element (MFE). At the MFE, the method receives a first packet from a particular tunnel endpoint. The first packet originates from a particular data compute node associated with multiple tunnel endpoints including the particular tunnel endpoint. Based on the first packet, the method stores an association of the particular tunnel endpoint with the particular data compute node. The method uses the stored association to encapsulate subsequent packets received at the MFE and having the particular data compute node as a destination address with the particular tunnel endpoint as a destination tunnel endpoint.
-
公开(公告)号:US12058041B2
公开(公告)日:2024-08-06
申请号:US18117047
申请日:2023-03-03
申请人: Nicira, Inc.
IPC分类号: H04L45/42 , H04L45/64 , H04L45/28 , H04L49/00 , H04L49/354
CPC分类号: H04L45/42 , H04L45/64 , H04L45/28 , H04L49/354 , H04L49/70
摘要: Some embodiments provide a method for configuring a logical router that interfaces with an external network. The method receives a configuration for a logical network that includes a logical router with several interfaces that connect to at least one physical router external to the logical network. The method selects a separate host machine to host a centralized routing component for each of the interfaces. The method selects a particular one of the host machines for operating a dynamic routing protocol control plane that receives routing protocol data from each of the centralized routing components and updates routing tables of each of the centralized routing components.
-
公开(公告)号:US12021952B2
公开(公告)日:2024-06-25
申请号:US17952318
申请日:2022-09-26
申请人: Nicira, Inc.
发明人: Madhusudhan Ravi , Wilson Wang , Rajeev Nair
IPC分类号: H04L45/74 , H04L45/00 , H04L45/302 , H04L69/16 , H04L45/745 , H04L47/125
CPC分类号: H04L69/162 , H04L45/306 , H04L45/54 , H04L45/745 , H04L47/125
摘要: A method of selecting an egress interface for a source process running on an electronic device is provided. The device implements a TCP/IP stack utilized by a plurality of applications for sending network packets. The method receives a packet from a particular application in the plurality of applications to send to a network destination over a socket tagged with an identifier of the particular application. The method compares the socket tag with a set of network egress interface tags. Each network egress interface tag is associated with a network egress interface in a plurality of network egress interfaces. Each network egress interface tag includes the identifier of an application that utilizes the network egress interface. The method selects a network egress interface with a tag that matches the socket tag. The method sends the packet to the network destination through the selected network egress interface.
-
公开(公告)号:US20240179107A1
公开(公告)日:2024-05-30
申请号:US18431813
申请日:2024-02-02
申请人: Nicira, Inc.
IPC分类号: H04L49/00 , H04L12/46 , H04L41/0803 , H04L45/00 , H04L45/64
CPC分类号: H04L49/70 , H04L12/4633 , H04L41/0803 , H04L45/34 , H04L45/64 , H04L49/30 , H04L45/38
摘要: Described herein are systems, methods, and software to enhance network traffic management. In one implementation, a first host identifies a packet to be transferred from a first virtual machine on the first host to a second virtual machine on a second host. In response to identifying the packet, the first host identifies a source logical port for the first virtual machine, and transferring a communication to the second host, wherein the communication encapsulates the data packet and the source logical port. Once the packet is received by the second host, the second host may use the source logical port to determine a forwarding action for the packet.
-
8.
公开(公告)号:US20240179022A1
公开(公告)日:2024-05-30
申请号:US18433572
申请日:2024-02-06
申请人: Nicira, Inc.
发明人: Alexander Tessmer , Mukesh Hira , Rajiv Krishnamurthy , Ram Dular Singh , Xuan Zhang , Hua Wang
CPC分类号: H04L12/18 , H04L12/4641
摘要: A novel method for performing replication of messages in a network that bridges one or more physical networks to an overlay logical network is provided. A physical gateway provides bridging between network nodes of a physical network and virtual machines in the overlay logical network by serving as an endpoint of the overlay logical network. The physical gateway does not replicate messages from the bridged physical network to destination endpoints in the overlay logical network directly, but instead tunnels the message-to-be-replicated to a designated tunnel endpoint in the overlay logical network. The designated tunnel endpoint in turn replicates the message that was tunneled to it to other endpoints in the overlay logical network.
-
公开(公告)号:US20240048408A1
公开(公告)日:2024-02-08
申请号:US18382311
申请日:2023-10-20
申请人: Nicira, Inc.
发明人: Ajit Ramachandra Mayya , Parag Pritam Thakore , Stephen Craig Connors , Steven Michael Woo , Sunil Mukundan , Thomas Harold Speeter , Vipin Kumar
IPC分类号: H04L12/66 , H04L41/5041 , H04L41/50 , H04L43/0894 , H04L45/02 , H04L47/24 , H04L69/325
CPC分类号: H04L12/66 , H04L41/5041 , H04L41/5096 , H04L43/0894 , H04L45/04 , H04L47/24 , H04L69/325 , H04L45/02 , H04L2012/4629
摘要: In one aspect, A computerized method of a gateway distributing routes learned through routing protocols (RP) into a Border Gateway Protocol (BGP) includes the step of providing a first gateway that receives a route over a routing protocol. The method includes the step of with the first gateway, redistributing the route to one or more peer routers as a BGP route based on one or more specified criteria. The method includes the step of setting a gateway precedence based on the redistribution of the route to the one or more peer routers as the BGP route. The method includes the step of, based on the gateway precedence, setting a second, gateway to automatically redistribute the route with different priorities to influence steering of traffic to a preferred gateway,
-
公开(公告)号:US20240031458A1
公开(公告)日:2024-01-25
申请号:US18372201
申请日:2023-09-25
申请人: Nicira, Inc.
IPC分类号: H04L69/22 , H04L49/00 , H04L45/00 , H04L45/745 , H04L45/48
CPC分类号: H04L69/22 , H04L49/3009 , H04L45/72 , H04L45/745 , H04L45/48 , H04L47/2441
摘要: A novel algorithm for packet classification that is based on a novel search structure for packet classification rules is provided. Addresses from all the containers are merged and maintained in a single Trie. Each entry in the Trie has additional information that can be traced back to the container from where the address originated. This information is used to keep the Trie in sync with the containers when the container definition dynamically changes.
-
-
-
-
-
-
-
-
-