Traffic prioritization in SD-WAN
Granted: March 26, 2024
Patent Number:
11943146
Some embodiments provide a method, for a software-defined wide area network (SD-WAN) that handles (i) traffic for a 5G network and (ii) traffic outside of the 5G network. The SD-WAN is established by a set of edge nodes and a set of gateways. At a particular edge node of the SD-WAN, the method identifies whether a received data message is a 5G message that includes a tunnel header of a particular type associated with the 5G network. When the data message is a 5G message, the method…
System to generate a deployment plan for a cloud infrastructure according to logical, multi-tier application blueprint
Granted: March 26, 2024
Patent Number:
11941452
A deployment system enables a developer to generate a deployment plan according to a logical, multi-tier application blueprint defined by application architects. The deployment plan includes tasks to be executed for deploying application components on virtual computing resource provided in a cloud infrastructure. The deployment plan includes time dependencies that determine an execution order of the tasks according to dependencies between application components specified in the…
Virtual machine packet processing offload
Granted: March 19, 2024
Patent Number:
11936562
A method to offload network function packet processing from a virtual machine onto an offload destination is disclosed. In an embodiment, a method comprises: defining an application programing interface (“API”) for capturing, in a packet processor offload, a network function packet processing for a data flow by specifying how to perform the network function packet processing on data packets that belong to the data flow. Based on capabilities of the packet processor offload and…
Port management in a horizontally scaled file transfer system
Granted: March 19, 2024
Patent Number:
11936754
An example method of file transfer between a client and a server includes: initiating, by the client, a front-end control connection between the client and a horizontally scaled proxy service; creating, by a first proxy instance of a plurality of proxy instances of the horizontally scaled proxy service, a back-end control connection between the first proxy instance and the server; returning, to the client from the first proxy instance, a unique client parameter associated with the…
Seamless hand-off of data traffic in public cloud environments
Granted: March 19, 2024
Patent Number:
11936721
The disclosure provides an approach for seamless hand-off of data traffic in public cloud environments. Techniques are provided for activating an edge services gateway (ESG) virtual computing instance (VCI) on a new host. Prior to activating the ESG VCI on the new host, an underlay routing table is reprogrammed to associate a first IP address of a first tunnel endpoint (TEP) with a first network interface of an old host and to associate a second IP address of a second TEP with a second…
Method of distributing client certificates to machines with shared cloud account access
Granted: March 19, 2024
Patent Number:
11936640
Some embodiments provide a method for providing a resource to a particular virtual private cloud that is deployed in a set of datacenters that host multiple virtual private clouds. At a resource issuer, the method receives a resource request from a particular machine deployed in the particular virtual private cloud, the resource request including a first set of cloud-specific data. The method obtains a cloud identifier for the particular machine from a registry service of the particular…
System and method for creating a secure hybrid overlay network
Granted: March 19, 2024
Patent Number:
11936629
A system and method for creating a secure overlay network on top of the public Internet, optionally by creating an identity-based network in which user identities are the identifiers rather than IP addresses, and whereas only authenticated and authorized users whose identity has been established have visibility and access to the network; establishing fully encrypted and private network segments; providing superior performance through improved protocols and routing; and implementing a…
Port and loopback IP addresses allocation scheme for full-mesh communications with transparent TLS tunnels
Granted: March 19, 2024
Patent Number:
11936613
The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect…
Address resolution handling at logical distributed routers
Granted: March 19, 2024
Patent Number:
11936612
Example methods for a network device to perform address resolution handling. The method may comprise: in response to a first distributed router (DR) port of a first DR instance detecting an address resolution request from a second DR port of a second DR instance, generating a modified address resolution request that is addressed from a first address associated with the first DR port instead of a second address associated with the second DR port. The modified address resolution request…
Enhanced network stack
Granted: March 19, 2024
Patent Number:
11936563
Some embodiments of the invention provide a new networking data path framework that employs one or more dedicated kernel threads to process network traffic on a host computer executing multiple machines (such as virtual machines or containers). This new framework is referred to as an Enhanced Networking Stack (ENS) in this document. In some embodiments, the dedicated kernel threads execute on dedicated CPU cores (e.g., one kernel thread per CPU core) to proactively poll physical NICs…
Live traffic tracing for pods in a network
Granted: March 19, 2024
Patent Number:
11936546
The disclosure provides an example method for live packet tracing. Some embodiments of the method include configuring a first network interface of a first pod to mark each of a plurality of packets, with a corresponding flow tag and a corresponding packet identifier, receiving, from one or more observation points, at least one of copies or metadata of the plurality of packets each marked with the corresponding flow tag and the corresponding packet identifier. In some embodiments, the…
Use of custom resource definitions for reporting network resource usage of a node cluster
Granted: March 19, 2024
Patent Number:
11936544
A system and method for capturing resource usage information in a network for namespaces in which pods operate are described herein. A data structure specifies a topology that includes a gateway and routing addresses in a network whose usage is to be captured. The data structure is provided to an API of a master node controlling the pods. A controller in the master node enforces the data structure and reports results back to the API.
Using hardware profiles of hardware components to determine performance issues of user devices
Granted: March 19, 2024
Patent Number:
11936516
Systems and methods are described for providing recommendations for a user experience in online meetings. A recommendation engine can aggregate data from user devices to make recommendations before, during and after online meetings. Before a meeting, the recommendation engine can recommend which of a user's devices to use for the meeting. During the meeting, the recommendation engine can identify current or anticipated issues and recommend changes the user can make to correct or prevent…
Opportunistic exclusive affinity for threads in a virtualized computing system
Granted: March 19, 2024
Patent Number:
11934890
An example method of managing exclusive affinity for threads executing in a virtualized computing system includes: determining, by an exclusive affinity monitor executing in a hypervisor of the virtualized computing system, a set of threads eligible for exclusive affinity; determining, by the exclusive affinity monitor, for each thread in the set of threads, impact on performance of the threads for granting each thread exclusive affinity; and granting, for each thread of the set of…
Supporting execution of a computer program by using a memory page of another computer program
Granted: March 19, 2024
Patent Number:
11934857
Example methods are provided to identify unused memory regions in pages that are allocated for storing executable code. One or more of the unused memory regions are usable as a secure location to store confidential information shared between a hypervisor on the host and a guest (such as a guest virtual computing instance) that runs on the host. The one or more unused memory regions may also be used to store executable code (such as valid executable code of antivirus software or other…
Placing virtual graphics processing unit (GPU)-configured virtual machines on physical GPUs supporting multiple virtual GPU profiles
Granted: March 19, 2024
Patent Number:
11934854
In one set of embodiments, a computer system can receive a request to provision a virtual machine (VM) in a host cluster, where the VM is associated with a virtual graphics processing unit (GPU) profile indicating a desired or required framebuffer memory size of a virtual GPU of the VM. In response, the computer system can execute an algorithm that identifies, from among a plurality of physical GPUs installed in the host cluster, a physical GPU on which the VM may be placed, where the…
Workflow service application searching
Granted: March 19, 2024
Patent Number:
11934803
Disclosed are various approaches for workflow service application searching. In some aspects, a search query is entered through a search element of a workflow application on a client device. A request is transmitted from a workflow application to a workflow service, to search within an application based on the search query. Application content corresponding to the search query and the application is received from the workflow service. A search result is provided based on the application…
Method to improve copy performance of client drive redirection with per-thread merged input/output
Granted: March 19, 2024
Patent Number:
11934314
A method of copying at least first and second files stored in a client computing device to a host server, includes the steps of: generating at the host server a first read I/O request for data of the first file based on responses to pre-read I/O requests for the first file, received from the client computing device; transmitting a merged I/O request that includes the first read I/O request for data of the first file and pre-read I/O requests for the second file from the host server to…
Optimized networking thread assignment
Granted: March 12, 2024
Patent Number:
11928502
Some embodiments provide a method for scheduling networking threads associated with a data compute node (DCN) executing at a host computer. When a virtual networking device is instantiated for the DCN, the method assigns the virtual networking device to a particular non-uniform memory access (NUMA) node of multiple NUMA nodes associated with the DCN. Based on the assignment of the virtual networking device to the particular NUMA node, the method assigns networking threads associated with…
Increasing page sharing on non-uniform memory access (NUMA)-enabled host systems
Granted: March 12, 2024
Patent Number:
11928510
In one set of embodiments, a hypervisor of a host system can determine that a delta between local and remote memory access latencies for each of a subset of NUMA nodes of the host system is less than a threshold. In response, the hypervisor can enable page sharing across the subset of NUMA nodes, where enabling page sharing comprises associating the subset of NUMA nodes with a single page sharing table, and where the single page sharing table holds entries identifying host physical…
