Implementing state change in a hierarchy of resources in an SDDC
Granted: February 25, 2025
Patent Number:
12235726
Some embodiments provide a hierarchical data service (HDS) that manages many resource clusters that are in a resource cluster hierarchy. In some embodiments, each resource cluster has its own cluster manager, and the cluster managers are in a cluster manager hierarchy that mimics the hierarchy of the resource clusters. In some embodiments, both the resource cluster hierarchy and the cluster manager hierarchy are tree structures, e.g., a directed acyclic graph (DAG) structure that has one…
Logical switch level load balancing of L2VPN traffic
Granted: February 18, 2025
Patent Number:
12231407
The disclosure provides an approach for logical switch level load balancing of Layer 2 virtual private network (L2VPN) traffic. A method of securing communications with a peer gateway generally includes establishing, at a virtual tunnel interface of a local gateway, a plurality of security tunnels with the peer gateway. Each of the plurality of security tunnels is associated with a different set of one or more layer 2 segments and with one or more security associations (SAs) with the…
Per-namespace IP address management method for container networks
Granted: February 18, 2025
Patent Number:
12231398
Some embodiments of the invention provide a method of sending data in a network that includes multiple worker nodes, each worker node executing at least one set of containers, a gateway interface, and a virtual local area network (VLAN) tunnel interface. The method configures the gateway interface of each worker node to associate the gateway interface with multiple subnets. Each subnet is associated with a namespace, a first worker node executes a first set of containers of a first…
Virtual tunnel endpoint (VTEP) mapping for overlay networking
Granted: February 18, 2025
Patent Number:
12231262
Example methods and systems for virtual tunnel endpoint (VTEP) mapping for overlay networking are described. One example may involve a computer system monitoring multiple VTEPs that are configured for overlay networking. In response to detecting a state transition associated with a first VTEP from a healthy state to an unhealthy state, the computer system may identify mapping information that associates a virtualized computing instance with the first VTEP in the unhealthy state; and…
Service insertion for multicast traffic at boundary
Granted: February 18, 2025
Patent Number:
12231252
Some embodiments of the invention provide novel methods for providing transparent services for multicast data messages traversing a network edge device operating at a boundary between two networks. The method analyzes data messages received at the network edge device to determine whether they require a service provided at the boundary and whether they are unicast or multicast (including broadcast). The method modifies a multicast destination media access control (MAC) address of a…
Memory-aware request placement for virtual GPU enabled systems
Granted: February 18, 2025
Patent Number:
12229602
Disclosed are aspects of memory-aware placement in systems that include graphics processing units (GPUs) that are virtual GPU (vGPU) enabled. In some examples, graphics processing units (GPU) are identified in a computing environment. Graphics processing requests are received. A graphics processing request includes a GPU memory requirement. The graphics processing requests are processed using a graphics processing request placement model that minimizes a number of utilized GPUs that are…
Teaming of smart NICs
Granted: February 18, 2025
Patent Number:
12229578
Some embodiments provide a method for a first smart NIC of multiple smart NICs of a host computer. Each of the smart NICs executes a smart NIC operating system that performs virtual networking operations for a set of data compute machines executing on the host computer. The method receives a data message sent by one of the data compute machines executing on the host computer. The method performs virtual networking operations on the data message to determine that the data message is to be…
Logical network platform install and upgrade in a virtualized computer system
Granted: February 18, 2025
Patent Number:
12229574
An example method of deploying a logical network platform in a virtualized computing system, the virtualized computing system including a host cluster and a virtualization management server connected to a physical network, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts is described. The method includes receiving, at the virtualization management server, a declarative specification describing a proposed state of the logical network…
Reconfiguration framework for byzantine fault tolerant (BFT) state machine replication (SMR) systems
Granted: February 18, 2025
Patent Number:
12229445
The present disclosure is directed to a novel reconfiguration framework for a BFT SMR system. With this framework, the configuration of both the system itself and the clients of the system can be modified in a live manner (i.e., without taking the system offline) while preserving correct system operation.
Avoiding data inconsistency in a file system using 2-level synchronization
Granted: February 11, 2025
Patent Number:
12222904
A method of synchronously executing input/output operations (IOs) for a plurality of applications using a storage device with a file system includes the steps of: receiving a first write IO including an instruction to write first data at a first address of the file system; determining that, within a first range of the file system comprising the first address, there are no pending unmap IOs for deallocating storage space of the storage device from files of the plurality of applications;…
Methods and apparatus for automatic configuration of a containerized computing namespace
Granted: February 4, 2025
Patent Number:
12218942
Methods, apparatus, systems and articles of manufacture for automatic configuration of a containerized computing namespace are disclosed. An example method includes identifying, in response to creation of a containerized computing namespace, a user account that is to be granted access to a containerized computing namespace, creating a service account, the service account representing the user account for the containerized computing namespace creating a role within the containerized…
WAN optimization for encrypted data traffic using fully homomorphic encryption
Granted: February 4, 2025
Patent Number:
12218915
Some embodiments of the invention provide a method for WAN (wide area network) optimization for a WAN that connects multiple sites, each of which has at least one router. At a gateway router deployed to a public cloud, the method receives from at least two routers at least two sites, multiple data streams destined for a particular centralized datacenter. The method performs a WAN optimization operation to aggregate the multiple streams into one outbound stream that is WAN optimized for…
Network-aware load balancing
Granted: February 4, 2025
Patent Number:
12218845
Some embodiments of the invention provide a method for network-aware load balancing for data messages traversing a software-defined wide area network (SD-WAN) (e.g., a virtual network) including multiple connection links between different elements of the SD-WAN. The method includes receiving, at a load balancer in a multi-machine site, link state data relating to a set of SD-WAN datapaths including connection links of the multiple connection links. The load balancer, in some embodiments,…
Optimized processing of multicast data messages in a host
Granted: February 4, 2025
Patent Number:
12218833
Some embodiments provide a method for forwarding multicast data messages at a forwarding element on a host computer. The method receives a multicast data message from a routing element executing on the host computer along with metadata appended to the multicast data message by the routing element. Based on a destination address of the multicast data message, the method identifies a set of recipient ports for a multicast group with which the multicast data message is associated. For each…
Methods for application defined virtual network service among multiple transport in sd-wan
Granted: February 4, 2025
Patent Number:
12218800
Some embodiments provide a method of selecting data links for an application in a network. The method receives, from a machine implementing the application, a set of identifiers of required link characteristics. Based on at least one of the identifiers, the method selects a transport group that includes a set of optional links matching the identifiers. From the selected transport group, the method selects a link matching the set of identifiers.
Dynamic grouping of network segments for forwarding data message flows from machines of network segment groups to an external network through different edge forwarding elements
Granted: January 28, 2025
Patent Number:
12212494
Some embodiments provide a novel method for dynamically deploying gateways for a first network connecting machines. The first network includes segments, routers, and a first gateway that connects to an external network. The method identifies a set of two or more segments that consumes more than a threshold amount of bandwidth of the first gateway. The identified set includes at least first and second segments. The method identifies one or more segment groups by aggregating two or more…
Bootstrapping an encrypted single node VSAN cluster
Granted: January 28, 2025
Patent Number:
12212474
The present disclosure relates to bootstrapping an encrypted single node VSAN cluster. One method includes receiving a request to create an encrypted VSAN cluster from a single host in a software-defined datacenter, deploying a virtual server on a VSAN datastore of the software-defined datacenter, registering a native key provider (NKP) in the virtual server, creating an empty VSAN cluster encrypted by the NKP, adding the single host to the encrypted empty cluster to create a one-host…
Providing access to datacenter resources in a scalable manner
Granted: January 21, 2025
Patent Number:
12206670
Some embodiments provide a method for providing access in a scalable manner to resources in a first datacenter to clients operating in one or more public clouds. The method of some embodiments implements with multiple machines a public-cloud proxy to connect clients in the public cloud(s) to a reverse proxy in the first datacenter. For instance, in response to a request to access a first resource in the first datacenter from a first client executing outside of the first datacenter, the…
Provisioning DPU management operating systems
Granted: January 14, 2025
Patent Number:
12197939
Disclosed are various examples of provisioning a data processing unit (DPU) management operating system (OS). A management hypervisor installer executed on a host device launches or causes a server component to provide a management operating system (OS) installer image at a particular URI accessible over a network internal to the host device. A baseboard management controller (BMC) transfers the DPU management OS installer image to the DPU device. A volatile memory based virtual disk is…
Template driven approach to deploy a multi-segmented application in an SDDC
Granted: January 14, 2025
Patent Number:
12197971
Some embodiments of the invention provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as…
