公开(公告)号：US12088512B2

公开(公告)日：2024-09-10

申请号：US17208608

申请日：2021-03-22

申请人： VMware LLC

发明人： Jia Yu ,  Yong Wang ,  Xinhua Hong ,  Wenyi Jiang ,  Guolin Yang ,  Dexiang Wang

IPC分类号： H04L49/9057 ,  H04L12/66 ,  H04L45/64 ,  H04L69/166 ,  H04L69/22

CPC分类号： H04L49/9057 ,  H04L12/66 ,  H04L45/64 ,  H04L69/166 ,  H04L69/22 ,  H04L2212/00

摘要： In some embodiments, a method fragments a first packet into a plurality of fragments when a length of an encapsulated first packet is larger than a maximum transmission unit size. For each fragment in the plurality of fragments, fragmentation information is generated. The method encapsulates each fragment in the plurality of fragments with an outer header to form a plurality of encapsulated packets. The respective fragmentation information for each fragment is inserted in a portion of the outer header that is processed by endpoints of an overlay tunnel and not processed by a device along a path of the overlay tunnel. The plurality of encapsulated packets are sent via the overlay tunnel.

公开(公告)号：US11902264B2

公开(公告)日：2024-02-13

申请号：US17016596

申请日：2020-09-10

申请人： VMware LLC

发明人： Yong Wang ,  Todd Sabin ,  Weiqing Wu ,  Awan Kumar Sharma ,  Jia Yu

IPC分类号： H04L9/40 ,  H04L43/0829 ,  H04L43/0864 ,  H04L61/2592 ,  H04L61/2578 ,  H04L61/2517 ,  H04L61/2514 ,  H04L101/663

CPC分类号： H04L63/0485 ,  H04L43/0829 ,  H04L43/0864 ,  H04L61/2514 ,  H04L61/2517 ,  H04L61/2578 ,  H04L61/2592 ,  H04L63/029 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/164 ,  H04L63/18 ,  H04L63/061 ,  H04L2101/663

摘要： A method for selecting between a plurality of paths for sending an encrypted packet from a source endpoint to a destination endpoint is provided. The method selects a first path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, each of the plurality of paths associated with a different one of a plurality of source ports, the encrypted packet being encrypted based on a security association established between the source endpoint and the destination endpoint in accordance with an IPSec protocol. The method further encapsulates, based on the SA having NAT-T enabled, the encrypted packet with a UDP header having a first source port associated with the first path. The method then transmits the encapsulated encrypted packet from the source endpoint to the destination endpoint via the first path.

公开(公告)号：US11909558B2

公开(公告)日：2024-02-20

申请号：US17880899

申请日：2022-08-04

申请人： VMware LLC

发明人： Dexiang Wang ,  Jia Yu ,  Jayant Jain ,  Mike Parsa ,  Haihua Luo

IPC分类号： H04L12/18 ,  H04L12/66 ,  H04L9/40 ,  H04L45/24 ,  H04L49/25

CPC分类号： H04L12/66 ,  H04L45/24 ,  H04L49/25 ,  H04L63/0254

摘要： Some embodiments of the invention provide novel methods for providing a stateful service at a network edge device (e.g., an NSX edge) that has a plurality of north-facing interfaces (e.g., interfaces to an external network) and a plurality of corresponding south-facing interfaces (e.g., interfaces to a logical network). A set of interfaces on each side of the network edge device for a set of equal cost paths, in some embodiments, are bonded together in the network edge device to correspond to a single interface on either side of a logical bridge including at least one logical switch providing a stateful service implemented by the network edge device. The bond is implemented, in some embodiments, by a bonding module executing on the network edge device that maintains a mapping between ingress and egress interfaces to allow deterministic forwarding through the network edge device in the presence of bonded interfaces.

公开(公告)号：US11902164B2

公开(公告)日：2024-02-13

申请号：US17694586

申请日：2022-03-14

申请人： VMware, LLC

发明人： Yong Wang ,  Jia Yu ,  David Leroy

IPC分类号： H04L47/125 ,  H04L9/40

CPC分类号： H04L47/125 ,  H04L63/0272 ,  H04L63/164

摘要： In an embodiment, a computer-implemented method for using virtual tunnel interface teaming to achieve load balance and redundancy in virtual private networks (“VPNs”) is disclosed. In an embodiment, a method comprises: receiving, by a gateway, configuration data from a control plane; based on the configuration data, configuring on the gateway a bonded virtual tunnel interface (“bonded VTI”) having a plurality of slave virtual tunnel interfaces (“slave VTIs”); configuring a plurality of VPN tunnels between the plurality of slave VTIs configured on the gateway and a plurality of slave VTIs configured on a remote gateway; configuring an IPsec VPN tunnel between the bonded VTI configured on the gateway and a corresponding bonded VTI configured on the remote gateway; logically combining the plurality of VPN tunnels into the IPsec VPN tunnel; and enabling communications of IPsec VPN traffic via the IPsec VPN tunnel.