Dynamic grouping of network segments for forwarding data message flows from machines of network segment groups to an external network through different edge forwarding elements
Granted: January 28, 2025
Patent Number:
12212494
Some embodiments provide a novel method for dynamically deploying gateways for a first network connecting machines. The first network includes segments, routers, and a first gateway that connects to an external network. The method identifies a set of two or more segments that consumes more than a threshold amount of bandwidth of the first gateway. The identified set includes at least first and second segments. The method identifies one or more segment groups by aggregating two or more…
Bootstrapping an encrypted single node VSAN cluster
Granted: January 28, 2025
Patent Number:
12212474
The present disclosure relates to bootstrapping an encrypted single node VSAN cluster. One method includes receiving a request to create an encrypted VSAN cluster from a single host in a software-defined datacenter, deploying a virtual server on a VSAN datastore of the software-defined datacenter, registering a native key provider (NKP) in the virtual server, creating an empty VSAN cluster encrypted by the NKP, adding the single host to the encrypted empty cluster to create a one-host…
Providing access to datacenter resources in a scalable manner
Granted: January 21, 2025
Patent Number:
12206670
Some embodiments provide a method for providing access in a scalable manner to resources in a first datacenter to clients operating in one or more public clouds. The method of some embodiments implements with multiple machines a public-cloud proxy to connect clients in the public cloud(s) to a reverse proxy in the first datacenter. For instance, in response to a request to access a first resource in the first datacenter from a first client executing outside of the first datacenter, the…
Security aware load balancing for a global server load balancing system
Granted: January 14, 2025
Patent Number:
12200008
The method of some embodiments assigns a client to a particular datacenter from among multiple datacenters. The method is performed at a first datacenter, starting when it receives security data associated with a second datacenter. Then the method receives a DNS request from the client. Based on the received security data, the method sends a DNS reply assigning the client to the particular datacenter instead of the second datacenter. The receiving and sending is performed by a DNS…
Noisy neighbor in a cloud multitenant system
Granted: January 14, 2025
Patent Number:
12199879
A noisy neighbor in a cloud multitenant system can present resource governance issues. Usage quotas can be applied, and traffic can be throttled to mitigate the problem. Network traffic can be monitored from routers of a software defined data center (SDDC) configured to process network traffic for machines of different tenants. By default, the network traffic from the routers can be processed via a first edge router for the SDDC. A second edge router can be deployed for the SDDC in…
Network controller as a service (NCaaS) to define network policies for third-party container clusters
Granted: January 14, 2025
Patent Number:
12199833
Some embodiments provide a method for using a first SDN controller as a Network Controller as a Service (NCaaS). The first SDN controller receives a first set of network attributes regarding network elements in a first container cluster configured by a second SDN controller, and a second set of network attributes regarding network elements in a second container cluster configured by a third SDN controller. These container clusters do not have a controller for defining particular network…
Template driven approach to deploy a multi-segmented application in an SDDC
Granted: January 14, 2025
Patent Number:
12197971
Some embodiments of the invention provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as…
Provisioning DPU management operating systems
Granted: January 14, 2025
Patent Number:
12197939
Disclosed are various examples of provisioning a data processing unit (DPU) management operating system (OS). A management hypervisor installer executed on a host device launches or causes a server component to provide a management operating system (OS) installer image at a particular URI accessible over a network internal to the host device. A baseboard management controller (BMC) transfers the DPU management OS installer image to the DPU device. A volatile memory based virtual disk is…
Migrating virtual machines in cluster memory systems
Granted: January 14, 2025
Patent Number:
12197935
Disclosed are various embodiments for optimizing the migration of pages of memory servers in cluster memory systems. To begin, a computing device can mark in a page table of the computing device that a page stored on a first memory host is not present. Then, the computing device can flush a translation lookaside buffer of the computing device. Next, the computing device can copy the page from the first memory host to a second memory host. Moving on, the computing device can update a page…
Configuring pNIC to perform flow processing offload using virtual port identifiers
Granted: January 7, 2025
Patent Number:
12192116
Some embodiments of the invention provide a method for configuring a physical network card or physical network controller (pNIC) to provide flow processing offload (FPO) for a host computer connected to the pNIC. The host computers host a set of compute nodes in a virtual network. The set of compute nodes are each associated with a set of interfaces that are each assigned a locally-unique virtual port identifier (VPID) by a flow processing and action generator. The pNIC includes a set of…
Virtualized QoS support in software defined networks
Granted: January 7, 2025
Patent Number:
12192109
A network system that implements quality of service (QoS) by rate limiting at a logical network entity is provided. The logical network entity includes multiple transport nodes for transporting network traffic in and out of the logical network entity. The system monitors traffic loads of the multiple transport nodes of the logical network entity. The system allocates a local CR and a local BS to each of the multiple transport nodes. The allocated local CR and the local BS are determined…
Scaling for split-networking datapath
Granted: January 7, 2025
Patent Number:
12192051
Some embodiments of the invention provide a method for implementing an edge device that handles data traffic between a logical network and an external network. The method monitors resource usage of a node pool that includes multiple nodes that each executes a respective set of pods. Each of the pods is for performing a respective set of data message processing operations for at least one of multiple logical routers. The method determines that a particular node in the node pool has…
Scheduling workloads in a container orchestrator of a virtualized computer system
Granted: January 7, 2025
Patent Number:
12190140
An example method of scheduling a workload in a virtualized computing system including a host cluster having a virtualization layer directly executing on hardware platforms of hosts is described. The virtualization layer supports execution of virtual machines (VMs) and is integrated with an orchestration control plane. The method includes: receiving, at the orchestration control plane, a workload specification for the workload; selecting, at the orchestration control plane, a plurality…
Remote provisioning of hosts in public clouds
Granted: January 7, 2025
Patent Number:
12190122
Examples provide for automatically provisioning hosts in a cloud environment. A cloud daemon generates a cloud host-state configuration, for a given cloud instance of a host, stored on a cloud metadata service prior to first boot of the given cloud instance of the host. A first boot of a plurality of cloud instances of hosts is performed using a stateless, master boot image lacking host-specific configuration data. On completion of the first boot of a given cloud instance of a host, the…
Distribution of bootstrap management for application monitoring
Granted: January 7, 2025
Patent Number:
12190121
The present invention is a highly available system comprising a system to send a plurality of bootstrap requests, at least one cloud proxy fit to receive the plurality of bootstrap requests, wherein each instance of the at least one cloud proxy is coupled with an adapter, and at least one host fit to communicate with one of the at least one cloud proxy.
Secure offloaded data transfer
Granted: January 7, 2025
Patent Number:
12189750
The disclosure provides an approach for secure offloaded data transfer. Embodiments include receiving, by a security component on a client device, from a storage system connected to the client device, a token associated with a data read request corresponding to a source file on the storage system. Embodiments include determining, by the security component, that the source file is trusted. Embodiments include generating, by the security component, an entry in a trusted token cache based…
Two-level logical to physical mapping mechanism in a log-structured file system
Granted: January 7, 2025
Patent Number:
12189574
Example methods and systems for accessing data in a log-structured file system having a plurality of snapshots of storage objects backed by a first-level copy-on-write (COW) B+ tree data structure and a plurality of second-level B+ tree data structures have been disclosed. One example method includes obtaining a first first-level mapping associated with a first snapshot from the plurality of snapshots based on a first logical block address, wherein each of the plurality of snapshots…
Mapping VLAN of container network to logical network in hypervisor to support flexible IPAM and routing container traffic
Granted: December 31, 2024
Patent Number:
12184450
Some embodiments of the invention provide a method for adding routable subnets to a logical network that connects multiple machines and is implemented by a software defined network (SDN). The method receives an intent-based API that includes a request to add a routable subnet to the logical network. The method defines (i) a VLAN (virtual local area network) tag associated with the routable subnet, (ii) a first identifier associated with a first logical switch to which at least a first…
Explicit congestion notification in a virtual environment
Granted: December 31, 2024
Patent Number:
12184557
Some embodiments provide a method of reducing network congestion in a virtual network. The method, at a first CFE of the virtual network, receives multiple encapsulated data packets of a data stream. The encapsulated data packets having been encapsulated by a second CFE, operating on a server of the virtual network. The second CFE identifies a load percentage of the server, sets explicit congestion notification (ECN) bits on a percentage of the data packets based on the load percentage…
Framework for providing health status data
Granted: December 31, 2024
Patent Number:
12184521
Some embodiments provide a method for a health monitoring service that monitors a system with a set of services executing across a set of one or more datacenters. For each of multiple services monitored by the health monitoring service, the method (1) contacts an API exposed by the service to provide health monitoring data for the service and (2) receives health monitoring data for the service that provides, for each of multiple aspects of the service, (i) a status and (ii) an…
