公开(公告)号：US20230216804A1

公开(公告)日：2023-07-06

申请号：US18088555

申请日：2022-12-24

Applicant: VMware, Inc.

Inventor： Eyal Zohar ,  Alex Markuze ,  Igor Golikov ,  Israel Cidon

IPC: H04L47/34 ,  H04L45/121 ,  H04L45/42 ,  H04L45/00

CPC classification number: H04L47/34 ,  H04L45/121 ,  H04L45/42 ,  H04L45/566

Abstract: The method, in some embodiments, aggregates duplicate transmission control protocol (TCP) packets of a data stream duplicated and sent over disjoint routing paths. Each duplicate pair of packets includes a packet sequence number unique to that duplicate pair. The method iteratively (1) generates a window of packet sequence numbers for the data stream starting with a lowest packet sequence number, of the data stream, that has not been received, (2) receives a TCP packet sent over one of a first routing path and a second, disjoint routing path. If the packet sequence number of the received TCP packet is outside the window or is a duplicate of a previously received TCP packet, the method drops the received TCP packet. If the packet sequence number of the received TCP packet is within the window and is not a duplicate of a previously received TCP packet, the method stores the received packet.

公开(公告)号：US20230179521A1

公开(公告)日：2023-06-08

申请号：US18102689

申请日：2023-01-28

Applicant: VMware, Inc.

Inventor： Alex Markuze ,  Chen Dar ,  Aran Bergman ,  Igor Golikov ,  Israel Cidon ,  Eyal Zohar

IPC: H04L45/74 ,  H04L45/00 ,  H04L45/42

CPC classification number: H04L45/74 ,  H04L45/20 ,  H04L45/38 ,  H04L45/42

Abstract: In a novel tunnel-less SD-WAN, when an ingress node of the SD-WAN receives a new packet flow, it identifies the path of the flow through the SD-WAN, and sends an initial prepended set of SD-WAN header values before the first packet for the flow to the next hop along this identified path, rather than encapsulating each packet of the flow with encapsulating tunnel headers that store SD-WAN next hop data for the flow. The prepended set of SD-WAN header values are then used to not only forward the first packet through the SD-WAN, but also to create records at each subsequent hop, which are then used to forward subsequent packets of the flow through the SD-WAN. Instead of identifying the entire packet flow, the first hop in the SD-WAN does not identify the entire path for the packet flow in some embodiments, but just identifies the next hop, as each subsequent hop in the SD-WAN has the task of identifying the next hop through the SD-WAN for the packet flow. Also, in some embodiments, each hop also creates records for the reverse flow in order to automatically forward reply packets along a reverse route.

公开(公告)号：US20230179406A1

公开(公告)日：2023-06-08

申请号：US17543513

申请日：2021-12-06

Applicant: VMware, Inc.

Inventor： Avishay Yanai ,  Alex Markuze ,  Igor Golikov

IPC: H04L9/08

CPC classification number: H04L9/085 ,  H04L9/0869

Abstract: Techniques for implementing distributed registration and authentication (i.e., the collaborative processing of client registration and authentication requests by multiple nodes in a computing system) via threshold secret sharing are provided. A threshold secret sharing scheme is a cryptographic method for sharing a secret among N parties in a manner that requires at least T+1 of the N parties to cooperate in order to reconstruct/reveal the secret, where T is some threshold value less than N. By leveraging threshold secret sharing, these techniques enable a group of N nodes to efficiently implement distributed registration and authentication in a correct, secure, and privacy-preserving fashion, even if up to T of the N nodes are corrupted by an adversary.

公开(公告)号：US11606225B2

公开(公告)日：2023-03-14

申请号：US17233427

申请日：2021-04-16

Applicant: VMware, Inc.

Inventor： Israel Cidon ,  Prashanth Venugopal ,  Aran Bergman ,  Chen Dar ,  Alex Markuze ,  Eyal Zohar

IPC: H04L12/46 ,  H04L43/065 ,  H04L41/22 ,  H04L45/12 ,  H04L43/08 ,  H04L41/0896 ,  H04L61/4511 ,  H04L61/4541 ,  H04L41/0893 ,  H04L61/2517 ,  H04L61/2514 ,  H04L43/0829 ,  H04L43/0852 ,  H04L101/668

Abstract: Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

公开(公告)号：US11363124B2

公开(公告)日：2022-06-14

申请号：US17085916

申请日：2020-10-30

Applicant: VMware, Inc.

Inventor： Alex Markuze ,  Chen Dar ,  Aran Bergman ,  Igor Golikov ,  Israel Cidon ,  Eyal Zohar

IPC: H04L69/16 ,  H04L49/90 ,  H04L47/30 ,  H04L47/193

Abstract: Some embodiments provide a novel method for splicing Transmission Control Protocol (TCP) sockets on a computing device that processes a kernel of an operating system. The method receives a set of packets at a first TCP socket of the kernel. The method stores the set of packets at a kernel memory location sends the set of packets directly from the kernel memory location out through a second TCP socket of the kernel.

公开(公告)号：US11252106B2

公开(公告)日：2022-02-15

申请号：US16662570

申请日：2019-10-24

Applicant: VMware, Inc.

Inventor： Israel Cidon ,  Prashanth Venugopal ,  Aran Bergman ,  Chen Dar ,  Alex Markuze ,  Eyal Zohar

IPC: H04L12/931 ,  H04L12/947 ,  H04L12/721 ,  H04L12/717 ,  H04L29/08 ,  H04L12/26 ,  H04L12/46 ,  H04L12/66 ,  H04L12/24 ,  H04L12/723 ,  H04L12/707 ,  H04L29/12 ,  H04L12/911 ,  H04L12/70

Abstract: A method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

公开(公告)号：US11102032B2

公开(公告)日：2021-08-24

申请号：US15972088

申请日：2018-05-04

Applicant: VMware, Inc.

Inventor： Israel Cidon ,  Chen Dar ,  Prashanth Venugopal ,  Eyal Zohar ,  Alex Markuze ,  Aran Bergman

IPC: H04L12/715 ,  H04L12/46 ,  H04L29/08 ,  H04L12/14 ,  H04L12/28 ,  H04L29/12 ,  H04L12/24 ,  H04M15/00 ,  H04L29/06 ,  H04L12/721 ,  H04L12/741 ,  H04L12/26

Abstract: Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

公开(公告)号：US20210067468A1

公开(公告)日：2021-03-04

申请号：US16662570

申请日：2019-10-24

Applicant: VMware, Inc.

Inventor： Israel Cidon ,  Prashanth Venugopal ,  Aran Bergman ,  Chen Dar ,  Alex Markuze ,  Eyal Zohar

IPC: H04L12/931 ,  H04L12/947 ,  H04L29/08 ,  H04L12/717 ,  H04L12/721

Abstract: Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

公开(公告)号：US20210067464A1

公开(公告)日：2021-03-04

申请号：US16662510

申请日：2019-10-24

Applicant: VMware, Inc.

Inventor： Israel Cidon ,  Prashanth Venugopal ,  Aran Bergman ,  Chen Dar ,  Alex Markuze ,  Eyal Zohar

IPC: H04L12/947 ,  H04L12/931 ,  H04L12/717 ,  H04L29/08 ,  H04L12/26

Abstract: Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

公开(公告)号：US20210067375A1

公开(公告)日：2021-03-04

申请号：US16662587

申请日：2019-10-24

Applicant: VMware, Inc.

Inventor： Israel Cidon ,  Prashanth Venugopal ,  Aran Bergman ,  Chen Dar ,  Alex Markuze ,  Eyal Zohar

IPC: H04L12/46 ,  H04L29/08 ,  H04L12/24

Abstract: Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.