公开(公告)号：US11483284B2

公开(公告)日：2022-10-25

申请号：US16436930

申请日：2019-06-11

申请人： VMWARE, INC.

发明人： Abhijit Sharma ,  Prahalad Deshpande ,  Atul Jadhav ,  Nikhil Bhalerao ,  Shashank Ranjan

IPC分类号： H04L9/40 ,  H04L43/08 ,  H04L41/0806

摘要： The present disclosure provides an approach for generating one or more firewall rules to regulate communication between containerized services running within containers. The approach includes determining which services communicate with each other, independently of in which containers the services execute. The determining occurs over a period of time. If two services communicated with each other during the period of time, then the firewall allows the services to continue communicating, but only over the same ports as used during the period of time. If two services did not communicate during the period of time, then the firewall does not allow the services to communicate after the expiration of the period of time. In some embodiments, redetermining the communication flow over a new period of time may occur after the initial period of time so as to refresh the firewall rules.

公开(公告)号：US11477089B2

公开(公告)日：2022-10-18

申请号：US17172123

申请日：2021-02-10

申请人： VMWARE, INC.

发明人： Amol Manohar Vaikar ,  Avinash Nigam ,  Prahalad Deshpande ,  Ambarish Pande

IPC分类号： G06F15/173 ,  H04L41/12 ,  H04L41/083 ,  H04L43/065 ,  H04L41/5041 ,  H04L41/08 ,  H04L41/082 ,  H04L41/0823 ,  H04L41/0893

摘要： The disclosure provides an approach for service deployment. Embodiments include receiving an indication of user intent for deployment of one or more services in a network from a user that is not an administrator of the network, wherein the indication of the user intent comprises a domain specific language (DSL). Embodiments include parsing the indication of the user intent to determine one or more constraints for deploying the one or more services. Embodiments include receiving topology information for the network, wherein the topology information comprises associations between racks and machines in the network. Embodiments include receiving network performance information for the network. Embodiments include determining one or more deployment rules for the one or more services based on the one or more constraints, the topology information, and the network performance information. Embodiments include deploying the one or more services in the network based on the one or more deployment rules.

公开(公告)号：US11424990B2

公开(公告)日：2022-08-23

申请号：US16939141

申请日：2020-07-27

申请人： VMWARE, INC.

发明人： Ravi Singhal ,  Prahalad Deshpande ,  Avinash Nigam ,  Abhijit Sharma ,  Somil Bhandari ,  Amarjit Gupta ,  Ambarish Pande

IPC分类号： H04L12/24 ,  H04L29/08 ,  G06F3/00 ,  H04L41/12 ,  H04L61/5038

摘要： A system and method for topology construction in hybrid cloud environments includes receiving connection information from a local perimeter edge router of a local network that has a known topology and receiving connection information from a remote perimeter edge router of a remote network that is provided by a cloud provider. The received local perimeter edge router connection information is associated with the received remote perimeter edge router connection information. The associated connection information is normalized to a generic model, the generic model representing connections having different link layer policies in a generic way and the normalized connection information is applied to a network topology of the local network and the remote network.

公开(公告)号：US11343231B2

公开(公告)日：2022-05-24

申请号：US16547634

申请日：2019-08-22

申请人： VMWARE, INC.

发明人： Prahalad Deshpande ,  Nikhil Bhalerao ,  Atul Jadhav ,  Abhijit Sharma ,  Shashank Ranjan

IPC分类号： H04L29/06

摘要： The present disclosure provides an approach for creating one or more firewall rules to regulate communication between containers. The approach includes calculating a trust score for each container. To generate a rule for any two containers, a difference between the trust scores is computed, and if the difference in trust levels is too large, then the more trustworthy container is not allowed to communicate with the less trustworthy container. If the difference in trust scores is not too large, then the trustworthy container is allowed to communicate with the other trustworthy container, or an untrustworthy container is allowed to communicate with another untrustworthy container.

公开(公告)号：US20230022134A1

公开(公告)日：2023-01-26

申请号：US17474082

申请日：2021-09-14

申请人： VMWARE, INC.

发明人： Shriya Talwar ,  Prahalad Deshpande ,  Ambarish Prashant Pande ,  Devraj Narendra Baheti

IPC分类号： H04L29/06 ,  G06F9/455

摘要： This document describes a network policy evaluation platform that evaluates, validates, and troubleshoots network policy configurations. In one aspect, a method includes obtaining a first network policy applied by a container orchestration platform for managing network traffic for a cluster of container workloads. First network rules are extracted from the first network policy. A canonical rule model is generated for the first network rule(s). A second network policy applied by a network provider plugin configured to run within the cluster and to manage the network traffic for the cluster of container workloads is obtained. Second network rules are extracted from the second network policy. A canonical rule model is generated for the one or more second network rules. One or more conflicts between the first network policy and the second network policy are detected based on an evaluation of each first canonical rule model and each second canonical rule model.

公开(公告)号：US11546245B2

公开(公告)日：2023-01-03

申请号：US16996945

申请日：2020-08-19

申请人： VMWARE, INC.

发明人： Ambarish Pande ,  Prahalad Deshpande

IPC分类号： H04L45/02 ,  H04L12/46

摘要： A system and method for data route discovery through cross-connection tunnels uses routing configurations from a local edge router in a private cloud that include learnt and advertised subnets, as well as cross-connection tunnels for the learnt and advertised subnets, to populate a public cloud table of public cloud learnt subnets and a public cloud table of public cloud advertised subnets. The public cloud tables of public cloud learnt subnets and public cloud advertised subnets are applied to discover data routes through the cross-connection tunnels of the hybrid cloud environment.

公开(公告)号：US20210006543A1

公开(公告)日：2021-01-07

申请号：US16547634

申请日：2019-08-22

申请人： VMWARE, INC.

发明人： Prahalad Deshpande ,  Nikhil Bhalerao ,  Atul Jadhav ,  Abhijit Sharma ,  Shashank Ranjan

IPC分类号： H04L29/06

摘要： The present disclosure provides an approach for creating one or more firewall rules to regulate communication between containers. The approach includes calculating a trust score for each container. To generate a rule for any two containers, a difference between the trust scores is computed, and if the difference in trust levels is too large, then the more trustworthy container is not allowed to communicate with the less trustworthy container. If the difference in trust scores is not too large, then the trustworthy container is allowed to communicate with the other trustworthy container, or an untrustworthy container is allowed to communicate with another untrustworthy container.