Patents by Inventor Danting LIU
Danting LIU has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20250028548Abstract: The disclosure provides a method for assigning containerized workloads to isolated network constructs within a networking environment associated with a container-based cluster. The method generally includes receiving, at the container-based cluster, a subnet port custom resource specification to initiate creation of a subnet port object to assign a node to a subnet within the networking environment, wherein one or more containerized workloads are running on the node, in response to receiving the subnet port custom resource specification, creating the subnet port object, and modifying a state of the container-based cluster to match a first intended state of the container-based cluster at least specified in the subnet port object, wherein modifying the state comprises assigning the node to the subnet in the networking environment.Type: ApplicationFiled: August 23, 2023Publication date: January 23, 2025Inventors: Xiaopei Liu, Danting Liu, Wenfeng Liu, Jianjun Shen, Donghai Han
-
Patent number: 12177124Abstract: Some embodiments provide an automated method for defining externally routable Pods within a Kubernetes cluster. In some embodiments, the Pod operates in a guest cluster has its own VPC (virtual private cloud) network in a datacenter with several other guest clusters that have their own VPC networks and their own set of managers. In some embodiments, a Pod within a GC can be made externally routable so that it can be directly addressable from an external client outside of the Pod's network by using two new Kubernetes CRDs (custom resource definitions), which are an IPPool CRD and a RouteSet CRD. Examples of such external clients include VMs or Pods in another GC or a supervisor cluster connected to the particular GC through a gateway, or from a machine outside of the network of all of the GCs or SC.Type: GrantFiled: October 4, 2022Date of Patent: December 24, 2024Assignee: VMware LLCInventors: Danting Liu, Qian Sun, Jianjun Shen, Wenfeng Liu, Donghai Han
-
Patent number: 12120088Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.Type: GrantFiled: June 10, 2020Date of Patent: October 15, 2024Assignee: VMware LLCInventors: Zhengsheng Zhou, Kai Su, Jackie Lan, Danting Liu, Qian Sun, Donghai Han
-
Patent number: 12101292Abstract: A method for network address management is provided. Embodiments include determining a creation of a namespace associated with a cluster of computing devices, wherein a subset of computing resources of the cluster of computing devices is allocated to the namespace. Embodiments include assigning, to the namespace, a network address pool comprising a plurality of network addresses in a subnet, wherein the assigning causes the plurality of network addresses to be reserved exclusively for the namespace. Embodiments include receiving an indication that a pod is added to the namespace. Embodiments include, in response to the receiving of the indication, assigning a network address from the network address pool to the pod.Type: GrantFiled: August 17, 2022Date of Patent: September 24, 2024Assignee: VMware LLCInventors: Xiaopei Liu, Jianjun Shen, Donghai Han, Wenfeng Liu, Danting Liu
-
Publication number: 20240314104Abstract: The disclosure provides a method for isolated environments for containerized workloads within a virtual private cloud in a networking environment. The method generally includes defining, by a user, a subnet custom resource object for creating a subnet in the virtual private cloud, wherein defining the subnet custom resource object comprises defining a connectivity mode for the subnet; deploying the subnet custom resource object such that the subnet is created in the virtual private cloud with the connectivity mode specified for the subnet; defining, by the user, a subnet port custom resource object for assigning a node to the subnet, wherein one or more containerized workloads are running on the node; and deploying the subnet port custom resource object such that the node is assigned to the subnet.Type: ApplicationFiled: March 14, 2023Publication date: September 19, 2024Inventors: Xiaopei Liu, Danting Liu, Jianjun Shen, Qian Sun, Wenfeng Liu, Donghai Han
-
Publication number: 20240113968Abstract: Some embodiments provide an automated method for defining externally routable Pods within a Kubernetes cluster. In some embodiments, the Pod operates in a guest cluster has its own VPC (virtual private cloud) network in a datacenter with several other guest clusters that have their own VPC networks and their own set of managers. In some embodiments, a Pod within a GC can be made externally routable so that it can be directly addressable from an external client outside of the Pod's network by using two new Kubernetes CRDs (custom resource definitions), which are an IPPool CRD and a RouteSet CRD. Examples of such external clients include VMs or Pods in another GC or a supervisor cluster connected to the particular GC through a gateway, or from a machine outside of the network of all of the GCs or SC.Type: ApplicationFiled: October 4, 2022Publication date: April 4, 2024Inventors: Danting Liu, Qian Sun, Jianjun Shen, Wenfeng Liu, Donghai Han
-
Patent number: 11936544Abstract: A system and method for capturing resource usage information in a network for namespaces in which pods operate are described herein. A data structure specifies a topology that includes a gateway and routing addresses in a network whose usage is to be captured. The data structure is provided to an API of a master node controlling the pods. A controller in the master node enforces the data structure and reports results back to the API.Type: GrantFiled: August 17, 2022Date of Patent: March 19, 2024Assignee: VMware, Inc.Inventors: Jianwei Sui, Danting Liu, Donghai Han, Wenfeng Liu, Jianjun Shen
-
Publication number: 20240028358Abstract: Disclosed herein is a system and method for controlling network traffic among namespaces in which various entities, such as virtual machines, pod virtual machines, and a container orchestration system, such as Kubernetes, reside and operate. The entities have access to a network that includes one or more firewalls. The traffic that is permitted to flow over the network among and between the namespaces is defined by a security policy definition. The security policy definition is posted to a master node in a supervisor cluster that supports and provisions the namespaces. The master node invokes a network manager to generate a set of firewall rules and program the one or more firewalls in the network to enforce the rules.Type: ApplicationFiled: August 22, 2022Publication date: January 25, 2024Inventors: Danting LIU, Qian SUN, Jianjun SHEN, Wenfeng LIU, Donghai HAN
-
Publication number: 20240031265Abstract: A system and method for capturing resource usage information in a network for namespaces in which pods operate are described herein. A data structure specifies a topology that includes a gateway and routing addresses in a network whose usage is to be captured. The data structure is provided to an API of a master node controlling the pods. A controller in the master node enforces the data structure and reports results back to the API.Type: ApplicationFiled: August 17, 2022Publication date: January 25, 2024Inventors: Jianwei SUI, Danting LIU, Donghai HAN, Wenfeng LIU, Jianjun SHEN
-
Publication number: 20240022542Abstract: A method for network address management is provided. Embodiments include determining a creation of a namespace associated with a cluster of computing devices, wherein a subset of computing resources of the cluster of computing devices is allocated to the namespace. Embodiments include assigning, to the namespace, a network address pool comprising a plurality of network addresses in a subnet, wherein the assigning causes the plurality of network addresses to be reserved exclusively for the namespace. Embodiments include receiving an indication that a pod is added to the namespace. Embodiments include, in response to the receiving of the indication, assigning a network address from the network address pool to the pod.Type: ApplicationFiled: August 17, 2022Publication date: January 18, 2024Inventors: Xiaopei LIU, Jianjun SHEN, Donghai HAN, Wenfeng LIU, Danting LIU
-
Patent number: 11848910Abstract: Some embodiments provide a novel method for resiliently associating Internet Protocol (IP) addresses with pods that each have unique identifiers (IDs) in a managed cluster of worker nodes managed by a first set of one or more controllers of the managed cluster. The resilient association between IP addresses and pods is maintained even when pods are moved between worker nodes. At a second set of controllers, the method receives notification regarding deployment, on a first worker node, of a stateful pod associated with a particular ID. The method allocates an IP address to the stateful pod. The method creates a mapping between the IP address and the particular ID in order to maintain the allocation of the IP address to the stateful pod. The method provides the IP address to the first set of controllers to use for the stateful pod.Type: GrantFiled: January 17, 2023Date of Patent: December 19, 2023Assignee: VMWARE, INC.Inventors: Tao Zou, Danting Liu, Salvatore Orlando, Wenfeng Liu, Donghai Han
-
Patent number: 11792159Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.Type: GrantFiled: June 10, 2020Date of Patent: October 17, 2023Assignee: VMWARE, INC.Inventors: Zhengsheng Zhou, Qian Sun, Danting Liu, Donghai Han
-
Publication number: 20230244591Abstract: Some embodiments provide a method for monitoring a container cluster that includes multiple nodes on which application resources are deployed. The method deploys an agent on each node of a set of nodes of the cluster. Each agent is for configuring a logical network on the node to which the agent is deployed. The method monitors status of the deployed agents. Upon detection that a particular agent on a particular node is no longer operating correctly, the method prevents a container cluster control plane from deploying application resources to the particular node.Type: ApplicationFiled: March 16, 2022Publication date: August 3, 2023Inventors: Qian Sun, Danting Liu, Donghai Han, Wenfeng Liu, Salvatore Orlando
-
Patent number: 11689497Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.Type: GrantFiled: June 10, 2020Date of Patent: June 27, 2023Assignee: VMWARE, INC.Inventors: Jianjun Shen, Kai Su, Danting Liu, Yang Liu
-
Publication number: 20230179484Abstract: The method of some embodiments allocates a secondary network interface for a pod, which has a primary network interface, in a container network operating on an underlying logical network. The method receives an ND that designates a network segment. The method receives the pod, wherein the pod includes an identifier of the ND. The method then creates a secondary network interface for the pod and connects the secondary network interface to the network segment. In some embodiments, the pods include multiple ND identifiers that each identify a network segment. The method of such embodiments creates multiple secondary network interfaces and attaches the multiple network segments to the multiple secondary network interfaces.Type: ApplicationFiled: January 28, 2023Publication date: June 8, 2023Inventors: Danting Liu, Jianjun Shen, Wenfeng Liu, Rui Cao, Ran Gu, Donghai Han
-
Patent number: 11606254Abstract: The method of some embodiments allocates a secondary network interface for a pod, which has a primary network interface, in a container network operating on an underlying logical network. The method receives an ND that designates a network segment. The method receives the pod, wherein the pod includes an identifier of the ND. The method then creates a secondary network interface for the pod and connects the secondary network interface to the network segment. In some embodiments, the pods include multiple ND identifiers that each identify a network segment. The method of such embodiments creates multiple secondary network interfaces and attaches the multiple network segments to the multiple secondary network interfaces.Type: GrantFiled: July 29, 2021Date of Patent: March 14, 2023Assignee: VMWARE, INC.Inventors: Danting Liu, Jianjun Shen, Wenfeng Liu, Rui Cao, Ran Gu, Donghai Han
-
Patent number: 11595303Abstract: Example methods and systems for packet handling in a software-defined networking (SDN) environment are disclosed. One example method may comprise detecting an egress application-layer message from a first logical endpoint supported by a first host; and identifying a second logical endpoint supported by the second host for which the egress application-layer message is destined. The method may also comprise generating an egress packet that includes the egress application-layer message and metadata associated with the second logical endpoint, but omits one or more headers that are addressed from the first logical endpoint to the second logical endpoint. The method may further comprise sending the egress packet to the second host to cause the second host to identify the second logical endpoint based on the metadata, and to send the egress application-layer message to the second logical endpoint.Type: GrantFiled: August 13, 2019Date of Patent: February 28, 2023Assignee: VMWARE, INC.Inventors: Yusheng Wang, Donghai Han, Danting Liu, Quan Tian
-
Patent number: 11570146Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.Type: GrantFiled: June 10, 2020Date of Patent: January 31, 2023Assignee: VMWARE, INC.Inventors: Danting Liu, Jianjun Shen, Abhishek Raut, Wenfeng Liu, Donghai Han
-
Publication number: 20220400053Abstract: The method of some embodiments allocates a secondary network interface for a pod, which has a primary network interface, in a container network operating on an underlying logical network. The method receives an ND that designates a network segment. The method receives the pod, wherein the pod includes an identifier of the ND. The method then creates a secondary network interface for the pod and connects the secondary network interface to the network segment. In some embodiments, the pods include multiple ND identifiers that each identify a network segment. The method of such embodiments creates multiple secondary network interfaces and attaches the multiple network segments to the multiple secondary network interfaces.Type: ApplicationFiled: July 29, 2021Publication date: December 15, 2022Inventors: Danting Liu, Jianjun Shen, Wenfeng Liu, Rui Cao, Ran Gu, Donghai Han
-
Patent number: 11500688Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.Type: GrantFiled: June 10, 2020Date of Patent: November 15, 2022Assignee: VMWARE, INC.Inventors: Danting Liu, Jianjun Shen, Kai Su, Qian Sun, Wenfeng Liu, Donghai Han