Patents by Inventor Donghai Han

Donghai Han has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12199833
    Abstract: Some embodiments provide a method for using a first SDN controller as a Network Controller as a Service (NCaaS). The first SDN controller receives a first set of network attributes regarding network elements in a first container cluster configured by a second SDN controller, and a second set of network attributes regarding network elements in a second container cluster configured by a third SDN controller. These container clusters do not have a controller for defining particular network policies. Based on the sets of network attributes, the first SDN controller defines the particular network policies to control forwarding data messages between the first and second container clusters. The first SDN controller distributes at least a subset of the particular network policies to the first container cluster in order for network elements at the first container cluster to enforce on data messages exchanged between the first and second container clusters.
    Type: Grant
    Filed: January 17, 2023
    Date of Patent: January 14, 2025
    Assignee: VMware LLC
    Inventors: Zhengsheng Zhou, Jianjun Shen, Wenfeng Liu, Donghai Han
  • Publication number: 20250016077
    Abstract: Some embodiments provide a method for monitoring a multi-tenant network management system deployed in a public cloud to manage groups of datacenters. Each respective datacenter group includes one or more datacenters of a respective tenant that defines the datacenter group. For each datacenter group of a set of datacenter groups managed by the multi-network management system, the method deploys a set of network management service instances in the cloud specified by the tenant for the datacenter group. Each of the network management service instances provides a specified service to the datacenters of the datacenter group. For each datacenter group, the method deploys a metric monitoring service instance in the cloud for the datacenter group. The metric monitoring service instance is for collecting and analyzing metrics from services belonging to each of the network management service instances deployed for the datacenter group.
    Type: Application
    Filed: August 8, 2023
    Publication date: January 9, 2025
    Inventors: Ziyou Wang, Wenyu Zhang, Minjal Agarwal, Qiong Wang, Yuanhui Wang, Donghai Han
  • Publication number: 20250016074
    Abstract: Some embodiments provide a method for monitoring a multi-tenant network management system deployed in a cloud to manage groups of datacenters. The network management system includes multiple groups of service instances. For each respective group of service instances deployed in the cloud to manage a respective datacenter group, the method deploys a metrics collection agent within each service instance of the group of service instances to collect metrics from services of the service instance and provide the collected metrics to a metric monitoring service instance of the group of service instances. For each respective group of service instances, the method deploys a metrics collection manager within the metric monitoring service instance of the group of service instances. The metrics collection manager is for configuring each of the metrics collection agents deployed within the service instances of the group of service instances.
    Type: Application
    Filed: August 8, 2023
    Publication date: January 9, 2025
    Inventors: Ziyou Wang, Wenyu Zhang, Minjal Agarwal, Qiong Wang, Yuanhui Wang, Donghai Han
  • Publication number: 20250007809
    Abstract: Some embodiments of the invention provide a method for performing dynamic packet tracing in a network that includes a network controller and multiple host computers, each host computer including a set of packet processing stages for processing packet flows in the network. The method is performed for each packet processing stage in the set of packet processing stages at a particular host computer in the network. The method provides to the packet processing stage a set of trace instructions for use in generating a set of trace data when processing packets belonging to a particular packet flow for which a packet tracing operation has been defined. The method receives from the packet processing stage the set of trace data generated during processing of a packet belonging to the particular packet flow.
    Type: Application
    Filed: July 14, 2023
    Publication date: January 2, 2025
    Inventors: Jin Liu, Caixia Jiang, Xiaoyan Jin, Qiong Wang, Donghai Han
  • Patent number: 12175276
    Abstract: In an embodiment, a computer-implemented method for dynamically exchanging runtime state data between datacenters with a gateway using a controller bridge is disclosed. In an embodiment, the method comprises: receiving one or more first runtime state data from one or more logical sharding central control planes (“CCPs”) controlling one or more logical sharding hosts; receiving one or more second runtime state data from a gateway that is controlled by a CCP that also controls one or more physical sharding hosts; aggregating to aggregated runtime state data, the one or more first runtime state data received from the one or more logical sharding CCPs and the one or more second runtime state data received from the gateway; determining updated runtime state data based on the aggregated runtime state data, the one or more first runtime state data, and the one or more second runtime state data; and transmitting the updated runtime state data to at least one of the one or more logical sharding CCPs and the gateway.
    Type: Grant
    Filed: June 16, 2023
    Date of Patent: December 24, 2024
    Assignee: VMware LLC
    Inventors: Da Wan, Jianjun Shen, Feng Pan, Pankaj Thakkar, Donghai Han
  • Patent number: 12177124
    Abstract: Some embodiments provide an automated method for defining externally routable Pods within a Kubernetes cluster. In some embodiments, the Pod operates in a guest cluster has its own VPC (virtual private cloud) network in a datacenter with several other guest clusters that have their own VPC networks and their own set of managers. In some embodiments, a Pod within a GC can be made externally routable so that it can be directly addressable from an external client outside of the Pod's network by using two new Kubernetes CRDs (custom resource definitions), which are an IPPool CRD and a RouteSet CRD. Examples of such external clients include VMs or Pods in another GC or a supervisor cluster connected to the particular GC through a gateway, or from a machine outside of the network of all of the GCs or SC.
    Type: Grant
    Filed: October 4, 2022
    Date of Patent: December 24, 2024
    Assignee: VMware LLC
    Inventors: Danting Liu, Qian Sun, Jianjun Shen, Wenfeng Liu, Donghai Han
  • Patent number: 12155718
    Abstract: An example method of distributed load balancing in a virtualized computing system includes: configuring, at a logical load balancer, a traffic detector to detect traffic to a virtual internet protocol address (VIP) of an application having a plurality of instances; detecting, at the traffic detector, a first request to the VIP from a client executing in a virtual machine (VM) supported by a hypervisor executing on a first host; sending, by a configuration distributor of the logical load balancer in response to the detecting, a load balancer configuration to a configuration receiver of a local load balancer executing in the hypervisor for configuring the local load balancer to perform load balancing for the VIP at the hypervisor using the load balancer configuration.
    Type: Grant
    Filed: March 17, 2023
    Date of Patent: November 26, 2024
    Assignee: VMware LLC
    Inventors: DongPing Chen, Jingchun Jiang, Bo Lin, Xinyang Liu, Donghai Han, Xiao Liang, Yi Zeng
  • Patent number: 12155628
    Abstract: Example methods are provided for a destination host to implement a firewall in a virtualized computing environment that includes the destination host and a source host. The method may comprise receiving, via a physical network interface controller (PNIC) of the destination host, an ingress packet sent by the source host. The ingress packet may be destined for a destination virtualized computing instance that is supported by the destination host and associated with a destination virtual network interface controller (VNIC). The method may further comprise retrieving a PNIC-level firewall rule associated with the destination virtualized computing instance, the PNIC-level firewall rule being applicable at the PNIC and generated by based on a VNIC-level firewall rule applicable at the destination VNIC. In response to determination that the PNIC-level firewall rule blocks the ingress packet from passing through, the ingress packet may be dropped such that the ingress packet is not sent to the destination VNIC.
    Type: Grant
    Filed: May 12, 2023
    Date of Patent: November 26, 2024
    Assignee: Nicira, Inc.
    Inventor: Donghai Han
  • Publication number: 20240388523
    Abstract: Systems and methods for configuring an egress node for an egress pod set comprising one or more pods are provided. The egress pod set may be allocated one or more egress internet protocol (IP) addresses. The egress node may be selected among nodes of a cluster including the one or more pods. The egress node may be configured as the routing destination for an egress IP address selected among the one or more egress internet protocol (IP) addresses.
    Type: Application
    Filed: June 21, 2023
    Publication date: November 21, 2024
    Inventors: Quan Tian, Jianjun Shen, Donghai Han, Shuyang Xin, Wenqi Qiu
  • Publication number: 20240388559
    Abstract: Systems and methods for configuring an egress node for an egress pod set comprising one or more pods are provided. The egress pod set may be allocated one or more egress internet protocol (IP) addresses. The egress node may be selected among nodes of a cluster including the one or more pods. The egress node may be configured as the routing destination for an egress IP address selected among the one or more egress internet protocol (IP) addresses.
    Type: Application
    Filed: June 21, 2023
    Publication date: November 21, 2024
    Inventors: Quan Tian, Jianjun Shen, Donghai Han, Shuyang Xin, Wenqi Qiu
  • Patent number: 12120088
    Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.
    Type: Grant
    Filed: June 10, 2020
    Date of Patent: October 15, 2024
    Assignee: VMware LLC
    Inventors: Zhengsheng Zhou, Kai Su, Jackie Lan, Danting Liu, Qian Sun, Donghai Han
  • Patent number: 12101244
    Abstract: Some embodiments of the invention provide a method of performing layer 7 (L7) packet processing for a set of Pods executing on a host computer, the set of Pods managed by a container orchestration platform. The method is performed at the host computer. The method receives notification of a creation of a traffic control (TC) custom resource (CR) that is defined by reference to a TC custom resource definition (CRD). The method identifies a set of interfaces of a set of one or more managed forwarding elements (MFEs) executing on the host computer that are candidate interfaces for receiving flows that need to be directed based on the TC CR to a layer 7 packet processor. Based on the identified set of interfaces, the method provides a set of flow records to the set of MFEs to process in order to direct a subset of flows that the set of MFEs receive to the layer 7 packet processor.
    Type: Grant
    Filed: July 14, 2023
    Date of Patent: September 24, 2024
    Assignee: VMware LLC
    Inventors: Quan Tian, Jianjun Shen, Yang Ding, Donghai Han
  • Patent number: 12101292
    Abstract: A method for network address management is provided. Embodiments include determining a creation of a namespace associated with a cluster of computing devices, wherein a subset of computing resources of the cluster of computing devices is allocated to the namespace. Embodiments include assigning, to the namespace, a network address pool comprising a plurality of network addresses in a subnet, wherein the assigning causes the plurality of network addresses to be reserved exclusively for the namespace. Embodiments include receiving an indication that a pod is added to the namespace. Embodiments include, in response to the receiving of the indication, assigning a network address from the network address pool to the pod.
    Type: Grant
    Filed: August 17, 2022
    Date of Patent: September 24, 2024
    Assignee: VMware LLC
    Inventors: Xiaopei Liu, Jianjun Shen, Donghai Han, Wenfeng Liu, Danting Liu
  • Publication number: 20240314104
    Abstract: The disclosure provides a method for isolated environments for containerized workloads within a virtual private cloud in a networking environment. The method generally includes defining, by a user, a subnet custom resource object for creating a subnet in the virtual private cloud, wherein defining the subnet custom resource object comprises defining a connectivity mode for the subnet; deploying the subnet custom resource object such that the subnet is created in the virtual private cloud with the connectivity mode specified for the subnet; defining, by the user, a subnet port custom resource object for assigning a node to the subnet, wherein one or more containerized workloads are running on the node; and deploying the subnet port custom resource object such that the node is assigned to the subnet.
    Type: Application
    Filed: March 14, 2023
    Publication date: September 19, 2024
    Inventors: Xiaopei Liu, Danting Liu, Jianjun Shen, Qian Sun, Wenfeng Liu, Donghai Han
  • Publication number: 20240251010
    Abstract: An example method of distributed load balancing in a virtualized computing system includes: configuring, at a logical load balancer, a traffic detector to detect traffic to a virtual internet protocol address (VIP) of an application having a plurality of instances; detecting, at the traffic detector, a first request to the VIP from a client executing in a virtual machine (VM) supported by a hypervisor executing on a first host; sending, by a configuration distributor of the logical load balancer in response to the detecting, a load balancer configuration to a configuration receiver of a local load balancer executing in the hypervisor for configuring the local load balancer to perform load balancing for the VIP at the hypervisor using the load balancer configuration.
    Type: Application
    Filed: March 17, 2023
    Publication date: July 25, 2024
    Inventors: DongPing CHEN, Jingchun JIANG, Bo LIN, Xinyang LIU, Donghai HAN, Xiao LIANG, Yi ZENG
  • Publication number: 20240244037
    Abstract: Systems and methods for exchanging network information between member clusters include configuring a gateway pool of a member cluster, the gateway pool comprising a plurality of gateway nodes, the member cluster comprising the plurality of gateway nodes and one or more nodes, configuring a gateway node of the plurality of gateway nodes as an active gateway node for the member cluster, writing member cluster information to a storage, the member cluster information indicating address information of the gateway node, reading second member cluster information from the storage, the second member cluster information indicating address information of a gateway node of a second member cluster, establishing a tunnel between the gateway node and the second gateway node based on the second member cluster information, and communicating network traffic from at least one node of the member cluster to at least one node of the second member cluster via the tunnel.
    Type: Application
    Filed: March 6, 2023
    Publication date: July 18, 2024
    Inventors: Lan Luo, Jianjun Shen, Jiajing Hu, Wenfeng Liu, Donghai Han
  • Publication number: 20240241874
    Abstract: Certain embodiments described herein are generally directed to techniques for distributing configuration information in a network. Embodiments include receiving, by a database node running on a computing device, from a parent component, configuration information with respect to one or more logical entities and span information indicating one or more respective host computers related to each of the one or more logical entities. Embodiments include determining a first subset of the configuration information and a first subset of the span information to provide to a first child database node based on a first set of host computers associated with the first child database node. Embodiments include determining a second subset of the configuration information and a second subset of the span information to provide to a second child database node based on a second set of host computers associated with the second child database node.
    Type: Application
    Filed: May 5, 2023
    Publication date: July 18, 2024
    Inventors: Ziyou WANG, Donghai HAN
  • Publication number: 20240244053
    Abstract: An example method of packet capture in a container orchestration (CO) system includes: receiving, from a user interface executing on a client device, a packet capture request from a user at a packet capture agent executing in a node of the CO system; authenticating and authorizing, by the packet capture agent in cooperation with an application programming interface (API) server executing in a master server of the CO system, the user specified in the packet capture request; capturing, by the packet capture agent, packets from at least one network interface based on the packet capture request; and returning information based on the packets as captured from the packet capture agent to the user interface.
    Type: Application
    Filed: March 17, 2023
    Publication date: July 18, 2024
    Inventors: Quan TIAN, Wenfeng LIU, Jianjun SHEN, Donghai HAN
  • Publication number: 20240205184
    Abstract: Example methods and systems for media access control (MAC) address assignment for virtual network interface cards (VNICs) are described. One example may involve a first computer system may determining a first MAC address portion that is uniquely associated with the first computer system. A first VNIC may be assigned with a first MAC address that includes (a) the first MAC address portion and (b) a third MAC address portion that is uniquely associated with the first VNIC on the first computer system. A second VNIC may be assigned with a second MAC address that includes (a) the first MAC address portion and (b) a fourth MAC address portion that is uniquely associated with the second VNIC on the first computer system. The first computer system may perform traffic handling by processing packets specifying the first MAC address or the second MAC address.
    Type: Application
    Filed: February 6, 2023
    Publication date: June 20, 2024
    Applicant: VMware, Inc.
    Inventors: Kejia CUI, Lele ZHANG, Qi WU, Donghai HAN, Honggang LIU
  • Publication number: 20240179066
    Abstract: Some embodiments provide a novel method for defining policies for a container cluster that is configured by a first software defined network (SDN) controller cluster. A second SDN controller cluster for defining service policies that are not defined by the first SDN controller cluster receives, from a set of one or more adapters deployed in the container cluster for the second SDN controller cluster, resource identifiers for several resources of the container cluster. The second SDN controller cluster uses the resource identifiers to define a set of service policies. Then, the second SDN controller cluster distributes the set of service policies to a set of network elements to enforce the set of service policies on data messages associated with machines deployed in the container cluster configured by the first SDN controller cluster.
    Type: Application
    Filed: January 17, 2023
    Publication date: May 30, 2024
    Inventors: Jianjun Shen, Zhengsheng Zhou, Yves Fauser, Satya Jain, Snehal Shankar More, Indresh Mishra, Wenfeng Liu, Donghai Han