Patents by Inventor Donghai Han

Donghai Han has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20260156037
    Abstract: Policies are defined for a container cluster that is configured by a first software defined network (SDN) controller cluster. A second SDN controller cluster for defining service policies that are not defined by the first SDN controller cluster receives, from a set of one or more adapters deployed in the container cluster for the second SDN controller cluster, resource identifiers for several resources of the container cluster. The second SDN controller cluster uses the resource identifiers to define a set of service policies. Then, the second SDN controller cluster distributes the set of service policies to a set of network elements to enforce the set of service policies on data messages associated with machines deployed in the container cluster configured by the first SDN controller cluster.
    Type: Application
    Filed: January 27, 2026
    Publication date: June 4, 2026
    Inventors: Jianjun Shen, Zhengsheng Zhou, Yves Fauser, Satya Jain, Snehal Shankar More, Indresh Mishra, Wenfeng Liu, Donghai Han
  • Patent number: 12645477
    Abstract: The disclosure provides an approach for cross-cluster service resource discovery. A method includes obtaining, at a common store in a first node cluster in a cluster set information about a service resource of a second node cluster. The method includes creating a multi-cluster object associated with the service resource, wherein the multi-cluster object provides an association between the service resource and one or more endpoints on the second node cluster. The method includes storing the multi-cluster object in the common store, wherein the multi-cluster object is accessible in the common store by any of the plurality of node clusters in the cluster set to access the service resource on any of the one or more endpoints on the second node cluster.
    Type: Grant
    Filed: July 28, 2022
    Date of Patent: June 2, 2026
    Assignee: VMware, Inc.
    Inventors: Lan Luo, Wenfeng Liu, Donghai Han, Jianjun Shen
  • Patent number: 12627632
    Abstract: The disclosure provides a method for isolated environments for containerized workloads within a virtual private cloud in a networking environment. The method generally includes defining, by a user, a subnet custom resource object for creating a subnet in the virtual private cloud, wherein defining the subnet custom resource object comprises defining a connectivity mode for the subnet; deploying the subnet custom resource object such that the subnet is created in the virtual private cloud with the connectivity mode specified for the subnet; defining, by the user, a subnet port custom resource object for assigning a node to the subnet, wherein one or more containerized workloads are running on the node; and deploying the subnet port custom resource object such that the node is assigned to the subnet.
    Type: Grant
    Filed: March 14, 2023
    Date of Patent: May 12, 2026
    Assignee: VMware LLC
    Inventors: Xiaopei Liu, Danting Liu, Jianjun Shen, Qian Sun, Wenfeng Liu, Donghai Han
  • Patent number: 12585484
    Abstract: Disclosed herein is a system and method for controlling network traffic among namespaces in which various entities, such as virtual machines, pod virtual machines, and a container orchestration system, such as Kubernetes, reside and operate. The entities have access to a network that includes one or more firewalls. The traffic that is permitted to flow over the network among and between the namespaces is defined by a security policy definition. The security policy definition is posted to a master node in a supervisor cluster that supports and provisions the namespaces. The master node invokes a network manager to generate a set of firewall rules and program the one or more firewalls in the network to enforce the rules.
    Type: Grant
    Filed: August 22, 2022
    Date of Patent: March 24, 2026
    Assignee: VMware, Inc.
    Inventors: Danting Liu, Qian Sun, Jianjun Shen, Wenfeng Liu, Donghai Han
  • Patent number: 12587499
    Abstract: Systems and methods for configuring an egress node for an egress pod set comprising one or more pods are provided. The egress pod set may be allocated one or more egress internet protocol (IP) addresses. The egress node may be selected among nodes of a cluster including the one or more pods. The egress node may be configured as the routing destination for an egress IP address selected among the one or more egress internet protocol (IP) addresses.
    Type: Grant
    Filed: June 21, 2023
    Date of Patent: March 24, 2026
    Assignee: VMware, Inc.
    Inventors: Quan Tian, Jianjun Shen, Donghai Han, Shuyang Xin, Wenqi Qiu
  • Patent number: 12542740
    Abstract: Some embodiments provide an automated method for defining externally routable Pods within a Kubernetes cluster. In some embodiments, the Pod operates in a guest cluster has its own VPC (virtual private cloud) network in a datacenter with several other guest clusters that have their own VPC networks and their own set of managers. In some embodiments, a Pod within a GC can be made externally routable so that it can be directly addressable from an external client outside of the Pod's network by using two new Kubernetes CRDs (custom resource definitions), which are an IPPool CRD and a RouteSet CRD. Examples of such external clients include VMs or Pods in another GC or a supervisor cluster connected to the particular GC through a gateway, or from a machine outside of the network of all of the GCs or SC.
    Type: Grant
    Filed: November 14, 2024
    Date of Patent: February 3, 2026
    Assignee: VMware LLC
    Inventors: Danting Liu, Qian Sun, Jianjun Shen, Wenfeng Liu, Donghai Han
  • Patent number: 12536059
    Abstract: A computer-implemented method for electing a leader in a computing system is provided. In one aspect, a method includes identifying a computing resource for multiple container groups that each include one or more containers. A determination is made, from applications running in containers of the container groups, of multiple election candidate applications. Each election candidate application has an instance deployed in a corresponding container in each container group. For each container group, an election runner process is established within the container group. For each instance of each of the election candidate applications, a corresponding election watcher process is established. A communication link is established between the election runner process and each election watcher process. A request for leader election is transmitted from the election runner process to the computing resource. A response received from the computing resource.
    Type: Grant
    Filed: October 5, 2022
    Date of Patent: January 27, 2026
    Assignee: VMware, Inc.
    Inventors: Xiaopei Liu, Zhengsheng Zhou, Wenfeng Liu, Donghai Han
  • Patent number: 12519707
    Abstract: Some embodiments provide a method for monitoring a multi-tenant network management system deployed in a cloud to manage groups of datacenters. The network management system includes multiple groups of service instances. For each respective group of service instances deployed in the cloud to manage a respective datacenter group, the method deploys a metrics collection agent within each service instance of the group of service instances to collect metrics from services of the service instance and provide the collected metrics to a metric monitoring service instance of the group of service instances. For each respective group of service instances, the method deploys a metrics collection manager within the metric monitoring service instance of the group of service instances. The metrics collection manager is for configuring each of the metrics collection agents deployed within the service instances of the group of service instances.
    Type: Grant
    Filed: August 8, 2023
    Date of Patent: January 6, 2026
    Assignee: VMware LLC
    Inventors: Ziyou Wang, Wenyu Zhang, Minjal Agarwal, Qiong Wang, Yuanhui Wang, Donghai Han
  • Publication number: 20250379852
    Abstract: Systems and methods for exchanging network information between member clusters include configuring a gateway pool of a member cluster, the gateway pool comprising a plurality of gateway nodes, the member cluster comprising the plurality of gateway nodes and one or more nodes, configuring a gateway node of the plurality of gateway nodes as an active gateway node for the member cluster, writing member cluster information to a storage, the member cluster information indicating address information of the gateway node, reading second member cluster information from the storage, the second member cluster information indicating address information of a gateway node of a second member cluster, establishing a tunnel between the gateway node and the second gateway node based on the second member cluster information, and communicating network traffic from at least one node of the member cluster to at least one node of the second member cluster via the tunnel.
    Type: Application
    Filed: August 25, 2025
    Publication date: December 11, 2025
    Inventors: Lan Luo, Jianjun Shen, Jiajing Hu, Wenfeng Liu, Donghai Han
  • Patent number: 12438842
    Abstract: Systems and methods for configuring an egress node for an egress pod set comprising one or more pods are provided. The egress pod set may be allocated one or more egress internet protocol (IP) addresses. The egress node may be selected among nodes of a cluster including the one or more pods. The egress node may be configured as the routing destination for an egress IP address selected among the one or more egress internet protocol (IP) addresses.
    Type: Grant
    Filed: June 21, 2023
    Date of Patent: October 7, 2025
    Assignee: VMware LLC
    Inventors: Quan Tian, Jianjun Shen, Donghai Han, Shuyang Xin, Wenqi Qiu
  • Patent number: 12413550
    Abstract: Example methods and systems for media access control (MAC) address assignment for virtual network interface cards (VNICs) are described. One example may involve a first computer system may determining a first MAC address portion that is uniquely associated with the first computer system. A first VNIC may be assigned with a first MAC address that includes (a) the first MAC address portion and (b) a third MAC address portion that is uniquely associated with the first VNIC on the first computer system. A second VNIC may be assigned with a second MAC address that includes (a) the first MAC address portion and (b) a fourth MAC address portion that is uniquely associated with the second VNIC on the first computer system. The first computer system may perform traffic handling by processing packets specifying the first MAC address or the second MAC address.
    Type: Grant
    Filed: February 6, 2023
    Date of Patent: September 9, 2025
    Assignee: VMware LLC
    Inventors: Kejia Cui, Lele Zhang, Qi Wu, Donghai Han, Honggang Liu
  • Patent number: 12401625
    Abstract: Systems and methods for exchanging network information between member clusters include configuring a gateway pool of a member cluster, the gateway pool comprising a plurality of gateway nodes, the member cluster comprising the plurality of gateway nodes and one or more nodes, configuring a gateway node of the plurality of gateway nodes as an active gateway node for the member cluster, writing member cluster information to a storage, the member cluster information indicating address information of the gateway node, reading second member cluster information from the storage, the second member cluster information indicating address information of a gateway node of a second member cluster, establishing a tunnel between the gateway node and the second gateway node based on the second member cluster information, and communicating network traffic from at least one node of the member cluster to at least one node of the second member cluster via the tunnel.
    Type: Grant
    Filed: March 6, 2023
    Date of Patent: August 26, 2025
    Assignee: VMware LLC
    Inventors: Lan Luo, Jianjun Shen, Jiajing Hu, Wenfeng Liu, Donghai Han
  • Publication number: 20250202773
    Abstract: Some embodiments provide a method of implementing service rules for a container cluster that is configured by a first SDN controller cluster. The method registers for event notification from an application programming interface (API) server to receive notification regarding events associated with resources deployed in the container cluster. The method forwards to a second SDN controller cluster resource identifiers collected through the registration for resources of the container cluster. The second SDN controller cluster defines service policies that are not defined by the first SDN controller cluster. The method receives, from the second SDN controller cluster, service policies defined by the second SDN controller cluster based on the resource identifiers. The method distributes service rules defined based on the service policies to network elements in the container cluster to enforce on data messages associated with machines deployed in the container cluster configured by the first SDN controller cluster.
    Type: Application
    Filed: February 26, 2025
    Publication date: June 19, 2025
    Inventors: Zhengsheng Zhou, Jianjun Shen, Quan Tian, Wenfeng Liu, Donghai Han
  • Publication number: 20250126095
    Abstract: A method for network address management is provided. Embodiments include determining a creation of a namespace associated with a cluster of computing devices, wherein a subset of computing resources of the cluster of computing devices is allocated to the namespace. Embodiments include assigning, to the namespace, a network address pool comprising a plurality of network addresses in a subnet, wherein the assigning causes the plurality of network addresses to be reserved exclusively for the namespace. Embodiments include receiving an indication that a pod is added to the namespace. Embodiments include, in response to the receiving of the indication, assigning a network address from the network address pool to the pod.
    Type: Application
    Filed: September 23, 2024
    Publication date: April 17, 2025
    Inventors: Xiaopei LIU, Jianjun SHEN, Donghai HAN, Wenfeng LIU, Danting LIU
  • Publication number: 20250126019
    Abstract: Some embodiments of the invention provide a method of implementing a virtualization software-based service mesh for a network that includes multiple host computers, each host computer including a set of virtualization software executing a set of application instances. For each host computer, the method deploys, to the set of virtualization software, an application service agent and an application service data plane that includes a set of data plane service mesh levels. The method configures the application service agent to apply policy rules defined for flows associated with the set of application instances to the flows on the application service data plane, and configures the application service data plane to forward the flows for the set of application instances to and from services provided at each data plane service mesh level in the set of data plane service mesh levels according to the policy rules applied by the application service agent.
    Type: Application
    Filed: November 15, 2023
    Publication date: April 17, 2025
    Inventors: Bo Lin, Zhengsheng Zhou, Donghai Han, Dongping Chen, Xiao Liang
  • Publication number: 20250126168
    Abstract: Some embodiments of the invention provide a method of performing end-user monitoring. At a health monitor that executes on a first host computer along with a client machine and a load balancer, to monitor health of a set of two or more servers that are candidate servers for processing packets from the client machine, the method exchanges health monitoring messages with each server in the set of servers to assess health of the servers in the set. At the health monitor, the method provides health data expressing health of the servers to the load balancer to use in determining how to distribute packets from the client machine between the servers in the set of servers.
    Type: Application
    Filed: November 15, 2023
    Publication date: April 17, 2025
    Inventors: Xiao Liang, Bo Lin, Dongping Chen, Xinyang Liu, Jingchun Jason Jiang, Yi Zeng, Donghai Han
  • Publication number: 20250117236
    Abstract: Site reliability engineering (SRE) may be provided as a service to software products, such as an on-premises software product residing at a first computing environment. A SRE service site may be hosted at a second computing environment that is remote and separate from the first computing environment. A SRE agent resides at the first computing environment to monitor the software product, and provides information, such as metric data or log information pertaining to the software product, to the SRE service site. A SRE service of the SRE service site performs analysis of the information to identify an issue with the software product, diagnosis to determine a cause of the issue, and identifies a remediation that may be applied by the SRE agent to address the issue.
    Type: Application
    Filed: October 8, 2023
    Publication date: April 10, 2025
    Applicant: VMware, Inc.
    Inventors: Ziyou WANG, Donghai HAN
  • Patent number: 12267212
    Abstract: Some embodiments provide a method of implementing service rules for a container cluster that is configured by a first SDN controller cluster. The method registers for event notification from an application programming interface (API) server to receive notification regarding events associated with resources deployed in the container cluster. The method forwards to a second SDN controller cluster resource identifiers collected through the registration for resources of the container cluster. The second SDN controller cluster defines service policies that are not defined by the first SDN controller cluster. The method receives, from the second SDN controller cluster, service policies defined by the second SDN controller cluster based on the resource identifiers. The method distributes service rules defined based on the service policies to network elements in the container cluster to enforce on data messages associated with machines deployed in the container cluster configured by the first SDN controller cluster.
    Type: Grant
    Filed: January 17, 2023
    Date of Patent: April 1, 2025
    Assignee: VMWare LLC
    Inventors: Zhengsheng Zhou, Jianjun Shen, Quan Tian, Wenfeng Liu, Donghai Han
  • Publication number: 20250106116
    Abstract: Some embodiments provide a method for using a first SDN controller as a Network Controller as a Service (NCaaS). The first SDN controller receives a first set of network attributes regarding network elements in a first container cluster configured by a second SDN controller, and a second set of network attributes regarding network elements in a second container cluster configured by a third SDN controller. These container clusters do not have a controller for defining particular network policies. Based on the sets of network attributes, the first SDN controller defines the particular network policies to control forwarding data messages between the first and second container clusters. The first SDN controller distributes at least a subset of the particular network policies to the first container cluster in order for network elements at the first container cluster to enforce on data messages exchanged between the first and second container clusters.
    Type: Application
    Filed: December 11, 2024
    Publication date: March 27, 2025
    Inventors: Zhengsheng Zhou, Jianjun Shen, Wenfeng Liu, Donghai Han
  • Patent number: 12255792
    Abstract: Some embodiments provide a method for performing data traffic monitoring. The method processes a packet through a packet processing pipeline that includes multiple stages. At a filtering stage, the method tags the packet with a set of monitoring actions for subsequent stages to perform on the packet based on a determination that the packet matches a particular filter. For each stage of a set of packet processing stages subsequent to the filtering stage, the method (i) executes any monitoring actions specified for the stage to perform on the packet and (ii) sends the packet to a next stage in the packet processing pipeline.
    Type: Grant
    Filed: September 25, 2023
    Date of Patent: March 18, 2025
    Assignee: VMWare LLC
    Inventors: Xi Cheng, Caixia Jiang, Dongrui Mo, Jingchun Jason Jiang, Xiaoyan Jin, Qiong Wang, Donghai Han