Real Time Touch



new TOP 200 Companies filing patents this week

new Companies with the Most Patent Filings (2010+)




Real Time Touch

Nicira Inc patents


Recent patent applications related to Nicira Inc. Nicira Inc is listed as an Agent/Assignee. Note: Nicira Inc may have other listings under different names/spellings. We're not affiliated with Nicira Inc, we're just tracking patents.

ARCHIVE: New 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 | Company Directory "N" | Nicira Inc-related inventors


Accessing nodes deployed on an isolated network

Example methods and systems are provided for a management entity on a first network to access a node deployed on a second network that is isolated from the first network. The method may comprise assigning a first network address to the node, the first network address being a transient network address for the management entity to access the node temporarily from the first network. ... Nicira Inc

Enablement of multi-path routing in virtual edge systems

The technology disclosed herein enables multi-path routing in virtual edge systems of a virtual network environment. In a particular embodiment, a method provides establishing a connection for a communication with a client outside of the virtual network environment through a first virtual edge system of a plurality of virtual edge systems. ... Nicira Inc

Firewall rule creation in a virtualized computing environment

Example methods are provided for a network management entity to perform firewall rule creation in a virtualized computing environment. The method may comprise obtaining flow data associated with an application-layer protocol session between a first endpoint and a second endpoint in the virtualized computing environment; and identifying, from the flow data, an association between a control flow and at least one data flow of the application-layer protocol session. ... Nicira Inc

Congestion-aware load balancing

Certain embodiments presented herein relate to load balancing of data transmissions among a plurality of paths between endpoints (eps) coupled to virtual switches. In particular, between the virtual switches there may be a number of physical paths for the data to be communicated between the eps. ... Nicira Inc

Cloud to on-premise port forwarding with ip address bound to loopback alias

An example method to provide communication between a first computer in a first computer network and a second computer in a second computer network is disclosed. The method includes aliasing the second computer's address in the second computer network to a loopback interface of a third computer in the first computer network and establishing a tunnel between the third computer and a fourth computer in the second computer network. ... Nicira Inc

Adaptive data mirroring in virtual networks

Some embodiments provide a method for providing a continuous mirroring session between a monitored data compute node (dcn) and a monitoring dcn. The method provides such uninterrupted mirroring session regardless of relocations of the dcns during the mirroring session. ... Nicira Inc

Port mirroring in overlay networks

A method of mirroring packets in a network. The method assigns an internet protocol (ip) multicast address to an overlay network for transmitting mirrored packets. ... Nicira Inc

Efficient computation of address groupings across multiple network interfaces

Certain embodiments described herein are generally directed to normalizing service rules across multiple virtual interfaces (vifs). For example, certain embodiments described herein relate to a method for managing service rules. ... Nicira Inc

Performing services on a host

Some embodiments provide a novel method for performing services on a host computer that executes several data compute nodes (dcns). The method receives, at a module executing on the host, a data message associated with a dcn executing on the host. ... Nicira Inc

Virtualization port layer including physical switch port and logical switch port

Aspects of the present disclosure relate to introduction of a physical switch port and logical switch port to the virtualization layer. A virtual network interface card (vnic) can be associated with a physical switch port that routes traffic to logical switch ports based on a transmit function. ... Nicira Inc

Media access control address learning for packets

Certain embodiments described herein are generally directed to media access control (mac) address learning for packets sent between end points (eps) in a network (e.g., overlay network). For example, in some embodiments, vteps may be used to provide packet forwarding services, load balancing services, gateway services, etc., to eps in the network. ... Nicira Inc

Monitoring resource consumption for distributed services

A method for monitoring several data compute nodes (dcns) on a group of managed host machines is provided. The method receives service usage data from a group of managed hosts. ... Nicira Inc

Managing resource consumption for distributed services

A method for managing service resources of a group of host machines is provided. Each host machine provides services for a corresponding set of data compute nodes (dcns). ... Nicira Inc

Network health checker

A method of generating a network topology map in a datacenter comprising a network manager server and a set of host machines is provided. Each host machine hosts a set of data compute nodes (dcns). ... Nicira Inc

05/03/18 / #20180123877

Logical network configuration span

Certain embodiments described herein are generally directed to determining the spans of logical entities in a logical network using a graph theoretic method. For example, in some embodiments, a configuration of the logical network is represented as a directed graph with labeled edges. ... Nicira Inc

05/03/18 / #20180121250

Monitoring and optimizing interhost network traffic

Some embodiments provide a method for clustering a set of data compute nodes (dcns), which communicate with each other more frequently, on one or more host machines. The method groups together guest dcns (gdcns) that (1) execute on different host machines and (2) exchange network data among themselves more frequently, in order to reduce interhost network traffic. ... Nicira Inc

04/19/18 / #20180109416

Reducing data plane disruption in a virtual switch

Described herein are systems, methods, and software to reduce data plane disruption during a startup event for a virtual switch controller. In one example, during a startup event, applications are initiated on a virtual switch controller to configure the virtual switch. ... Nicira Inc

04/12/18 / #20180102959

Tracing network packets through logical and physical networks

Some embodiments provide a method for a first network controller that manages a set of logical forwarding elements implemented in several managed forwarding elements. The method receives a request to trace a specified packet having a particular source on a logical forwarding element. ... Nicira Inc

04/12/18 / #20180102943

Method and system for managing network nodes that implement a logical multi-node application

Some embodiments of the invention provide a novel method of managing network nodes that implement a logical multi-node application. The method can comprise obtaining log data describing events relating to a plurality of network nodes and obtaining network flow data describing flow of data between the plurality of network nodes. ... Nicira Inc

04/12/18 / #20180102937

Network operating system for managing and securing networks

Systems and methods for managing a network are described. A view of current state of the network is maintained where the current state of the network characterizes network topology and network constituents, including network entities and network elements residing in or on the network. ... Nicira Inc

04/05/18 / #20180097785

Scalable security key architecture for network encryption

An example method of key management for encryption of traffic in a network having a network nodes includes negotiating, between a first network node and a centralized key management server, to obtain a master key shared among the network nodes; receiving, at the first network node, a first identifier for the first network node and a second identifier for a second network node; generating, at the first network node, a first session key by supplying the master key, the first identifier, and the second identifier as parametric input to a function; establishing, using a network stack of the first network node, a first point-to-point tunnel through the network to the second network node without a key exchange protocol; and sending first traffic from the first network node to the second network node through the first point-to-point tunnel, the first traffic including a portion encrypted by the first session key.. . ... Nicira Inc

04/05/18 / #20180097778

Use of stateless marking to speed up stateful firewall rule processing

A novel method for stateful packet classification that uses hardware resources for performing stateless lookups and software resources for performing stateful connection flow handshaking is provided. To classify an incoming packet from a network, some embodiments perform stateless look up operations for the incoming packet in hardware and forward the result of the stateless look up to the software. ... Nicira Inc

04/05/18 / #20180097734

Anycast edge service gateways

Some embodiments provide a method for managing traffic in a virtualized environment. The method, in some embodiments, configures multiple edge service gateways (esgs) executing on multiple host machines (e.g., on a hypervisor) to use a same anycast inner interne protocol (ip) address and a same anycast inner media access control (mac) address. ... Nicira Inc

03/29/18 / #20180091415

Inline processing of learn actions in a virtual switch

Described herein are systems, methods, and software to enhance inline processing of data packets by a virtual switch. In at least one implementation, a virtual switch receives a data packet and initiates a flow process with a plurality of flow operations on the data packet. ... Nicira Inc

03/22/18 / #20180083837

Application-based network segmentation in a virtualized computing environment

Example methods are provided for host to implement application-based network segmentation in a virtualized computing environment. The method may comprise detecting an egress packet from a virtualized computing instance supported by the host for transmission to a destination and identifying a source application associated with the egress packet. ... Nicira Inc

03/22/18 / #20180083829

Using transactions to minimize churn in a distributed network control system

A particular network controller receives a first set of in-puts from the first controller and a second set of inputs from the second controller. The particular controller then starts to compute a set of out-puts using the first set of inputs. ... Nicira Inc

03/01/18 / #20180063237

Distributed global load-balancing system for software-defined data centers

The disclosure herein describes a system for providing distributed global server load balancing (gslb) over resources across multiple data centers. The system includes a directory group comprising one or more directory nodes and a plurality of gslb nodes registered to the directory group. ... Nicira Inc

03/01/18 / #20180063195

Adaptable network event monitoring configuration in datacenters

Some embodiments provide a method for defining an adaptable monitoring profile for a network. The defined network monitoring profile is independent of the security policy defined for the network and includes one or more log generation rules, each of which defines a logging policy for a set of data compute nodes (dcns) that share a common attribute. ... Nicira Inc

03/01/18 / #20180063194

Policy definition and enforcement for a network virtualization platform

A method of defining policy for a network virtualization platform of a data center is provided. The method receives a registration of one or more actions provided by each of a plurality of data center services. ... Nicira Inc

03/01/18 / #20180063176

Identifying and handling threats to data compute nodes in public cloud

Some embodiments provide a method for a public cloud manager that interacts with a management system of a public datacenter. The method receives a notification from a network controller that a second data compute node is compromised. ... Nicira Inc

03/01/18 / #20180063160

Isolated network stack to manage security for virtual machines

Some embodiments provide a novel method for monitoring network requests from a machine. The method captures the network request at various layers of a protocol stack. ... Nicira Inc

03/01/18 / #20180063103

Secure key management protocol for distributed network encryption

For an encryption management module of a host that executes one or more data compute nodes (dcns), some embodiments of the invention provide a method of providing key management and encryption services. The method initially receives an encryption key ticket at an encryption management module to be used to retrieve an encryption key identified by the ticket from a key manager. ... Nicira Inc

03/01/18 / #20180063087

Managed forwarding element executing in separate namespace of public cloud data compute node than workload application

Some embodiments provide a method for a network controller that manages a logical network implemented in a datacenter having forwarding elements to which the network controller does not have access. The method identifies a data compute node (dcn) operating on a host machine in the datacenter, to attach to the logical network. ... Nicira Inc

03/01/18 / #20180063086

Managed forwarding element executing in public cloud data compute node without overlay network

Some embodiments provide a method for a network controller that manages a logical network implemented in a datacenter having forwarding elements to which the network controller does not have access. The method identifies a data compute node (dcn), that operates on a host machine in the datacenter, to attach to the logical network. ... Nicira Inc

03/01/18 / #20180062933

Managed forwarding element executing in public cloud data compute node with different internal and external network addresses

Some embodiments provide a method for a network controller that manages a logical network implemented in a datacenter comprising forwarding elements to which the network controller does not have access. The method identifies a data compute node (dcn), that operates on a host machine in the datacenter, to attach to the logical network. ... Nicira Inc

03/01/18 / #20180062923

Use of public cloud inventory tags to configure data compute node for logical network

Some embodiments provide a method for a public cloud manager operating within a first data compute node of a public cloud. The method receives, through a set of public cloud provider apis, information regarding a new second data compute node created within the public cloud. ... Nicira Inc

03/01/18 / #20180062917

Extension of network control system into public cloud

Some embodiments provide a method for a first network controller that manages a logical network implemented in a datacenter including forwarding elements to which the first network controller does not have access. The method identifies a first data compute node (dcn) in the datacenter configured to execute a second network controller. ... Nicira Inc

03/01/18 / #20180062914

Edge node cluster network redundancy and fast convergence using an underlay anycast vtep ip

Some embodiments provide a method for providing redundancy and fast convergence for modules operating in a network. The method configures modules to use a same anycast inner ip address, anycast mac address, and to associate with a same anycast vtep ip address. ... Nicira Inc

03/01/18 / #20180062834

System and method for managing secret information using virtualization

A distributed computer system and method for managing secret information for virtual entities in the distributed computer system utilizes multiple secret storage service entities to provide secret information to a virtual entity to be hosted in a host computer in the distributed computer system. At least one piece of the secret information for the virtual entity is distributed to the multiple secret storage service entities to provide the secret information to the virtual entity using the at least one piece of the secret information from one of the multiple secret storage service entities.. ... Nicira Inc

03/01/18 / #20180060061

Method and system for tracking progress and providing fault tolerance in automated upgrade of a network virtualization platform

A method of upgrading nodes of a network virtualization platform is provided. The method receives a definition of an upgrade plan to upgrade a group of upgrade units. ... Nicira Inc

02/22/18 / #20180054351

Group-based network event notification

Example methods are provided for network management entity to perform group-based network event notification in a network environment that includes the network management entity and a notification consumer. The method may comprise: in response to detection of a first network event associated with a group, withholding notification of the first network event to the notification consumer; and in response to detection of a second network event associated with the group, withholding notification of the second network event to the notification consumer. ... Nicira Inc

02/22/18 / #20180052703

Maintaining security system information in virtualized computing environments

Example methods are provided for a host to maintain security system information in a virtualized computing environment, in which the host supporting a security system to secure a source virtualized computing instance. The method may include, based on an operation associated with the source virtualized computing instance, determining to maintain security system information associated with the security system. ... Nicira Inc

02/15/18 / #20180048702

Excluding stressed machines from load balancing of distributed applications

Some embodiments provide a method for an end machine, that implements a distributed application, to redirect new network connection requests to other end machines that also implement the distributed application. The method receives a set of measurement data from a set of resources of the end machine and determines whether a measurement data received from a particular resource has exceeded a threshold. ... Nicira Inc

02/15/18 / #20180048623

Firewall rule management

Some embodiments provide a central firewall management system that can be used to manage different firewall devices from a single management interface. This management interface provides a uniform interface for defining different firewall rule sets and deploying these rules sets on different firewall devices (e.g., port-linked firewall engines, firewall service vms, network-perimeter firewall devices, etc.). ... Nicira Inc

02/15/18 / #20180048537

Policy driven network qos deployment

Some embodiments provide a method for dynamically implementing quality of service (qos) for machines of a network. The method identifies a qos policy rule that defines a qos policy to be implemented for machines that meet a set of criteria specified by the qos policy rule. ... Nicira Inc

02/15/18 / #20180048478

Replicating broadcast, unknown-unicast, and multicast traffic in overlay logical networks bridged with physical networks

A novel method for performing replication of messages in a network that bridges one or more physical networks to an overlay logical network is provided. A physical gateway provides bridging between network nodes of a physical network and virtual machines in the overlay logical network by serving as an endpoint of the overlay logical network. ... Nicira Inc

02/15/18 / #20180046807

Intelligent identification of stressed machines for data security management

Some embodiments provide a method for preventing stressed end machines from being scanned for security check on a host machine that executes several different end machines scheduled to be scanned for security check. The method collects, at one of the end machines, a set of measurement data from a set of resources of the end machine. ... Nicira Inc

02/08/18 / #20180041443

Distributed network address translation for efficient cloud service access

A method for coordinating distributed network address translation (nat) in a network within which several logical networks are implemented. The logical networks include several tenant logical networks and at least one service logical network that include service virtual machines (vms) that are accessed by vms of the tenant logical networks. ... Nicira Inc

01/04/18 / #20180007162

Upgrading a proxy that decouples network connections from an application during application's downtime

Some embodiments provide a method for upgrading a proxy instance that receives incoming data destined for an application, as an intermediary between the application and a network interface of a machine. The method of some embodiments receives a notification that an updated version of a first proxy instance is available. ... Nicira Inc

01/04/18 / #20180007008

Firewall configuration versioning

Some embodiments provide a method for managing firewall protection in a datacenter that includes multiple host machines that each hosts a set of data compute nodes. The method maintains a firewall configuration for the host machines at a network manager of the data center. ... Nicira Inc

01/04/18 / #20180007007

Self-service firewall configuration

A novel method for managing firewall configuration of a software defined data center is provided. Such a firewall configuration is divided into multiple sections that each contains a set of firewall rules. ... Nicira Inc

01/04/18 / #20180007005

Implementing logical network security on a hardware switch

Some embodiments provide a method for configuring a hardware switch to implement a security policy associated with a logical router of a logical network. The method receives a logical router definition. ... Nicira Inc

01/04/18 / #20180007004

Implementing logical network security on a hardware switch

Some embodiments provide a method for applying a security policy defined for a logical network to an mhfe that integrates physical workloads (e.g., physical machines connected to the mhfe) with the logical network. The method applies the security policy to the mhfe by generating a set of acl rules based on the security policy's definition and configuring the mhfe to apply the acl rules on the network traffic that is forwarded to and/or from the physical machines. ... Nicira Inc

01/04/18 / #20180007000

Translation cache for firewall configuration

Some embodiments provide a method for distributing firewall configuration in a datacenter comprising multiple host machines. The method retrieves a rule in the firewall configuration for distribution to the host machines. ... Nicira Inc

01/04/18 / #20180006958

Decoupling network connections from an application while the application is temporarily down

Some embodiments provide a method for saving data communicated with an application during the application downtime. The method, in some embodiments, receives incoming data from an interface of a machine. ... Nicira Inc

01/04/18 / #20180006943

Installation of routing tables for logical router in route server mode

Some embodiments provide a method for a network controller operating on a host machine that hosts a particular one of multiple centralized routing components for a logical router. The method receives a routing table from a routing protocol application operating on the host machine. ... Nicira Inc

01/04/18 / #20180006926

Analysis of simultaneous multi-point packet capture

Some embodiments provide a method for presenting packets captured in a network. The method identifies a first set of packets from a first packet group of multiple captured packet groups. ... Nicira Inc

01/04/18 / #20180006923

Software tap for traffic monitoring in virtualized environment

Some embodiments provide a system for lossless packet monitoring in a virtualized. The system, using a virtual tap, intercepts packets from a data compute node operating on a host machine, between the data compute node (dcn) and a managed forwarding element on the host. ... Nicira Inc

01/04/18 / #20180006908

Distributed network troubleshooting using simultaneous multi-point packet capture

Some embodiments provide a method for performing a multi-point capture of packets in a network. The method identifies multiple nodes for the multi-point capture in the network. ... Nicira Inc

01/04/18 / #20180006902

Network workflow replay tool

A method of automatically identifying and recreating tenants environment issues in a set of datacenters by a workflow replay tool is provided. Each datacenter includes a network manager server. ... Nicira Inc

01/04/18 / #20180006880

Ranking of gateways in cluster

Some embodiments provide a method for managing a set of forwarding elements. The method receives configuration information for a set of gateways specifying (i) multiple gateways for implementing logical router ports and (ii) a ranking order of the gateways in the set. ... Nicira Inc

01/04/18 / #20180006878

Centralized troubleshooting tool for distributed virtual network

Some embodiments provide a method for troubleshooting a virtual network that is implemented over multiple computing devices, which include first and second host machines that host virtual machines (vms). Each vm interfaces the virtual network through a set of virtual network interface controllers (vnics). ... Nicira Inc

01/04/18 / #20180006877

Context-sensitive command whitelisting for centralized troubleshooting tool

Some embodiments provide a method for troubleshooting a virtual network that is implemented across a plurality of computing devices. The method provides a command line interface (cli) for receiving and executing commands for debugging and monitoring the virtual network. ... Nicira Inc

01/04/18 / #20180004577

Methods and systems for managing interconnection of virtual network functions

A method and apparatus is disclosed herein for use of a connectivity manager and a network infrastructure including the same. In one embodiment, the network infrastructure comprises one or more physical devices communicably coupled into a physical network infrastructure or via the overlay provided by the physical servers; and a virtual network domain containing a virtual network infrastructure executing on the physical network infrastructure. ... Nicira Inc

12/28/17 / #20170371716

Identifier (id) allocation in a virtualized computing environment

Example methods are provided for a first node to perform identifier (id) allocation in a virtualized computing environment that includes a cluster formed by the first node and at least one second node. The method may comprise retrieving, from a pool of ids associated with the cluster, a batch of ids to a cache associated with the first node. ... Nicira Inc

12/21/17 / #20170366504

Context-aware distributed firewall

A context-aware distributed firewall scheme is provided. A firewall engine tasked to provide firewall protection for a set of network addresses applies a reduced set of firewall rules that are relevant to the set of addresses associated with the machine. ... Nicira Inc

12/21/17 / #20170366446

Database protocol for exchanging forwarding state with hardware switches

Some embodiments provide a set of one or more network controllers that communicates with a wide range of devices, ranging from switches to appliances such as firewalls, load balancers, etc. The set of network controllers communicates with such devices to connect them to its managed virtual networks. ... Nicira Inc

12/21/17 / #20170366401

Network configuration health check

An example method is provided for a host to perform network configuration health check in a virtualized computing environment. The method may include selecting a source nic and one or more destination nics, based on a first network configuration of the host, generating one or more unicast probe packets that are addressed from the source nic to the respective one or more destination nics, and sending the one or more unicast probe packets to the respective one or more destination nics from the source nic via a physical switch connected to the host. ... Nicira Inc

12/14/17 / #20170359414

Management of advanced connection state during migration

Techniques for transferring connection data for a migrated virtual computing instance are described. The connection data transfer process includes the steps of, responsive to determining the virtual computing instance is to be migrated, transmitting the connection data, from a first memory buffer shared between a first instance of a service virtual computing instance and a first hardware abstraction layer executing in a source host, to a second memory buffer shared between a second instance of the service virtual computing instance and a second hardware abstraction layer executing in a destination host; responsive to determining the virtual computing instance is stopped in the source host, packing connection data changes including changes made to the connection data at the source host during a time period beginning when the connection data is copied and ending when the virtual computing instance is stopped; and transmitting the connection data changes to the destination host.. ... Nicira Inc

12/14/17 / #20170357611

Methods and systems to achieve multi-tenancy in rdma over converged ethernet

A method for providing multi-tenancy support for rdma in a system that includes a plurality of physical hosts. Each each physical host hosts a set of data compute nodes (dcns). ... Nicira Inc

12/07/17 / #20170353433

Traffic handling for containers in a virtualized computing environment

An example method is provided for a computing device to perform traffic handling for a container in a virtualized computing environment. The method may comprise receiving a traffic flow of packets from a virtual machine and identifying a container from which the traffic flow originates based on content of the received traffic flow of packets. ... Nicira Inc

11/30/17 / #20170346885

Load balancing for a team of network interface controllers

An example method is provided for a host to perform load balancing for multiple network interface controllers (nics) configured as a team. The method may comprise the host detecting egress packets from a virtualized computing instance supported by the host for transmission to a destination via the team. ... Nicira Inc

11/30/17 / #20170346732

Using headerspace analysis to identify flow entry reachability

Some embodiments provide a method that uses headerspace analysis. The method receives several flow entries for distribution to a set of forwarding elements that implement a logical network. ... Nicira Inc

11/16/17 / #20170331750

Adjusting connection validating control signals in response to changes in network traffic

Some embodiments provide a method for reducing the transmission of connection validating control signals when they are not needed. Network entities transmit connection validating control signals over network connections at regular intervals to validate that the network connections and the network entities remain functional. ... Nicira Inc

10/26/17 / #20170310738

Configuration change realization assessment and timeline builder

Techniques disclosed herein provide an approach for assessing configuration change realization and building timelines. In one embodiment, an event parser parses relevant log(s) of a computing system to identify events of interest therein and associated tasks. ... Nicira Inc

10/12/17 / #20170295101

Congestion-aware load balancing in data center networks

Example methods are provided for a first switch to perform congestion-aware load balancing in a data center network. The method may comprise: receiving probe packets from multiple next-hop second switches that connect the first switch with a third switch via multiple paths. ... Nicira Inc

10/12/17 / #20170295100

Virtual tunnel endpoints for congestion-aware load balancing

Example methods are provided for a source virtual tunnel endpoint (vtep) to perform congestion-aware load balancing in a data center network. The method may comprise the source vtep learning congestion state information associated with multiple paths provided by respective multiple intermediate switches connecting the source vtep with a destination vtep. ... Nicira Inc

10/12/17 / #20170295033

Methods and systems to offload overlay network packet encapsulation to hardware

A method for offloading packet encapsulation for an overlay network is provided. The method, at a virtualization software of a host, sends a mapping table of the overlay network to a physical network interface controller (nic) associated with the host. ... Nicira Inc

10/05/17 / #20170289040

Throughput resilience during link failover

Techniques disclosed herein provide an approach for providing throughput resilience during link failover when links are aggregated in a link aggregation group (lag). In one embodiment, failure of a link in the lag may be detected, and a transmission control protocol/interact protocol (tcp/ip) stack notified to ignore packet losses and not perform network congestion avoidance procedure(s) for one round-trip timeout (rto) period. ... Nicira Inc

10/05/17 / #20170288981

Troubleshooting virtual network reachability

A novel method for troubleshooting a logical network is provided. The logical network has logical forwarding elements operating inside virtual network forwarding engines. ... Nicira Inc

10/05/17 / #20170288953

Automatic setup of failure detection sessions

For a network with host machines that are hosting virtual machines, a method for facilitating bum (broadcast, unknown unicast, and multicast) traffic between a hardware switch (e.g., tor switch) and the host machines is provided. The network has a set of host machines configured as a cluster of replicators for replicating bum traffic from the hardware switch to the host machines. ... Nicira Inc

10/05/17 / #20170286799

Automated realization of hand-drawn topologies

Techniques disclosed herein provide an approach for automated realization of hand-drawn topologies. In one embodiment, a topologizer application is configured to parse an image depicting a hand-drawn topology and identify shapes and relationships between the shapes in the image. ... Nicira Inc

09/28/17 / #20170277557

Architecture of networks with middleboxes

Some embodiments provide a system for implementing a logical network that includes a set of end machines, a first logical middlebox, and a second logical middlebox connected by a set of logical forwarding elements. The system includes a set of nodes. ... Nicira Inc

09/21/17 / #20170272192

Synchronization of data and control planes of routers

Synchronization between a data plane of a router in a network and a control plane of the router is performed by a processor of the router. Route information associated with at least one network node in the network is learned using a routing protocol. ... Nicira Inc

09/14/17 / #20170264497

Method to reduce packet statistics churn

A method of collecting statistics for a set of logical entities associated with a flow-based managed forwarding element. A statistics collection flow table is created for collecting statistics for logical entities. ... Nicira Inc

09/14/17 / #20170264494

Method and mechanism for efficiently managing flows

Some embodiments provide a novel method for installing flows of a desired network state in an actualized network state of a managed forwarding element. In some embodiments, the method maintains a flow output table based on flow events received from a computation engine for computing desired state, and from a set of managed forwarding elements on which the computed desired state is installed. ... Nicira Inc

09/14/17 / #20170264489

Identifying the realization status of logical entities based on a global realization number

Some embodiments provide a method for determining a realization status of one or more logical entities of a logical network. The method, each time a particular event occurs, increments the value of a realization number and publishes the incremented value to a set of controllers of the logical network. ... Nicira Inc

09/14/17 / #20170264483

Determining the realization status of logical entities in logical networks

Some embodiments provide a method for identifying a realization status of one or more logical entities of a logical network. In some embodiments the method is implemented by a controller that controls network data communications in a logical network. ... Nicira Inc

08/24/17 / #20170244674

Distributed firewall in a virtualized computing environment

Example methods are provided for a firewall controller to implement a distributed firewall in a virtualized computing environment that includes a source host and a destination host. The method may comprise retrieving a first firewall rule that is applicable at the destination host to an ingress packet destined for a destination virtualized computing instance supported by the destination host; and based on the first firewall rule, generating a second firewall rule that is applicable at the source host to an egress packet destined for the destination virtualized computing instance. ... Nicira Inc

08/24/17 / #20170244673

Firewall in a virtualized computing environment using physical network interface controller (pnic) level firewall rules

Example methods are provided for a destination host to implement a firewall in a virtualized computing environment that includes the destination host and a source host. The method may comprise receiving, via a physical network interface controller (pnic) of the destination host, an ingress packet sent by the source host. ... Nicira Inc

08/17/17 / #20170237664

Performing a multi-stage lookup to classify packets

Some embodiments provide a method for a forwarding element that forwards packets. The method receives a packet. ... Nicira Inc

08/17/17 / #20170237605

Storing network state at a network controller

Some embodiments provide a method for a first network controller located at a first physical domain that manages a logical network spanning several physical domains including the first domain. The method stores a set of context identifiers for assignment to logical entities. ... Nicira Inc

08/10/17 / #20170230262

On-demand connection ping

Techniques disclosed herein provide an approach for diagnosing problems in a network connection established between applications running on two endpoints. In one embodiment, upon identification of a potential issue in the network connection, a connection detector is triggered in one of the endpoints and requests a kernel of that endpoint to transmit an on-demand, non-invasive packet to the other endpoint. ... Nicira Inc

08/10/17 / #20170230241

Multiple levels of logical routers

Some embodiments provide a managed network for implementing a logical network for a tenant. The managed network includes a first set of host machines and a second set of host machines. ... Nicira Inc

08/03/17 / #20170220697

Directed graph based span computation and configuration dispatching

A method of determining the span of logical entities in a network is provided. The method generates a directed graph. ... Nicira Inc

07/06/17 / #20170195221

Periodical generation of network measurement data

Some embodiments provide a method that generates different network measurements data (e.g., network topology, bandwidth estimation of different paths, etc.) for a pair of endpoints upon receiving a network administrative request (e.g., an application programming interface (api) request) or by other means (e.g., automatically and without intervention of a user). In some embodiments, the method is implemented by a network measurement agent operating on each endpoint and a centralized service component (e.g., web service layer) executing on a network manager machine (e.g., a controller) that responds to measurement requests. ... Nicira Inc

07/06/17 / #20170192832

Providing an application interface programming exception in an upper management layer

An input string, which includes exception data payload, is received at the api exception that resides in the upper management layer. The api exception is dedicated to receiving the exception data payloads. ... Nicira Inc

06/22/17 / #20170180423

Service rule console for creating, viewing and updating template based service rules

Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. ... Nicira Inc

06/22/17 / #20170180321

Datapath processing of service rules with qualifiers defined in terms of dynamic groups

Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. ... Nicira Inc

06/22/17 / #20170180320

Creating and distributing template based service rules

Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. ... Nicira Inc

06/22/17 / #20170180319

Datapath processing of service rules with qualifiers defined in terms of template identifiers and/or template matching criteria

Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. ... Nicira Inc

06/22/17 / #20170180250

Packet communication between container data compute nodes and a managed forwarding element

A method of communicating packets in a physical host that includes a managed forwarding element (mfe) configured to communicate packets to a set of containers in a data compute node (dcn) hosted by the physical host. The method receives a packet from a particular container in the container dcn. ... Nicira Inc

06/22/17 / #20170180249

Forwarding element implementation for containers

A method of creating containers in a physical host that includes a managed forwarding element (mfe) configured to forward packets to and from a set of data compute nodes (dcns) hosted by the physical host. The method creates a container dcn in the host. ... Nicira Inc

06/15/17 / #20170171159

Packet tagging for improved guest system security

Some embodiments provide a novel method for monitoring network requests from a machine. The method captures the network request at various layers of a protocol stack. ... Nicira Inc

06/15/17 / #20170171113

Transactional controls for supplying control plane data to managed hardware forwarding elements

Some embodiments provide novel methods for controllers to communicate with managed hardware forwarding elements (mhfes) in a transactional manner. The transactional communication methods of some embodiments ensure that an mhfe receives the entirety of a control plane update that a controller supplies to it, before the mhfe starts to modify its data plane forwarding data and operations. ... Nicira Inc

06/15/17 / #20170171087

Congestion control during communication with a private network

Example methods are provided for a first endpoint to perform congestion control during communication with a second endpoint over a public network, the second endpoint being in a private network. The method may comprise generating a plurality of tunnel segments containing unreliable transport protocol data destined for the second endpoint; and determining whether congestion control is required based on a data amount of the plurality of tunnel segments and a congestion window associated with a tunnel connecting the first endpoint with the private network. ... Nicira Inc

06/15/17 / #20170171078

Transactional controls for supplying control plane data to managed hardware forwarding elements

Some embodiments provide novel methods for controllers to communicate with managed hardware forwarding elements (mhfes) in a transactional manner. The transactional communication methods of some embodiments ensure that an mhfe receives the entirety of a control plane update that a controller supplies to it, before the mhfe starts to modify its data plane forwarding data and operations. ... Nicira Inc

06/15/17 / #20170171077

Transactional controls for supplying control plane data to managed hardware forwarding elements

Some embodiments provide novel methods for controllers to communicate with managed hardware forwarding elements (mhfes) in a transactional manner. The transactional communication methods of some embodiments ensure that an mhfe receives the entirety of a control plane update that a controller supplies to it, before the mhfe starts to modify its data plane forwarding data and operations. ... Nicira Inc

06/15/17 / #20170171065

Dynamically generating flows with wildcard fields

Some embodiments of the invention provide a switching element that receives a packet and processes the packet by dynamically generating a flow entry with a set of wildcard fields. The switching element then caches the flow entry and processes any subsequent packets that have header values that match the flow entry's non-wildcard match fields. ... Nicira Inc

06/15/17 / #20170171061

Connectivity segment coloring

A novel method for fully utilizing the multicast or broadcast capability of a physical network is provided. The method identifies segments of the network within which broadcast traffic, multicast traffic, or traffic to unknown recipients (bum traffic) is allowed or enabled. ... Nicira Inc

06/15/17 / #20170171055

Method and tool for diagnosing logical networks

Some embodiments provide a method for diagnosing a logical network that includes several logical forwarding elements (lfes) that logically connects a number of data compute nodes (dcns) to each other. The method identifies a set of lfes that logically connects a first dcn of the several dcns to a second dcn. ... Nicira Inc

06/15/17 / #20170170989

Method and system for virtual and physical network integration

The disclosure herein describes a virtual extensible local area network (vxlan) gateway. During operation, the vxlan gateway receives, from a physical host, an ethernet packet destined for a virtual machine residing in a remote layer-2 network broadcast domain that is different from a local layer-2 network broadcast domain where the physical host resides. ... Nicira Inc

06/15/17 / #20170170987

Transport protocol task offload emulation to detect offload segments for communication with a private network

Example methods are provided for a first endpoint to communicate with a second endpoint over a public network, the second endpoint being in a private network. The method may comprise detecting an offload segment from a protocol stack of the first endpoint. ... Nicira Inc

06/15/17 / #20170170986

Transport protocol task offload emulation to detect chunks of data for communication with a private network

Example methods are provided for a first endpoint to communicate with a second endpoint over a public network, the second endpoint being in a private network. The method may comprise detecting a chunk of data directly from an application executing on the first endpoint. ... Nicira Inc

06/08/17 / #20170163775

Transferring multiple data sets using a multipath connection

Example methods are provided for a first endpoint to transfer a first data set and a second data set to a second endpoint using a multipath connection. The method may comprise detecting the first data set and the second data set from an application executing on the first endpoint for transfer to the second endpoint. ... Nicira Inc

06/08/17 / #20170163599

Grouping tunnel endpoints of a bridge cluster

Some embodiments provide a method for a first managed forwarding element (mfe). The method receives a packet from a data compute node that connects to the mfe. ... Nicira Inc

06/08/17 / #20170163598

Learning of tunnel endpoint selections

Some embodiments provide a method for a managed forwarding element (mfe). At the mfe, the method receives a first packet from a particular tunnel endpoint. ... Nicira Inc

06/08/17 / #20170163570

Method and apparatus for implementing and managing virtual switches

In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or vlan. ... Nicira Inc

06/08/17 / #20170163539

Data transfer between endpoints using a multipath connection

Example methods are provided to perform data transfer between a first endpoint and a second endpoint. The method may comprise detecting an elephant flow of data from an application executing on the first endpoint for transfer to the second endpoint; and splitting the elephant flow to obtain first packets and second packets. ... Nicira Inc

06/08/17 / #20170163536

Load balancing over multiple tunnel endpoints

Some embodiments provide a method for a managed forwarding element (mfe). The method receives a packet from a data compute node for which the mfe performs first-hop processing. ... Nicira Inc

06/08/17 / #20170163532

Route advertisement by managed gateways

Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. ... Nicira Inc

06/08/17 / #20170163522

Influencing path selection during a multipath connection

Example methods are provided to influence path selection during a multipath connection between a first endpoint and a second endpoint. The method may comprise configuring, for a first subflow of a multipath connection, a first set of tuples and establishing, over a network interface of the first endpoint, the first subflow with the second endpoint. ... Nicira Inc

06/08/17 / #20170163487

Methods and systems for controller-based datacenter network sharing

A method of allocating network bandwidth in a network that includes several tenant virtual machines (vms). The method calculates a first bandwidth reservation for a flow between a source vm and a destination vm that are hosted on two different host machines. ... Nicira Inc

06/08/17 / #20170163442

Distribution of tunnel endpoint mapping information

Some embodiments provide a method for a network controller. The method identifies a data compute node for operation on a host machine that includes a managed forwarding element (mfe) having multiple tunnel endpoints. ... Nicira Inc

05/18/17 / #20170142012

Multiple active l3 gateways for logical networks

Some embodiments provide a method for a network controller in a network control system that manages a plurality of logical networks. The method receives a specification of a logical network that comprises a logical router with a logical port that connects to an external network. ... Nicira Inc

05/18/17 / #20170142011

Hybrid packet processing

Some embodiments provide a method of processing an incoming packet for a managed forwarding element that executes in a host to forward packets in a network. The method performs a lookup into a forwarding table to identify a flow entry matched by the incoming packet. ... Nicira Inc

05/04/17 / #20170126726

Securing a managed forwarding element that operates within a data compute node

Some embodiments provide a method for securing a managed forwarding element (mfe) that operates within a data compute node (dcn) executing in a host machine. The method receives, from the mfe, a message to increase a local counter value by a first number when the mfe sends the first number of packets to a network interface controller (nic). ... Nicira Inc

05/04/17 / #20170126677

Extended context delivery for context-based authorization

Some embodiments provide a novel method for authorizing network requests for a machine in a network. In some embodiments, the method is performed by security agents that execute on virtual machines operating on a host machine. ... Nicira Inc

05/04/17 / #20170126615

Arp offloading for managed hardware forwarding elements

Some embodiments provide an arp-offload service node for several managed hardware forwarding elements (mhfes) in a datacenter in order to offload arp query processing by the mhfes. The mhfes are managed elements because one or more network controllers (e.g., one or more management servers) send configuration data to the mhfes to configure their operations. ... Nicira Inc

05/04/17 / #20170126567

Software receive side scaling for overlay flow re-dispatching

A packet forwarding element that includes a hardware dispatch unit and a multi-core processor with a plurality of processing cores. The hardware dispatch unit receives packets from a plurality of networks including physical and logical networks. ... Nicira Inc

05/04/17 / #20170126566

Software receive side scaling for packet re-dispatching

A method of re-dispatching packets at a packet forwarding element that includes a hardware dispatch unit and a multi-core processor. The method, at a first core of the multi-core processor, receives a packet of a particular packet flow from the hardware dispatch unit. ... Nicira Inc

05/04/17 / #20170126565

Software receive side scaling for overlay flow re-dispatching

A method of re-dispatching packets at a packet forwarding element that includes a hardware dispatch unit and a multi-core processor. The method, at a first core, receives a packet of a particular packet flow from the hardware dispatch unit. ... Nicira Inc

05/04/17 / #20170126559

Performing logical network functionality within data compute nodes

Some embodiments provide a method for a first managed forwarding element operating within a first data compute node (dcn) that executes on a host machine. From the first dcn, the method receives a packet destined for a second dcn that is logically connected to the first dcn through a set of logical forwarding elements of a logical network. ... Nicira Inc

05/04/17 / #20170126552

Distributed database structure for logical and physical network data

Some embodiments provide a method for a controller agent operating in a physical machine alongside a local managed forwarding element (mfe) that implements logical networks along with other mfes in a physical network. From a centralized storage, the method receives a description of a physical network populated by other controller agents, a description of a logical network populated by a centralized controller, and a set of bindings between the logical and physical network populated by the plurality of other controller agents. ... Nicira Inc

05/04/17 / #20170126551

Representation of match conditions in logical pipeline data

Some embodiments provide a method that receives several flow descriptions. Each flow description includes a set of match conditions and corresponding set of actions. ... Nicira Inc

05/04/17 / #20170126516

Automatic health check and performance monitoring for applications and protocols using deep packet inspection in a datacenter

A method of collecting health check metrics for a network is provided. The method, at a deep packet inspector on a physical host in a datacenter, receives a copy of a network packet from a load balancer. ... Nicira Inc

05/04/17 / #20170126497

Static route types for logical routers

Some embodiments provide method for implementing a logical router of a logical network. The method receives a configuration for a first logical router. ... Nicira Inc

05/04/17 / #20170126493

Network control system for configuring middleboxes

Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. ... Nicira Inc

05/04/17 / #20170126471

Local controller agent for converting logical pipeline data

Some embodiments provide a method for a controller agent operating in a physical machine alongside a managed forwarding element (mfe) that implements several logical networks. The method receives a first set of flow entries describing a particular logical network. ... Nicira Inc

05/04/17 / #20170126431

Performing logical network functionality within data compute nodes

Some embodiments provide a method for a managed forwarding element (mfe) operating within a first data compute node (dcn) that executes on a first host machine. The mfe is for implementing a logical network that logically connects the first dcn to a plurality of other dcns. ... Nicira Inc

05/04/17 / #20170123832

Securing a managed forwarding element that operates within a data compute node

Some embodiments provide a method for securing a managed forwarding element (mfe) that operates in a data compute node (dcn) executing in a host machine. The method receives a notification that the mfe is loaded on the dcn. ... Nicira Inc

04/27/17 / #20170118130

Reducing network congestion by preferentially dropping packets sent by high-bandwidth sources

Some embodiments provide a method for reducing congestion in a network stack that includes a series of components that send data packets through the network stack to a network. At a first component of the network stack, the method receives a data packet from a second component of the network stack. ... Nicira Inc

04/27/17 / #20170118114

Batch processing of packets

Some embodiments provide a method for a managed forwarding element. The method receives a set of packets for processing by the managed forwarding element. ... Nicira Inc

04/27/17 / #20170118090

Detecting an elephant flow based on the size of a packet

Some embodiments provide a forwarding element that inspects the size of each of several packets in a data flow to determine whether the data flow is an elephant flow. The forwarding element inspects the size because, in order for the packet to be of a certain size, the data flow had to already have gone through a slow start in which smaller packets are transferred and by definition be an elephant flow. ... Nicira Inc

04/27/17 / #20170116023

Migrating middlebox state for distributed middleboxes

A controller of a network control system for configuring several middlebox instances is described. The middlebox instances implement a middlebox in a distributed manner in several hosts. ... Nicira Inc

04/20/17 / #20170111236

Virtual network management

A network management system manages a virtual network includes an interface system communicatively coupled to one or more servers, a director engine, and a configuration engine. The one or more servers implement a virtual network including one or more virtual machines and one or more containers organized into one or more virtual domains. ... Nicira Inc

04/13/17 / #20170104720

Global object definition and management for distributed firewalls

A method of defining distributed firewall rules in a group of datacenters is provided. Each datacenter includes a group of data compute nodes (dcns). ... Nicira Inc

04/06/17 / #20170099365

Context enriched distributed logging services for workloads in a datacenter

A method of enhancing log packets with context metadata is provided. The method at a redirecting filter on a host in a datacenter, intercepts a packet from a data compute node (dcn) of a datacenter tenant. ... Nicira Inc

03/30/17 / #20170093758

Ip aliases in logical networks with hardware switches

Some embodiments provide a novel method of configuring a managed hardware forwarding element (mhfe) that implements a logical forwarding element (lfe) of a logical network to handle address resolution requests (e.g., address resolution protocol (arp) requests) for multiple addresses (e.g., ip addresses) associated with a single network interface of the logical network. The method identifies a physical port of the mhfe with which the multiple addresses are to be associated. ... Nicira Inc

03/30/17 / #20170093754

Virtual network abstraction

A method of defining a virtual network across a plurality of physical hosts is provided. At least two hosts utilize network virtualization software provided by two different vendors. ... Nicira Inc








ARCHIVE: New 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009



###

This listing is an abstract for educational and research purposes is only meant as a recent sample of applications filed, not a comprehensive history. Freshpatents.com is not affiliated or associated with Nicira Inc in any way and there may be associated servicemarks. This data is also published to the public by the USPTO and available for free on their website. Note that there may be alternative spellings for Nicira Inc with additional patents listed. Browse our Agent directory for other possible listings. Page by FreshPatents.com

###