Patents by Inventor Jianjun SHEN

Jianjun SHEN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20250202773
    Abstract: Some embodiments provide a method of implementing service rules for a container cluster that is configured by a first SDN controller cluster. The method registers for event notification from an application programming interface (API) server to receive notification regarding events associated with resources deployed in the container cluster. The method forwards to a second SDN controller cluster resource identifiers collected through the registration for resources of the container cluster. The second SDN controller cluster defines service policies that are not defined by the first SDN controller cluster. The method receives, from the second SDN controller cluster, service policies defined by the second SDN controller cluster based on the resource identifiers. The method distributes service rules defined based on the service policies to network elements in the container cluster to enforce on data messages associated with machines deployed in the container cluster configured by the first SDN controller cluster.
    Type: Application
    Filed: February 26, 2025
    Publication date: June 19, 2025
    Inventors: Zhengsheng Zhou, Jianjun Shen, Quan Tian, Wenfeng Liu, Donghai Han
  • Patent number: 12301382
    Abstract: Some embodiments of the invention provide a method for processing data messages for routable subnets of a logical network, the logical network implemented by a software-defined network (SDN) and connecting multiple machines. The method receives an inbound data message. The method performs a DNAT (destination network address translation) operation on the received data message to identify a record associated with a destination IP (Internet protocol) address of the data message. From the record, the method identifies a VLAN (virtual local area network) identifier, an LNI (logical network identifier), and a destination host computer IP address for the data message. The method encapsulates the data message with an outer header containing the destination host computer IP address and the VLAN identifier. The method forwards the encapsulated data message to the destination host computer.
    Type: Grant
    Filed: April 19, 2022
    Date of Patent: May 13, 2025
    Assignee: VMWare LLC
    Inventors: Jianjun Shen, Ran Gu, Caixia Jiang, Yves Fauser
  • Publication number: 20250126095
    Abstract: A method for network address management is provided. Embodiments include determining a creation of a namespace associated with a cluster of computing devices, wherein a subset of computing resources of the cluster of computing devices is allocated to the namespace. Embodiments include assigning, to the namespace, a network address pool comprising a plurality of network addresses in a subnet, wherein the assigning causes the plurality of network addresses to be reserved exclusively for the namespace. Embodiments include receiving an indication that a pod is added to the namespace. Embodiments include, in response to the receiving of the indication, assigning a network address from the network address pool to the pod.
    Type: Application
    Filed: September 23, 2024
    Publication date: April 17, 2025
    Inventors: Xiaopei LIU, Jianjun SHEN, Donghai HAN, Wenfeng LIU, Danting LIU
  • Publication number: 20250119422
    Abstract: The disclosure provides a method for authenticating a network agent deployed in a networking environment. The method generally includes receiving, by a network controller in the networking environment, a name of an external node where the network agent is running and a token associated with the external node; in response to receiving the name of the external node, obtaining, by the network controller, a secret associated with the token; parsing, by the network controller, the secret to determine an expected external node name corresponding to the token; comparing the expected external node name with the received external node name; and trusting the network agent when the expected external node name and the received external node name match.
    Type: Application
    Filed: October 5, 2023
    Publication date: April 10, 2025
    Inventors: Wenying Dong, Jianjun Shen, Rahul Jain, Quan Tian, Mengdie Song, Xu Liu
  • Patent number: 12267212
    Abstract: Some embodiments provide a method of implementing service rules for a container cluster that is configured by a first SDN controller cluster. The method registers for event notification from an application programming interface (API) server to receive notification regarding events associated with resources deployed in the container cluster. The method forwards to a second SDN controller cluster resource identifiers collected through the registration for resources of the container cluster. The second SDN controller cluster defines service policies that are not defined by the first SDN controller cluster. The method receives, from the second SDN controller cluster, service policies defined by the second SDN controller cluster based on the resource identifiers. The method distributes service rules defined based on the service policies to network elements in the container cluster to enforce on data messages associated with machines deployed in the container cluster configured by the first SDN controller cluster.
    Type: Grant
    Filed: January 17, 2023
    Date of Patent: April 1, 2025
    Assignee: VMWare LLC
    Inventors: Zhengsheng Zhou, Jianjun Shen, Quan Tian, Wenfeng Liu, Donghai Han
  • Publication number: 20250106116
    Abstract: Some embodiments provide a method for using a first SDN controller as a Network Controller as a Service (NCaaS). The first SDN controller receives a first set of network attributes regarding network elements in a first container cluster configured by a second SDN controller, and a second set of network attributes regarding network elements in a second container cluster configured by a third SDN controller. These container clusters do not have a controller for defining particular network policies. Based on the sets of network attributes, the first SDN controller defines the particular network policies to control forwarding data messages between the first and second container clusters. The first SDN controller distributes at least a subset of the particular network policies to the first container cluster in order for network elements at the first container cluster to enforce on data messages exchanged between the first and second container clusters.
    Type: Application
    Filed: December 11, 2024
    Publication date: March 27, 2025
    Inventors: Zhengsheng Zhou, Jianjun Shen, Wenfeng Liu, Donghai Han
  • Publication number: 20250071059
    Abstract: Some embodiments provide an automated method for defining externally routable Pods within a Kubernetes cluster. In some embodiments, the Pod operates in a guest cluster has its own VPC (virtual private cloud) network in a datacenter with several other guest clusters that have their own VPC networks and their own set of managers. In some embodiments, a Pod within a GC can be made externally routable so that it can be directly addressable from an external client outside of the Pod's network by using two new Kubernetes CRDs (custom resource definitions), which are an IPPool CRD and a RouteSet CRD. Examples of such external clients include VMs or Pods in another GC or a supervisor cluster connected to the particular GC through a gateway, or from a machine outside of the network of all of the GCs or SC.
    Type: Application
    Filed: November 14, 2024
    Publication date: February 27, 2025
    Inventors: Danting Liu, Qian Sun, Jianjun Shen, Wenfeng Liu, Donghai Han
  • Publication number: 20250030663
    Abstract: Techniques associated with exchanging data between clusters are disclosed. A data packet can be received from a first pod in a first cluster of a cluster set that targets a second pod or service in a second cluster of the cluster set. A label identity is determined for the first pod from a table of pods and label identities. The label identity for the first pod is added in a virtual network identifier field of a data packet header. The data packet is communicated from a first virtual switch to the second cluster through a tunnel interface and gateway node. Upon receipt of the data packet, the label identity is extracted from the data packet header, and an ingress rule associated with the label identity can be determined. Access to the second pod is controlled based on the rule.
    Type: Application
    Filed: August 18, 2023
    Publication date: January 23, 2025
    Inventors: Yang Ding, Jiahao Wu, Jianjun Shen, Lan Luo, Akshay Katrekar, Guna Singh Bagavath Singh Chidambaram Udhaya Singh
  • Publication number: 20250028548
    Abstract: The disclosure provides a method for assigning containerized workloads to isolated network constructs within a networking environment associated with a container-based cluster. The method generally includes receiving, at the container-based cluster, a subnet port custom resource specification to initiate creation of a subnet port object to assign a node to a subnet within the networking environment, wherein one or more containerized workloads are running on the node, in response to receiving the subnet port custom resource specification, creating the subnet port object, and modifying a state of the container-based cluster to match a first intended state of the container-based cluster at least specified in the subnet port object, wherein modifying the state comprises assigning the node to the subnet in the networking environment.
    Type: Application
    Filed: August 23, 2023
    Publication date: January 23, 2025
    Inventors: Xiaopei Liu, Danting Liu, Wenfeng Liu, Jianjun Shen, Donghai Han
  • Patent number: 12199833
    Abstract: Some embodiments provide a method for using a first SDN controller as a Network Controller as a Service (NCaaS). The first SDN controller receives a first set of network attributes regarding network elements in a first container cluster configured by a second SDN controller, and a second set of network attributes regarding network elements in a second container cluster configured by a third SDN controller. These container clusters do not have a controller for defining particular network policies. Based on the sets of network attributes, the first SDN controller defines the particular network policies to control forwarding data messages between the first and second container clusters. The first SDN controller distributes at least a subset of the particular network policies to the first container cluster in order for network elements at the first container cluster to enforce on data messages exchanged between the first and second container clusters.
    Type: Grant
    Filed: January 17, 2023
    Date of Patent: January 14, 2025
    Assignee: VMware LLC
    Inventors: Zhengsheng Zhou, Jianjun Shen, Wenfeng Liu, Donghai Han
  • Patent number: 12184450
    Abstract: Some embodiments of the invention provide a method for adding routable subnets to a logical network that connects multiple machines and is implemented by a software defined network (SDN). The method receives an intent-based API that includes a request to add a routable subnet to the logical network. The method defines (i) a VLAN (virtual local area network) tag associated with the routable subnet, (ii) a first identifier associated with a first logical switch to which at least a first machine in the multiple machines that executes a set of containers belonging to the routable subnet attaches, and (iii) a second identifier associated with a second logical switch designated for the routable subnet. The method generates an API call that maps the VLAN tag and the first identifier to the second identifier. The method provides the API call to a management and control cluster of the SDN.
    Type: Grant
    Filed: April 19, 2022
    Date of Patent: December 31, 2024
    Assignee: VMware LLC
    Inventors: Jianjun Shen, Ran Gu, Caixia Jiang, Yves Fauser
  • Patent number: 12177124
    Abstract: Some embodiments provide an automated method for defining externally routable Pods within a Kubernetes cluster. In some embodiments, the Pod operates in a guest cluster has its own VPC (virtual private cloud) network in a datacenter with several other guest clusters that have their own VPC networks and their own set of managers. In some embodiments, a Pod within a GC can be made externally routable so that it can be directly addressable from an external client outside of the Pod's network by using two new Kubernetes CRDs (custom resource definitions), which are an IPPool CRD and a RouteSet CRD. Examples of such external clients include VMs or Pods in another GC or a supervisor cluster connected to the particular GC through a gateway, or from a machine outside of the network of all of the GCs or SC.
    Type: Grant
    Filed: October 4, 2022
    Date of Patent: December 24, 2024
    Assignee: VMware LLC
    Inventors: Danting Liu, Qian Sun, Jianjun Shen, Wenfeng Liu, Donghai Han
  • Patent number: 12175276
    Abstract: In an embodiment, a computer-implemented method for dynamically exchanging runtime state data between datacenters with a gateway using a controller bridge is disclosed. In an embodiment, the method comprises: receiving one or more first runtime state data from one or more logical sharding central control planes (“CCPs”) controlling one or more logical sharding hosts; receiving one or more second runtime state data from a gateway that is controlled by a CCP that also controls one or more physical sharding hosts; aggregating to aggregated runtime state data, the one or more first runtime state data received from the one or more logical sharding CCPs and the one or more second runtime state data received from the gateway; determining updated runtime state data based on the aggregated runtime state data, the one or more first runtime state data, and the one or more second runtime state data; and transmitting the updated runtime state data to at least one of the one or more logical sharding CCPs and the gateway.
    Type: Grant
    Filed: June 16, 2023
    Date of Patent: December 24, 2024
    Assignee: VMware LLC
    Inventors: Da Wan, Jianjun Shen, Feng Pan, Pankaj Thakkar, Donghai Han
  • Publication number: 20240388523
    Abstract: Systems and methods for configuring an egress node for an egress pod set comprising one or more pods are provided. The egress pod set may be allocated one or more egress internet protocol (IP) addresses. The egress node may be selected among nodes of a cluster including the one or more pods. The egress node may be configured as the routing destination for an egress IP address selected among the one or more egress internet protocol (IP) addresses.
    Type: Application
    Filed: June 21, 2023
    Publication date: November 21, 2024
    Inventors: Quan Tian, Jianjun Shen, Donghai Han, Shuyang Xin, Wenqi Qiu
  • Publication number: 20240388559
    Abstract: Systems and methods for configuring an egress node for an egress pod set comprising one or more pods are provided. The egress pod set may be allocated one or more egress internet protocol (IP) addresses. The egress node may be selected among nodes of a cluster including the one or more pods. The egress node may be configured as the routing destination for an egress IP address selected among the one or more egress internet protocol (IP) addresses.
    Type: Application
    Filed: June 21, 2023
    Publication date: November 21, 2024
    Inventors: Quan Tian, Jianjun Shen, Donghai Han, Shuyang Xin, Wenqi Qiu
  • Publication number: 20240380682
    Abstract: Described herein are systems, methods, and software to manage statistical information associated with multicast communications for containers in a computing network. In one example, a management service receives multicast statistical information from nodes deployed in a computing network. The management service aggregates the multicast statistical information from the nodes and, in response to a summary request, generates a summary for display based on the aggregated multicast statistical information.
    Type: Application
    Filed: May 11, 2023
    Publication date: November 14, 2024
    Inventors: Ruochen Shen, Wenying Dong, Bin Liu, Quan Tian, Jianjun Shen
  • Patent number: 12101244
    Abstract: Some embodiments of the invention provide a method of performing layer 7 (L7) packet processing for a set of Pods executing on a host computer, the set of Pods managed by a container orchestration platform. The method is performed at the host computer. The method receives notification of a creation of a traffic control (TC) custom resource (CR) that is defined by reference to a TC custom resource definition (CRD). The method identifies a set of interfaces of a set of one or more managed forwarding elements (MFEs) executing on the host computer that are candidate interfaces for receiving flows that need to be directed based on the TC CR to a layer 7 packet processor. Based on the identified set of interfaces, the method provides a set of flow records to the set of MFEs to process in order to direct a subset of flows that the set of MFEs receive to the layer 7 packet processor.
    Type: Grant
    Filed: July 14, 2023
    Date of Patent: September 24, 2024
    Assignee: VMware LLC
    Inventors: Quan Tian, Jianjun Shen, Yang Ding, Donghai Han
  • Patent number: 12101292
    Abstract: A method for network address management is provided. Embodiments include determining a creation of a namespace associated with a cluster of computing devices, wherein a subset of computing resources of the cluster of computing devices is allocated to the namespace. Embodiments include assigning, to the namespace, a network address pool comprising a plurality of network addresses in a subnet, wherein the assigning causes the plurality of network addresses to be reserved exclusively for the namespace. Embodiments include receiving an indication that a pod is added to the namespace. Embodiments include, in response to the receiving of the indication, assigning a network address from the network address pool to the pod.
    Type: Grant
    Filed: August 17, 2022
    Date of Patent: September 24, 2024
    Assignee: VMware LLC
    Inventors: Xiaopei Liu, Jianjun Shen, Donghai Han, Wenfeng Liu, Danting Liu
  • Publication number: 20240314104
    Abstract: The disclosure provides a method for isolated environments for containerized workloads within a virtual private cloud in a networking environment. The method generally includes defining, by a user, a subnet custom resource object for creating a subnet in the virtual private cloud, wherein defining the subnet custom resource object comprises defining a connectivity mode for the subnet; deploying the subnet custom resource object such that the subnet is created in the virtual private cloud with the connectivity mode specified for the subnet; defining, by the user, a subnet port custom resource object for assigning a node to the subnet, wherein one or more containerized workloads are running on the node; and deploying the subnet port custom resource object such that the node is assigned to the subnet.
    Type: Application
    Filed: March 14, 2023
    Publication date: September 19, 2024
    Inventors: Xiaopei Liu, Danting Liu, Jianjun Shen, Qian Sun, Wenfeng Liu, Donghai Han
  • Patent number: 12073242
    Abstract: A method for containerized workload scheduling can include determining a network state for a first hypervisor in a virtual computing cluster (VCC). The method can further include determining a network state for a second hypervisor. Containerized workload scheduling can further include deploying a container to run a containerized workload on a virtual computing instance (VCI) deployed on the first hypervisor or the second hypervisor based, at least in part, on the determined network state for the first hypervisor and the second hypervisor.
    Type: Grant
    Filed: December 21, 2022
    Date of Patent: August 27, 2024
    Assignee: VMware LLC
    Inventors: Aditi Ghag, Pranshu Jain, Yaniv Ben-Itzhak, Jianjun Shen