Patents by Inventor Stephen Tan
Stephen Tan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20210352004Abstract: In an embodiment, a method for a VRF and multi-service insertion on edge gateways is described. In an embodiment, the method comprises obtaining a rule configuration. Based on, at least in part, the rule configuration, a rule table is created. The rule table comprises rule data records, wherein a rule data record comprises packet attributes and a redirection identifier. A policy configuration comprising policy records is obtained. Each policy record comprises a redirection identifier, a next_hop, and an address pair for interfaces. A mapping between VRF identifiers and address pairs is generated. Based on, at least in part, the mapping and the policy configuration, a policy table is generated. The policy table comprises table records, wherein a table record comprises a redirection identifier, a next_hop, and an address pair. The rule and policy tables are used to redirect a packet from an edge gateway to a service virtual machine.Type: ApplicationFiled: February 18, 2021Publication date: November 11, 2021Inventors: Rahul MISHRA, Kantesh MUNDARAGI, Stephen TAN, Akhila NAVEEN, Pierluigi ROLANDO, Raju KOGANTY
-
Publication number: 20210314263Abstract: The disclosure provides an approach for reducing congestion within a network, the network comprising a plurality of subnets, the plurality of subnets comprising a plurality of host machines and a plurality of virtual computing instances (VCIs) running on the plurality of host machines. Embodiments include receiving, by an edge services gateway (ESG) of a first subnet of the plurality of subnets, membership information for a group identifying a subset of the plurality of host machines. Embodiments include receiving a multicast packet directed to the group and selecting from the plurality of host machines, a replicator host machine for the multicast packet. Embodiments include sending, to the replicator host machine, the multicast packet along with metadata indicating that the replicator host machine is to replicate the multicast packet to remaining host machines of the subset of the plurality of host machines identified in the membership information for the group.Type: ApplicationFiled: June 21, 2021Publication date: October 7, 2021Inventors: Subin Cyriac MATHEW, Sami BOUTROS, Stephen TAN, Senthilkumar KARUNAKARAN, Chidambareswaran RAMAN
-
Publication number: 20210306240Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.Type: ApplicationFiled: June 13, 2021Publication date: September 30, 2021Inventors: Sami Boutros, Stephen Tan, Rahul Mishra, Kantesh Mundaragi, Jayant Jain, Akhila Naveen
-
Publication number: 20210218587Abstract: Some embodiments of the invention provide novel methods for providing transparent services for multicast data messages traversing a network edge device operating at a boundary between two networks. The method analyzes data messages received at the network edge device to determine whether they require a service provided at the boundary and whether they are unicast or multicast (including broadcast). The method modifies a multicast destination media access control (MAC) address of a multicast data message requiring a service to be a unicast destination MAC address and provides, without processing by a standard routing function, the modified data message directly to an interface associated with a service node that provides the particular service required by the data message. The method receives the serviced data message, restores the multicast destination MAC address, and forwards the serviced data message to a set of destinations associated with the multicast destination address.Type: ApplicationFiled: January 13, 2020Publication date: July 15, 2021Inventors: Rahul Mishra, Pierluigi Rolando, Stephen Tan, Raju Koganty
-
Patent number: 11063872Abstract: The disclosure provides an approach for reducing congestion within a network, the network comprising a plurality of subnets, the plurality of subnets comprising a plurality of host machines and a plurality of virtual computing instances (VCIs) running on the plurality of host machines. Embodiments include receiving, by an edge services gateway (ESG) of a first subnet of the plurality of subnets, membership information for a group identifying a subset of the plurality of host machines. Embodiments include receiving a multicast packet directed to the group and selecting from the plurality of host machines, a replicator host machine for the multicast packet. Embodiments include sending, to the replicator host machine, the multicast packet along with metadata indicating that the replicator host machine is to replicate the multicast packet to remaining host machines of the subset of the plurality of host machines identified in the membership information for the group.Type: GrantFiled: October 24, 2019Date of Patent: July 13, 2021Assignee: VMware, Inc.Inventors: Subin Cyriac Mathew, Sami Boutros, Stephen Tan, Senthilkumar Karunakaran, Chidambareswaran Raman
-
Patent number: 11038782Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.Type: GrantFiled: August 1, 2020Date of Patent: June 15, 2021Assignee: NICIRA, INC.Inventors: Sami Boutros, Stephen Tan, Rahul Mishra, Kantesh Mundaragi, Jayant Jain, Akhila Naveen
-
Publication number: 20210126866Abstract: The disclosure provides an approach for reducing congestion within a network, the network comprising a plurality of subnets, the plurality of subnets comprising a plurality of host machines and a plurality of virtual computing instances (VCIs) running on the plurality of host machines. Embodiments include receiving, by an edge services gateway (ESG) of a first subnet of the plurality of subnets, membership information for a group identifying a subset of the plurality of host machines. Embodiments include receiving a multicast packet directed to the group and selecting from the plurality of host machines, a replicator host machine for the multicast packet. Embodiments include sending, to the replicator host machine, the multicast packet along with metadata indicating that the replicator host machine is to replicate the multicast packet to remaining host machines of the subset of the plurality of host machines identified in the membership information for the group.Type: ApplicationFiled: October 24, 2019Publication date: April 29, 2021Inventors: Subin Cyriac MATHEW, Sami BOUTROS, Stephen TAN, Senthilkumar KARUNAKARAN, Chidambareswaran RAMAN
-
Patent number: 10931565Abstract: In an embodiment, a method for a VRF and multi-service insertion on edge gateways is described. In an embodiment, the method comprises obtaining a rule configuration. Based on, at least in part, the rule configuration, a rule table is created. The rule table comprises rule data records, wherein a rule data record comprises packet attributes and a redirection identifier. A policy configuration comprising policy records is obtained. Each policy record comprises a redirection identifier, a next_hop, and an address pair for interfaces. A mapping between VRF identifiers and address pairs is generated. Based on, at least in part, the mapping and the policy configuration, a policy table is generated. The policy table comprises table records, wherein a table record comprises a redirection identifier, a next_hop, and an address pair. The rule and policy tables are used to redirect a packet from an edge gateway to a service virtual machine.Type: GrantFiled: February 22, 2019Date of Patent: February 23, 2021Assignee: VMware, Inc.Inventors: Rahul Mishra, Kantesh Mundaragi, Stephen Tan, Akhila Naveen, Pierluigi Rolando, Raju Koganty
-
Patent number: 10924397Abstract: In an embodiment, a method for a VRF and multi-service insertion on edge gateways is described. In an embodiment, the method comprises: detecting a packet; determining attributes for the packet; based on the attributes, determining whether the attributes match one or more rule attributes of a particular rule in a rule table; in response to determining that the attributes match the one or more rule attributes of a particular rule in the rule table: determining, based on the particular rule, a particular redirection identifier, a particular VRF identifier, a particular next_hop, a particular address pair, and a particular BFD status; based on the particular BFD status, determining whether to redirect the packet; and in response to determining to redirect the packet, redirecting the packet toward a service virtual machine from an interface indicated by one of addresses in the particular address pair.Type: GrantFiled: February 22, 2019Date of Patent: February 16, 2021Assignee: VMware, Inc.Inventors: Rahul Mishra, Kantesh Mundaragi, Stephen Tan, Akhila Naveen, Pierluigi Rolando, Raju Koganty
-
Publication number: 20200366584Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.Type: ApplicationFiled: August 1, 2020Publication date: November 19, 2020Inventors: Sami Boutros, Stephen Tan, Rahul Mishra, Kantesh Mundaragi, Jayant Jain, Akhila Naveen
-
Patent number: 10805192Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.Type: GrantFiled: March 27, 2018Date of Patent: October 13, 2020Assignee: NICIRA, INC.Inventors: Sami Boutros, Stephen Tan, Rahul Mishra, Kantesh Mundaragi, Jayant Jain, Akhila Naveen
-
Publication number: 20200274799Abstract: In an embodiment, a method for a VRF and multi-service insertion on edge gateways is described. In an embodiment, the method comprises: detecting a packet; determining attributes for the packet; based on the attributes, determining whether the attributes match one or more rule attributes of a particular rule in a rule table; in response to determining that the attributes match the one or more rule attributes of a particular rule in the rule table: determining, based on the particular rule, a particular redirection identifier, a particular VRF identifier, a particular next hop, a particular address pair, and a particular BFD status; based on the particular BFD status, determining whether to redirect the packet; and in response to determining to redirect the packet, redirecting the packet toward a service virtual machine from an interface indicated by one of addresses in the particular address pair.Type: ApplicationFiled: February 22, 2019Publication date: August 27, 2020Applicant: VMware, Inc.Inventors: Rahul Mishra, Kantesh Mundaragi, Stephen Tan, Akhila Naveen, Pierluigi Rolando, Raju Koganty
-
Publication number: 20200274791Abstract: In an embodiment, a method for a VRF and multi-service insertion on edge gateways is described. In an embodiment, the method comprises obtaining a rule configuration. Based on, at least in part, the rule configuration, a rule table is created. The rule table comprises rule data records, wherein a rule data record comprises packet attributes and a redirection identifier. A policy configuration comprising policy records is obtained. Each policy record comprises a redirection identifier, a next_hop, and an address pair for interfaces. A mapping between VRF identifiers and address pairs is generated. Based on, at least in part, the mapping and the policy configuration, a policy table is generated. The policy table comprises table records, wherein a table record comprises a redirection identifier, a next_hop, and an address pair. The rule and policy tables are used to redirect a packet from an edge gateway to a service virtual machine.Type: ApplicationFiled: February 22, 2019Publication date: August 27, 2020Applicant: VMware, Inc.Inventors: Rahul Mishra, Kantesh Mundaragi, Stephen Tan, Akhila Naveen, Pierluigi Rolando, Raju Koganty
-
Patent number: 10728174Abstract: Some embodiments provide a method for providing a layer 2 (L2) bump-in-the-wire service at a gateway device (e.g., a layer 3 (L3) gateway device) at the edge of a logical network. The method, in some embodiments, establishes a connection from a first interface of the gateway device to a service node that provides the L2 service. The method also establishes a connection from a second interface of the gateway device to the L2 service node. The method then sends data messages received by the gateway device that require the L2 service to the service node using the first interface. Some embodiments provide a method for applying different policies at the service node for different tenants of a datacenter. Data messages received for a particular tenant that require the L2 service are encapsulated or marked as belonging to the tenant before being sent to the service node. Based on the encapsulation or marking, the service node provides the service according to policies defined for the tenant.Type: GrantFiled: March 27, 2018Date of Patent: July 28, 2020Assignee: NICIRA, INC.Inventors: Sami Boutros, Stephen Tan, Rahul Mishra, Kantesh Mundaragi, Jayant Jain, Sumedh Saurav, Abhishek Mishra, Akhila Naveen
-
Publication number: 20200127884Abstract: A method for providing two-channel-based high-availability in a cluster of nodes is disclosed. In an embodiment, a method comprises: initiating, by a local control plane executing on a first node, a first state for an underlay control channel and a second state for a management control channel; detecting a bidirectional forwarding detection (BFD) control packet from a second node; determining whether the BFD control packet has been received from the underlay control channel; in response to determining that the BFD control packet was received from the underlay control channel: parsing the BFD control packet to extract a first diagnostic code; updating the first state with the first diagnostic code; determining whether both the first state and the second state indicate a need to switch services configured on the second node; in response to the determining, initiating a switchover of services configured on the second node.Type: ApplicationFiled: December 23, 2019Publication date: April 23, 2020Applicant: VMware, Inc.Inventors: Kai-Wei FAN, Haihua LUO, Stephen TAN
-
Publication number: 20200036576Abstract: A method for providing two-channel-based high-availability in a cluster of nodes is disclosed. In an embodiment, a method comprises: initiating, by a local control plane executing on a first node, a first state for an underlay control channel and a second state for a management control channel; detecting a bidirectional forwarding detection (“BFD”) control packet from a second node; determining whether the BFD control packet has been received from the underlay control channel; in response to determining that the BFD control packet was received from the underlay control channel: parsing the BFD control packet to extract a first diagnostic code; updating the first state with the first diagnostic code; determining whether both the first state and the second state indicate that the second node is unreachable; in response to determining that the second node is unreachable, initiating a switchover of services configured on the second node.Type: ApplicationFiled: July 27, 2018Publication date: January 30, 2020Applicant: VMware, Inc.Inventors: Kai-Wei FAN, Haihua LUO, Stephen TAN
-
Patent number: 10530634Abstract: A method for providing two-channel-based high-availability in a cluster of nodes is disclosed. In an embodiment, a method comprises: initiating, by a local control plane executing on a first node, a first state for an underlay control channel and a second state for a management control channel; detecting a bidirectional forwarding detection (“BFD”) control packet from a second node; determining whether the BFD control packet has been received from the underlay control channel; in response to determining that the BFD control packet was received from the underlay control channel: parsing the BFD control packet to extract a first diagnostic code; updating the first state with the first diagnostic code; determining whether both the first state and the second state indicate that the second node is unreachable; in response to determining that the second node is unreachable, initiating a switchover of services configured on the second node.Type: GrantFiled: July 27, 2018Date of Patent: January 7, 2020Assignee: VMWARE, INC.Inventors: Kai-Wei Fan, Haihua Luo, Stephen Tan
-
Publication number: 20190306086Abstract: Some embodiments provide a method for providing a layer 2 (L2) bump-in-the-wire service at a gateway device (e.g., a layer 3 (L3) gateway device) at the edge of a logical network. The method, in some embodiments, establishes a connection from a first interface of the gateway device to a service node that provides the L2 service. The method also establishes a connection from a second interface of the gateway device to the L2 service node. The method then sends data messages received by the gateway device that require the L2 service to the service node using the first interface. Some embodiments provide a method for applying different policies at the service node for different tenants of a datacenter. Data messages received for a particular tenant that require the L2 service are encapsulated or marked as belonging to the tenant before being sent to the service node. Based on the encapsulation or marking, the service node provides the service according to policies defined for the tenant.Type: ApplicationFiled: March 27, 2018Publication date: October 3, 2019Inventors: Sami Boutros, Stephen Tan, Rahul Mishra, Kantesh Mundaragi, Jayant Jain, Sumedh Saurav, Abhishek Mishra, Akhila Naveen
-
Publication number: 20190306036Abstract: Some embodiments provide a method for detecting a failure of a layer 2 (L2) bump-in-the-wire service at a device. In some embodiments, the device sends heartbeat signals to a second device connected to L2 service nodes in order to detect failure of the L2 service (e.g., a failure of all the service nodes). In some embodiments, the heartbeat signals are unidirectional heartbeat signals (e.g., a unidirectional bidirectional-forwarding-detection (BFD) session) sent from each device to the other. The heartbeat signals, in some embodiments, use a broadcast MAC address in order to reach the current active L2 service node in the case of a failover (i.e., an active service node failing and a standby service node becoming the new active service node). The unidirectional heartbeat signals are also used, in some embodiments, to decrease the time between a failover and data messages being forwarded to the new active service node.Type: ApplicationFiled: March 27, 2018Publication date: October 3, 2019Inventors: Sami Boutros, Stephen Tan, Rahul Mishra, Kantesh Mundaragi, Jayant Jain, Akhila Naveen
-
Publication number: 20120147882Abstract: A Multiple Registration Protocol (MRP) advertisement control capability is provided. A method includes receiving an MRP advertisement at a device configured as an interface between a core domain and a local domain and determining handling of the MRP advertisement at the device using at least one MRP policy stored on the device. The core domain may be a Provider Backbone Bridging (PBB) network or other suitable core network. The local domain may be one of a PBB network, a Provider Bridging Network (PBN), a Metropolitan Area Network (MAN), and the like. In one case, when the MRP advertisement is associated with a local service of the local domain, the MRP policy indicates that the MRP advertisement is not to be forwarded via the core domain.Type: ApplicationFiled: December 13, 2010Publication date: June 14, 2012Inventors: Florin Balus, Xiang-Ling (Stephen) Tan, Jeroen Dhollander