Patents by Inventor Donghai Han
Donghai Han has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20260156037Abstract: Policies are defined for a container cluster that is configured by a first software defined network (SDN) controller cluster. A second SDN controller cluster for defining service policies that are not defined by the first SDN controller cluster receives, from a set of one or more adapters deployed in the container cluster for the second SDN controller cluster, resource identifiers for several resources of the container cluster. The second SDN controller cluster uses the resource identifiers to define a set of service policies. Then, the second SDN controller cluster distributes the set of service policies to a set of network elements to enforce the set of service policies on data messages associated with machines deployed in the container cluster configured by the first SDN controller cluster.Type: ApplicationFiled: January 27, 2026Publication date: June 4, 2026Inventors: Jianjun Shen, Zhengsheng Zhou, Yves Fauser, Satya Jain, Snehal Shankar More, Indresh Mishra, Wenfeng Liu, Donghai Han
-
Patent number: 12645477Abstract: The disclosure provides an approach for cross-cluster service resource discovery. A method includes obtaining, at a common store in a first node cluster in a cluster set information about a service resource of a second node cluster. The method includes creating a multi-cluster object associated with the service resource, wherein the multi-cluster object provides an association between the service resource and one or more endpoints on the second node cluster. The method includes storing the multi-cluster object in the common store, wherein the multi-cluster object is accessible in the common store by any of the plurality of node clusters in the cluster set to access the service resource on any of the one or more endpoints on the second node cluster.Type: GrantFiled: July 28, 2022Date of Patent: June 2, 2026Assignee: VMware, Inc.Inventors: Lan Luo, Wenfeng Liu, Donghai Han, Jianjun Shen
-
Patent number: 12627632Abstract: The disclosure provides a method for isolated environments for containerized workloads within a virtual private cloud in a networking environment. The method generally includes defining, by a user, a subnet custom resource object for creating a subnet in the virtual private cloud, wherein defining the subnet custom resource object comprises defining a connectivity mode for the subnet; deploying the subnet custom resource object such that the subnet is created in the virtual private cloud with the connectivity mode specified for the subnet; defining, by the user, a subnet port custom resource object for assigning a node to the subnet, wherein one or more containerized workloads are running on the node; and deploying the subnet port custom resource object such that the node is assigned to the subnet.Type: GrantFiled: March 14, 2023Date of Patent: May 12, 2026Assignee: VMware LLCInventors: Xiaopei Liu, Danting Liu, Jianjun Shen, Qian Sun, Wenfeng Liu, Donghai Han
-
Patent number: 12585484Abstract: Disclosed herein is a system and method for controlling network traffic among namespaces in which various entities, such as virtual machines, pod virtual machines, and a container orchestration system, such as Kubernetes, reside and operate. The entities have access to a network that includes one or more firewalls. The traffic that is permitted to flow over the network among and between the namespaces is defined by a security policy definition. The security policy definition is posted to a master node in a supervisor cluster that supports and provisions the namespaces. The master node invokes a network manager to generate a set of firewall rules and program the one or more firewalls in the network to enforce the rules.Type: GrantFiled: August 22, 2022Date of Patent: March 24, 2026Assignee: VMware, Inc.Inventors: Danting Liu, Qian Sun, Jianjun Shen, Wenfeng Liu, Donghai Han
-
Patent number: 12587499Abstract: Systems and methods for configuring an egress node for an egress pod set comprising one or more pods are provided. The egress pod set may be allocated one or more egress internet protocol (IP) addresses. The egress node may be selected among nodes of a cluster including the one or more pods. The egress node may be configured as the routing destination for an egress IP address selected among the one or more egress internet protocol (IP) addresses.Type: GrantFiled: June 21, 2023Date of Patent: March 24, 2026Assignee: VMware, Inc.Inventors: Quan Tian, Jianjun Shen, Donghai Han, Shuyang Xin, Wenqi Qiu
-
Patent number: 12542740Abstract: Some embodiments provide an automated method for defining externally routable Pods within a Kubernetes cluster. In some embodiments, the Pod operates in a guest cluster has its own VPC (virtual private cloud) network in a datacenter with several other guest clusters that have their own VPC networks and their own set of managers. In some embodiments, a Pod within a GC can be made externally routable so that it can be directly addressable from an external client outside of the Pod's network by using two new Kubernetes CRDs (custom resource definitions), which are an IPPool CRD and a RouteSet CRD. Examples of such external clients include VMs or Pods in another GC or a supervisor cluster connected to the particular GC through a gateway, or from a machine outside of the network of all of the GCs or SC.Type: GrantFiled: November 14, 2024Date of Patent: February 3, 2026Assignee: VMware LLCInventors: Danting Liu, Qian Sun, Jianjun Shen, Wenfeng Liu, Donghai Han
-
Patent number: 12536059Abstract: A computer-implemented method for electing a leader in a computing system is provided. In one aspect, a method includes identifying a computing resource for multiple container groups that each include one or more containers. A determination is made, from applications running in containers of the container groups, of multiple election candidate applications. Each election candidate application has an instance deployed in a corresponding container in each container group. For each container group, an election runner process is established within the container group. For each instance of each of the election candidate applications, a corresponding election watcher process is established. A communication link is established between the election runner process and each election watcher process. A request for leader election is transmitted from the election runner process to the computing resource. A response received from the computing resource.Type: GrantFiled: October 5, 2022Date of Patent: January 27, 2026Assignee: VMware, Inc.Inventors: Xiaopei Liu, Zhengsheng Zhou, Wenfeng Liu, Donghai Han
-
Patent number: 12519707Abstract: Some embodiments provide a method for monitoring a multi-tenant network management system deployed in a cloud to manage groups of datacenters. The network management system includes multiple groups of service instances. For each respective group of service instances deployed in the cloud to manage a respective datacenter group, the method deploys a metrics collection agent within each service instance of the group of service instances to collect metrics from services of the service instance and provide the collected metrics to a metric monitoring service instance of the group of service instances. For each respective group of service instances, the method deploys a metrics collection manager within the metric monitoring service instance of the group of service instances. The metrics collection manager is for configuring each of the metrics collection agents deployed within the service instances of the group of service instances.Type: GrantFiled: August 8, 2023Date of Patent: January 6, 2026Assignee: VMware LLCInventors: Ziyou Wang, Wenyu Zhang, Minjal Agarwal, Qiong Wang, Yuanhui Wang, Donghai Han
-
Publication number: 20250379852Abstract: Systems and methods for exchanging network information between member clusters include configuring a gateway pool of a member cluster, the gateway pool comprising a plurality of gateway nodes, the member cluster comprising the plurality of gateway nodes and one or more nodes, configuring a gateway node of the plurality of gateway nodes as an active gateway node for the member cluster, writing member cluster information to a storage, the member cluster information indicating address information of the gateway node, reading second member cluster information from the storage, the second member cluster information indicating address information of a gateway node of a second member cluster, establishing a tunnel between the gateway node and the second gateway node based on the second member cluster information, and communicating network traffic from at least one node of the member cluster to at least one node of the second member cluster via the tunnel.Type: ApplicationFiled: August 25, 2025Publication date: December 11, 2025Inventors: Lan Luo, Jianjun Shen, Jiajing Hu, Wenfeng Liu, Donghai Han
-
Patent number: 12438842Abstract: Systems and methods for configuring an egress node for an egress pod set comprising one or more pods are provided. The egress pod set may be allocated one or more egress internet protocol (IP) addresses. The egress node may be selected among nodes of a cluster including the one or more pods. The egress node may be configured as the routing destination for an egress IP address selected among the one or more egress internet protocol (IP) addresses.Type: GrantFiled: June 21, 2023Date of Patent: October 7, 2025Assignee: VMware LLCInventors: Quan Tian, Jianjun Shen, Donghai Han, Shuyang Xin, Wenqi Qiu
-
Patent number: 12413550Abstract: Example methods and systems for media access control (MAC) address assignment for virtual network interface cards (VNICs) are described. One example may involve a first computer system may determining a first MAC address portion that is uniquely associated with the first computer system. A first VNIC may be assigned with a first MAC address that includes (a) the first MAC address portion and (b) a third MAC address portion that is uniquely associated with the first VNIC on the first computer system. A second VNIC may be assigned with a second MAC address that includes (a) the first MAC address portion and (b) a fourth MAC address portion that is uniquely associated with the second VNIC on the first computer system. The first computer system may perform traffic handling by processing packets specifying the first MAC address or the second MAC address.Type: GrantFiled: February 6, 2023Date of Patent: September 9, 2025Assignee: VMware LLCInventors: Kejia Cui, Lele Zhang, Qi Wu, Donghai Han, Honggang Liu
-
Patent number: 12401625Abstract: Systems and methods for exchanging network information between member clusters include configuring a gateway pool of a member cluster, the gateway pool comprising a plurality of gateway nodes, the member cluster comprising the plurality of gateway nodes and one or more nodes, configuring a gateway node of the plurality of gateway nodes as an active gateway node for the member cluster, writing member cluster information to a storage, the member cluster information indicating address information of the gateway node, reading second member cluster information from the storage, the second member cluster information indicating address information of a gateway node of a second member cluster, establishing a tunnel between the gateway node and the second gateway node based on the second member cluster information, and communicating network traffic from at least one node of the member cluster to at least one node of the second member cluster via the tunnel.Type: GrantFiled: March 6, 2023Date of Patent: August 26, 2025Assignee: VMware LLCInventors: Lan Luo, Jianjun Shen, Jiajing Hu, Wenfeng Liu, Donghai Han
-
Publication number: 20250202773Abstract: Some embodiments provide a method of implementing service rules for a container cluster that is configured by a first SDN controller cluster. The method registers for event notification from an application programming interface (API) server to receive notification regarding events associated with resources deployed in the container cluster. The method forwards to a second SDN controller cluster resource identifiers collected through the registration for resources of the container cluster. The second SDN controller cluster defines service policies that are not defined by the first SDN controller cluster. The method receives, from the second SDN controller cluster, service policies defined by the second SDN controller cluster based on the resource identifiers. The method distributes service rules defined based on the service policies to network elements in the container cluster to enforce on data messages associated with machines deployed in the container cluster configured by the first SDN controller cluster.Type: ApplicationFiled: February 26, 2025Publication date: June 19, 2025Inventors: Zhengsheng Zhou, Jianjun Shen, Quan Tian, Wenfeng Liu, Donghai Han
-
Publication number: 20250126095Abstract: A method for network address management is provided. Embodiments include determining a creation of a namespace associated with a cluster of computing devices, wherein a subset of computing resources of the cluster of computing devices is allocated to the namespace. Embodiments include assigning, to the namespace, a network address pool comprising a plurality of network addresses in a subnet, wherein the assigning causes the plurality of network addresses to be reserved exclusively for the namespace. Embodiments include receiving an indication that a pod is added to the namespace. Embodiments include, in response to the receiving of the indication, assigning a network address from the network address pool to the pod.Type: ApplicationFiled: September 23, 2024Publication date: April 17, 2025Inventors: Xiaopei LIU, Jianjun SHEN, Donghai HAN, Wenfeng LIU, Danting LIU
-
Publication number: 20250126019Abstract: Some embodiments of the invention provide a method of implementing a virtualization software-based service mesh for a network that includes multiple host computers, each host computer including a set of virtualization software executing a set of application instances. For each host computer, the method deploys, to the set of virtualization software, an application service agent and an application service data plane that includes a set of data plane service mesh levels. The method configures the application service agent to apply policy rules defined for flows associated with the set of application instances to the flows on the application service data plane, and configures the application service data plane to forward the flows for the set of application instances to and from services provided at each data plane service mesh level in the set of data plane service mesh levels according to the policy rules applied by the application service agent.Type: ApplicationFiled: November 15, 2023Publication date: April 17, 2025Inventors: Bo Lin, Zhengsheng Zhou, Donghai Han, Dongping Chen, Xiao Liang
-
Publication number: 20250126168Abstract: Some embodiments of the invention provide a method of performing end-user monitoring. At a health monitor that executes on a first host computer along with a client machine and a load balancer, to monitor health of a set of two or more servers that are candidate servers for processing packets from the client machine, the method exchanges health monitoring messages with each server in the set of servers to assess health of the servers in the set. At the health monitor, the method provides health data expressing health of the servers to the load balancer to use in determining how to distribute packets from the client machine between the servers in the set of servers.Type: ApplicationFiled: November 15, 2023Publication date: April 17, 2025Inventors: Xiao Liang, Bo Lin, Dongping Chen, Xinyang Liu, Jingchun Jason Jiang, Yi Zeng, Donghai Han
-
Publication number: 20250117236Abstract: Site reliability engineering (SRE) may be provided as a service to software products, such as an on-premises software product residing at a first computing environment. A SRE service site may be hosted at a second computing environment that is remote and separate from the first computing environment. A SRE agent resides at the first computing environment to monitor the software product, and provides information, such as metric data or log information pertaining to the software product, to the SRE service site. A SRE service of the SRE service site performs analysis of the information to identify an issue with the software product, diagnosis to determine a cause of the issue, and identifies a remediation that may be applied by the SRE agent to address the issue.Type: ApplicationFiled: October 8, 2023Publication date: April 10, 2025Applicant: VMware, Inc.Inventors: Ziyou WANG, Donghai HAN
-
Patent number: 12267212Abstract: Some embodiments provide a method of implementing service rules for a container cluster that is configured by a first SDN controller cluster. The method registers for event notification from an application programming interface (API) server to receive notification regarding events associated with resources deployed in the container cluster. The method forwards to a second SDN controller cluster resource identifiers collected through the registration for resources of the container cluster. The second SDN controller cluster defines service policies that are not defined by the first SDN controller cluster. The method receives, from the second SDN controller cluster, service policies defined by the second SDN controller cluster based on the resource identifiers. The method distributes service rules defined based on the service policies to network elements in the container cluster to enforce on data messages associated with machines deployed in the container cluster configured by the first SDN controller cluster.Type: GrantFiled: January 17, 2023Date of Patent: April 1, 2025Assignee: VMWare LLCInventors: Zhengsheng Zhou, Jianjun Shen, Quan Tian, Wenfeng Liu, Donghai Han
-
Publication number: 20250106116Abstract: Some embodiments provide a method for using a first SDN controller as a Network Controller as a Service (NCaaS). The first SDN controller receives a first set of network attributes regarding network elements in a first container cluster configured by a second SDN controller, and a second set of network attributes regarding network elements in a second container cluster configured by a third SDN controller. These container clusters do not have a controller for defining particular network policies. Based on the sets of network attributes, the first SDN controller defines the particular network policies to control forwarding data messages between the first and second container clusters. The first SDN controller distributes at least a subset of the particular network policies to the first container cluster in order for network elements at the first container cluster to enforce on data messages exchanged between the first and second container clusters.Type: ApplicationFiled: December 11, 2024Publication date: March 27, 2025Inventors: Zhengsheng Zhou, Jianjun Shen, Wenfeng Liu, Donghai Han
-
Patent number: 12255792Abstract: Some embodiments provide a method for performing data traffic monitoring. The method processes a packet through a packet processing pipeline that includes multiple stages. At a filtering stage, the method tags the packet with a set of monitoring actions for subsequent stages to perform on the packet based on a determination that the packet matches a particular filter. For each stage of a set of packet processing stages subsequent to the filtering stage, the method (i) executes any monitoring actions specified for the stage to perform on the packet and (ii) sends the packet to a next stage in the packet processing pipeline.Type: GrantFiled: September 25, 2023Date of Patent: March 18, 2025Assignee: VMWare LLCInventors: Xi Cheng, Caixia Jiang, Dongrui Mo, Jingchun Jason Jiang, Xiaoyan Jin, Qiong Wang, Donghai Han