Tagging packets for monitoring and analysis
Granted: March 18, 2025
Patent Number:
12255792
Some embodiments provide a method for performing data traffic monitoring. The method processes a packet through a packet processing pipeline that includes multiple stages. At a filtering stage, the method tags the packet with a set of monitoring actions for subsequent stages to perform on the packet based on a determination that the packet matches a particular filter. For each stage of a set of packet processing stages subsequent to the filtering stage, the method (i) executes any…
Placing virtual graphics processing unit (GPU)-configured virtual machines on physical GPUs supporting multiple virtual GPU profiles
Granted: March 18, 2025
Patent Number:
12254342
In one set of embodiments, a computer system can receive a request to provision a virtual machine (VM) in a host cluster, where the VM is associated with a virtual graphics processing unit (GPU) profile indicating a desired or required framebuffer memory size of a virtual GPU of the VM. In response, the computer system can execute an algorithm that identifies, from among a plurality of physical GPUs installed in the host cluster, a physical GPU on which the VM may be placed, where the…
Providing services with guest VM mobility
Granted: March 18, 2025
Patent Number:
12254340
Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (I) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to…
Endpoint incident response from a secure enclave through dynamic insertion of an interrupt
Granted: March 18, 2025
Patent Number:
12254091
A method of protecting an endpoint against a security threat detected at the endpoint, wherein the endpoint includes, in memory pages of the endpoint, an operating system (OS), a separate software entity, and remediation code, includes the steps of: transferring control of virtual CPUs (vCPUs) of the endpoint from the OS to the separate software entity; and while the separate software entity controls the vCPUs, storing, in an interrupt dispatch table, an instruction address corresponding…
Hybrid scheme for performing translation lookaside buffer (TLB) shootdowns
Granted: March 18, 2025
Patent Number:
12253956
A hybrid scheme is provided for performing translation lookaside buffer (TLB) shootdowns in a computer system whose processing cores support both inter-processor interrupt (IPI) and broadcast TLB invalidate (TLBI) shootdown mechanisms. In one set of embodiments, this hybrid scheme dynamically determines, for each instance where a TLB shootdown is needed, whether to use the IPI mechanism or the broadcast TLBI mechanism to optimize shootdown performance (or otherwise make the TLB shootdown…
Method and apparatus for deploying tenant deployable elements across public clouds based on harvested performance metrics of sub-types of resource elements in the public clouds
Granted: March 11, 2025
Patent Number:
12250114
Some embodiments of the invention provide a method of deploying a tenant deployable element to one public cloud. The method identifies first and second candidate resource elements respectively of first and second resource element sub-types to deploy in a public cloud to implement the tenant deployable element. The method identifies, for the first and second candidate resource elements respectively first and second sets of performance metric values to evaluate. The method evaluates the…
Facilitating distributed SNAT service
Granted: March 11, 2025
Patent Number:
12250194
Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways…
Rate proportional scheduling to reduce packet loss in virtualized network function chains
Granted: March 11, 2025
Patent Number:
12250159
Disclosed are various embodiments for rate proportional scheduling to reduce packet loss in virtualized network function chains. A congestion monitor executed by a first virtual machine executed by a host computing device can detect congestion in a receive queue associated with a first virtualized network function implemented by a first virtual machine. The congestion monitor can send a pause signal to a rate controller executed by a second virtual machine executed by the host computing…
Discovering and onboarding edge devices
Granted: March 11, 2025
Patent Number:
12250126
Solutions for discovering and onboarding edge devices at scale include: receiving, by a device aggregator, edge device state information including state information for a first edge device; based on at least the state information for the first edge device, configuring the first edge device to perform as a software-defined wide area network (SD-WAN) node; based on at least the edge device state information, determining a first device profile for the first edge device; and transmitting the…
Methods and systems that automatically generate parameterized cloud-infrastructure templates
Granted: March 11, 2025
Patent Number:
12250119
The current document is directed to an infrastructure-as-code (“IaC”) cloud-infrastructure-management service or system that automatically generates parameterized cloud templates that represent already deployed cloud-based infrastructure, including virtual networks, virtual machines, load balancers, and connection topologies. The IaC cloud-infrastructure manager provides an infrastructure-discovery service that accesses a cloud-computing facility to obtain information about already…
Update of virtual machines using clones
Granted: March 11, 2025
Patent Number:
12248801
The disclosure provides an approach for upgrading a virtual machine (VM) using an instant clone. A method includes initiating updating of the VM on a host in a datacenter; creating a clone of the VM on the host, in response to initiating the update; receiving a first write input/output (I/O) request for a first data block; checking a first disk bitmap associated with a first delta disk for whether a first bit associated with the first data block is set; based on the first bit being set,…
Guest time scaling for a virtual machine in a virtualized computer system
Granted: March 11, 2025
Patent Number:
12248799
An example method of managing guest time for a virtual machine (VM) supported by a hypervisor of a virtualized host computer includes: configuring, by the hypervisor, a central processing unit (CPU) of the host computer to trap, to the hypervisor, access by guest code in the VM to a physical counter and timer of the CPU; configuring, by the hypervisor, the guest code in the VM to use the physical counter and timer of the CPU rather than a virtual counter and timer of the CPU; trapping,…
Aggregating block mapping metadata to improve linked clone read performance
Granted: March 11, 2025
Patent Number:
12248797
Linked clone read performance when retrieving data from a clone is improved at least by aggregating block mapping metadata efficiently. Primary metadata for a child clone maps a logical block address (LBA) for data in a data region of the child clone to a physical sector address (PSA) for data in the data region of the child clone. At least a portion of primary metadata for a parent clone of the child clone is copied into archival metadata for the child clone. In response to a read…
Two-round byzantine fault tolerant (BFT) state machine replication (SMR) protocol with linear authenticator complexity and optimistic responsiveness
Granted: March 11, 2025
Patent Number:
12248496
The present disclosure is directed to a leader-based partially synchronous BFT SMR protocol that improves upon existing protocols by exhibiting two rounds of communication latency, linear authenticator complexity, and optimistic responsiveness. This is achieved through the novel use of an aggregate signature scheme as part of the protocol's view-change procedure.
Bandwidth utilization-based congestion control
Granted: March 4, 2025
Patent Number:
12244506
Some embodiments of the invention provide a method for performing congestion control for a particular packet flow associated with a source first host computer operating in a network. The method is performed at the first source host computer. The method determines a bandwidth threshold specified for the particular packet flow. Based on the bandwidth threshold, the method allocates an amount of bandwidth to the particular packet flow. The method periodically receives sets of contextual…
Running services in SDL of a RIC
Granted: March 4, 2025
Patent Number:
12244466
To provide a low latency near RT RIC, some embodiments separate the RIC's functions into several different components that operate on different machines (e.g., execute on VMs or Pods) operating on the same host computer or different host computers. Some embodiments also provide high speed interfaces between these machines. Some or all of these interfaces operate in non-blocking, lockless manner in order to ensure that critical near RT RIC operations (e.g., datapath processes) are not…
Guest cluster deployed as virtual extension of management cluster in a virtualized computing system
Granted: March 4, 2025
Patent Number:
12242882
An example virtualized computing system includes: a host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts, the virtualization layer supporting execution of virtual machines (VMs); an orchestration control plane integrated with the virtualization layer, the orchestration control plane including a master server executing in a first VM of the VMs; guest cluster infrastructure software (GCIS) executing in the master server, the GCIS configured to…
Polling regulation for storage input/output in a computer system
Granted: March 4, 2025
Patent Number:
12242398
An example method of input/output (IO) between system software executing in a computer and a storage device includes: sending, from the system software, IO commands to the storage device; handling, by the system software, IO completion messages from the storage device in an interrupt mode; determining, while processing the IO commands, a first value for a measure of IO operations per second (IOPs) of the storage device; determining, by a device driver of the system software, that a first…
Implementing state change in a hierarchy of resources in an SDDC
Granted: February 25, 2025
Patent Number:
12235726
Some embodiments provide a hierarchical data service (HDS) that manages many resource clusters that are in a resource cluster hierarchy. In some embodiments, each resource cluster has its own cluster manager, and the cluster managers are in a cluster manager hierarchy that mimics the hierarchy of the resource clusters. In some embodiments, both the resource cluster hierarchy and the cluster manager hierarchy are tree structures, e.g., a directed acyclic graph (DAG) structure that has one…
Method for modifying an SD-WAN using metric-based heat maps
Granted: February 25, 2025
Patent Number:
12237990
Some embodiments provide a method for dynamically deploying a managed forwarding element (MFE) in a software-defined wide-area network (SD-WAN) for a particular geographic region across which multiple SaaS applications is distributed. The method determines, based on flow patterns for multiple flows destined for the multiple SaaS applications distributed across the particular geographic region, that an additional MFE is needed for the particular geographic region. The method configures…
