WAN optimization for encrypted data traffic using fully homomorphic encryption
Granted: February 4, 2025
Patent Number:
12218915
Some embodiments of the invention provide a method for WAN (wide area network) optimization for a WAN that connects multiple sites, each of which has at least one router. At a gateway router deployed to a public cloud, the method receives from at least two routers at least two sites, multiple data streams destined for a particular centralized datacenter. The method performs a WAN optimization operation to aggregate the multiple streams into one outbound stream that is WAN optimized for…
Network-aware load balancing
Granted: February 4, 2025
Patent Number:
12218845
Some embodiments of the invention provide a method for network-aware load balancing for data messages traversing a software-defined wide area network (SD-WAN) (e.g., a virtual network) including multiple connection links between different elements of the SD-WAN. The method includes receiving, at a load balancer in a multi-machine site, link state data relating to a set of SD-WAN datapaths including connection links of the multiple connection links. The load balancer, in some embodiments,…
Optimized processing of multicast data messages in a host
Granted: February 4, 2025
Patent Number:
12218833
Some embodiments provide a method for forwarding multicast data messages at a forwarding element on a host computer. The method receives a multicast data message from a routing element executing on the host computer along with metadata appended to the multicast data message by the routing element. Based on a destination address of the multicast data message, the method identifies a set of recipient ports for a multicast group with which the multicast data message is associated. For each…
Methods for application defined virtual network service among multiple transport in sd-wan
Granted: February 4, 2025
Patent Number:
12218800
Some embodiments provide a method of selecting data links for an application in a network. The method receives, from a machine implementing the application, a set of identifiers of required link characteristics. Based on at least one of the identifiers, the method selects a transport group that includes a set of optional links matching the identifiers. From the selected transport group, the method selects a link matching the set of identifiers.
Dynamic grouping of network segments for forwarding data message flows from machines of network segment groups to an external network through different edge forwarding elements
Granted: January 28, 2025
Patent Number:
12212494
Some embodiments provide a novel method for dynamically deploying gateways for a first network connecting machines. The first network includes segments, routers, and a first gateway that connects to an external network. The method identifies a set of two or more segments that consumes more than a threshold amount of bandwidth of the first gateway. The identified set includes at least first and second segments. The method identifies one or more segment groups by aggregating two or more…
Bootstrapping an encrypted single node VSAN cluster
Granted: January 28, 2025
Patent Number:
12212474
The present disclosure relates to bootstrapping an encrypted single node VSAN cluster. One method includes receiving a request to create an encrypted VSAN cluster from a single host in a software-defined datacenter, deploying a virtual server on a VSAN datastore of the software-defined datacenter, registering a native key provider (NKP) in the virtual server, creating an empty VSAN cluster encrypted by the NKP, adding the single host to the encrypted empty cluster to create a one-host…
Providing access to datacenter resources in a scalable manner
Granted: January 21, 2025
Patent Number:
12206670
Some embodiments provide a method for providing access in a scalable manner to resources in a first datacenter to clients operating in one or more public clouds. The method of some embodiments implements with multiple machines a public-cloud proxy to connect clients in the public cloud(s) to a reverse proxy in the first datacenter. For instance, in response to a request to access a first resource in the first datacenter from a first client executing outside of the first datacenter, the…
Network controller as a service (NCaaS) to define network policies for third-party container clusters
Granted: January 14, 2025
Patent Number:
12199833
Some embodiments provide a method for using a first SDN controller as a Network Controller as a Service (NCaaS). The first SDN controller receives a first set of network attributes regarding network elements in a first container cluster configured by a second SDN controller, and a second set of network attributes regarding network elements in a second container cluster configured by a third SDN controller. These container clusters do not have a controller for defining particular network…
Security aware load balancing for a global server load balancing system
Granted: January 14, 2025
Patent Number:
12200008
The method of some embodiments assigns a client to a particular datacenter from among multiple datacenters. The method is performed at a first datacenter, starting when it receives security data associated with a second datacenter. Then the method receives a DNS request from the client. Based on the received security data, the method sends a DNS reply assigning the client to the particular datacenter instead of the second datacenter. The receiving and sending is performed by a DNS…
Noisy neighbor in a cloud multitenant system
Granted: January 14, 2025
Patent Number:
12199879
A noisy neighbor in a cloud multitenant system can present resource governance issues. Usage quotas can be applied, and traffic can be throttled to mitigate the problem. Network traffic can be monitored from routers of a software defined data center (SDDC) configured to process network traffic for machines of different tenants. By default, the network traffic from the routers can be processed via a first edge router for the SDDC. A second edge router can be deployed for the SDDC in…
Template driven approach to deploy a multi-segmented application in an SDDC
Granted: January 14, 2025
Patent Number:
12197971
Some embodiments of the invention provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as…
Provisioning DPU management operating systems
Granted: January 14, 2025
Patent Number:
12197939
Disclosed are various examples of provisioning a data processing unit (DPU) management operating system (OS). A management hypervisor installer executed on a host device launches or causes a server component to provide a management operating system (OS) installer image at a particular URI accessible over a network internal to the host device. A baseboard management controller (BMC) transfers the DPU management OS installer image to the DPU device. A volatile memory based virtual disk is…
Migrating virtual machines in cluster memory systems
Granted: January 14, 2025
Patent Number:
12197935
Disclosed are various embodiments for optimizing the migration of pages of memory servers in cluster memory systems. To begin, a computing device can mark in a page table of the computing device that a page stored on a first memory host is not present. Then, the computing device can flush a translation lookaside buffer of the computing device. Next, the computing device can copy the page from the first memory host to a second memory host. Moving on, the computing device can update a page…
Two-level logical to physical mapping mechanism in a log-structured file system
Granted: January 7, 2025
Patent Number:
12189574
Example methods and systems for accessing data in a log-structured file system having a plurality of snapshots of storage objects backed by a first-level copy-on-write (COW) B+ tree data structure and a plurality of second-level B+ tree data structures have been disclosed. One example method includes obtaining a first first-level mapping associated with a first snapshot from the plurality of snapshots based on a first logical block address, wherein each of the plurality of snapshots…
Configuring pNIC to perform flow processing offload using virtual port identifiers
Granted: January 7, 2025
Patent Number:
12192116
Some embodiments of the invention provide a method for configuring a physical network card or physical network controller (pNIC) to provide flow processing offload (FPO) for a host computer connected to the pNIC. The host computers host a set of compute nodes in a virtual network. The set of compute nodes are each associated with a set of interfaces that are each assigned a locally-unique virtual port identifier (VPID) by a flow processing and action generator. The pNIC includes a set of…
Scaling for split-networking datapath
Granted: January 7, 2025
Patent Number:
12192051
Some embodiments of the invention provide a method for implementing an edge device that handles data traffic between a logical network and an external network. The method monitors resource usage of a node pool that includes multiple nodes that each executes a respective set of pods. Each of the pods is for performing a respective set of data message processing operations for at least one of multiple logical routers. The method determines that a particular node in the node pool has…
Scheduling workloads in a container orchestrator of a virtualized computer system
Granted: January 7, 2025
Patent Number:
12190140
An example method of scheduling a workload in a virtualized computing system including a host cluster having a virtualization layer directly executing on hardware platforms of hosts is described. The virtualization layer supports execution of virtual machines (VMs) and is integrated with an orchestration control plane. The method includes: receiving, at the orchestration control plane, a workload specification for the workload; selecting, at the orchestration control plane, a plurality…
Remote provisioning of hosts in public clouds
Granted: January 7, 2025
Patent Number:
12190122
Examples provide for automatically provisioning hosts in a cloud environment. A cloud daemon generates a cloud host-state configuration, for a given cloud instance of a host, stored on a cloud metadata service prior to first boot of the given cloud instance of the host. A first boot of a plurality of cloud instances of hosts is performed using a stateless, master boot image lacking host-specific configuration data. On completion of the first boot of a given cloud instance of a host, the…
Distribution of bootstrap management for application monitoring
Granted: January 7, 2025
Patent Number:
12190121
The present invention is a highly available system comprising a system to send a plurality of bootstrap requests, at least one cloud proxy fit to receive the plurality of bootstrap requests, wherein each instance of the at least one cloud proxy is coupled with an adapter, and at least one host fit to communicate with one of the at least one cloud proxy.
Secure offloaded data transfer
Granted: January 7, 2025
Patent Number:
12189750
The disclosure provides an approach for secure offloaded data transfer. Embodiments include receiving, by a security component on a client device, from a storage system connected to the client device, a token associated with a data read request corresponding to a source file on the storage system. Embodiments include determining, by the security component, that the source file is trusted. Embodiments include generating, by the security component, an entry in a trusted token cache based…
