Real Time Touch



new TOP 200 Companies filing patents this week

new Companies with the Most Patent Filings (2010+)




Real Time Touch

Nicira Inc patents


Recent patent applications related to Nicira Inc. Nicira Inc is listed as an Agent/Assignee. Note: Nicira Inc may have other listings under different names/spellings. We're not affiliated with Nicira Inc, we're just tracking patents.

ARCHIVE: New 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 | Company Directory "N" | Nicira Inc-related inventors


High availability bridging between layer 2 networks

The technology disclosed herein enables high availability bridging between layer 2 (l2) networks. In a particular embodiment, a method includes high availability bridge cluster comprising a first bridge node and a second bridge node. ... Nicira Inc

Distributed transaction conflict resolution

In accordance with disclosed embodiments, a shared log system includes a sequencer that receives a source object and a snapshot time reference, where the source object is used to generate data for a destination object. The sequencer uses the snapshot time to determine whether the data state of the source object is current with respect to the snapshot time, to assess correctness of the generated data relative to the snapshot time.. ... Nicira Inc

Configuration of logical router

Some embodiments provide a method of operating several logical networks over a network virtualization infrastructure. The method defines a managed physical switching element (mpse) that includes several ports for forwarding packets to and from a plurality of virtual machines. ... Nicira Inc

Multicast packet handling in logical networks

Example methods are provided for a host to perform multicast packet handling in a logical network. The method comprise in response to detecting a request to join a multicast group address, a hypervisor modifying the request by replacing a first address associated with a virtualized computing instance with a second address associated with the hypervisor; and sending the modified request to join the multicast group address on behalf of the virtualized computing instance. ... Nicira Inc

Handling control-plane connectivity loss in virtualized computing environments

Example methods are provided for a first host to handle control-plane connectivity loss in a virtualized computing environment that includes the first host, multiple second hosts and a network management entity. The method may comprise: detecting a loss of control-plane connectivity between the first host and the network management entity; and generating a request message for control information that the first host is unable to obtain from the network management entity. ... Nicira Inc

Hypervisor-assisted approach for locating operating system data structures based on attribute matching

Example methods are provided for locating an operating system (os) data structure on a host according to a hypervisor-assisted approach. The method may comprise a virtualized computing instance identifying a guest virtual memory address range in which the os data structure is stored; and configuring the hypervisor to perform a safe read on the guest virtual memory address range to access data stored within the guest virtual memory address range. ... Nicira Inc

Hypervisor-assisted approach for locating operating system data structures based on notification data

Example methods are provided for locating an operating system (os) data structure on a host according to a hypervisor-assisted approach. The method may comprise a virtualized computing instance identifying a guest virtual memory address range in which the os data structure is stored; and configuring a hypervisor to generate notification data associated with the guest virtual memory address range. ... Nicira Inc

Transaction controls for supplying control plane data to managed hardware forwarding element

Some embodiments provide novel methods for controllers to communicate with managed hardware forwarding elements (mhfes) in a transactional manner. The transactional communication methods of some embodiments ensure that an mhfe receives the entirety of a control plane update that a controller supplies to it, before the mhfe starts to modify its data plane forwarding data and operations. ... Nicira Inc

Logical l3 processing for l2 hardware switches

A method for configuring a managed forwarding element (mfe) to perform logical routing operations in a logical network on behalf of a hardware switch is described. The method of some embodiments receives data that defines a logical router that logically connects several different end machines operating on several different host machines to different physical machines that are connected to the hardware switch. ... Nicira Inc

Hitless upgrade for network control applications

A method for upgrading a set of controller nodes in a controller cluster that manages a plurality of forwarding elements in a way that minimizes dataplane outages. The method of some embodiments upgrades the control applications of a subset of the controller nodes before upgrading a decisive controller node. ... Nicira Inc

Port mirroring in a virtualized computing environment

Example methods are provided for a network management entity to implement port mirroring in a virtualized computing environment. The method may comprise configuring a port mirroring session between a source virtual port and a destination virtual port. ... Nicira Inc

Logical processing for containers

Some embodiments provide a local network controller that manages a first managed forwarding element (mfe) operating to forward traffic on a host machine for several logical networks and configures the first mfe to forward traffic for a set of containers operating within a container virtual machine (vm) that connects to the first mfe. The local network controller receives, from a centralized network controller, logical network configuration information for a logical network to which the set of containers logically connect. ... Nicira Inc

Configuration of a logical router for dynamic routing

Some embodiments provide a method for configuring a logical router to exchange routing data with a neighboring router through a dynamic routing protocol. The logical router is implemented as multiple routing components. ... Nicira Inc

Method and system of connecting to a multipath hub in a cluster

In one aspect, a computerized method useful for connecting to a multipath hub in a cluster includes the step of, with a gateway in a same network as the cluster, receiving, from a branch edge, a request to connect to a logical identifier (id) of the multipath hub. The gateway recognizes a logical id representing a cluster. ... Nicira Inc

08/16/18 / #20180234299

Inter-connecting logical control planes for state data exchange

Certain embodiments described herein are generally directed to interconnecting a plurality of local control planes (lcp) for state data exchange. In some embodiments, a first lcp receives the state data and a distribution list from a central control plane (ccp) node. ... Nicira Inc

08/09/18 / #20180227364

Adding logical sharding to a distributed system with only physical sharding

Certain embodiments described herein are generally directed to processing domain objects in a distributed system using logical sharding. In some embodiments, a central control plane (ccp) node receives a domain object. ... Nicira Inc

08/09/18 / #20180227317

Security against side-channel attack in real-time virtualized networks

Aspects of the present disclosure relate to adaptive and user-defined security against side-channel attacks in a virtual network. Traffic in the virtual network can be monitored at the hypervisor level and network security levels, such as padding and inclusion of dummy packets in the traffic stream, may be adaptively switched based on the monitored traffic information. ... Nicira Inc

08/02/18 / #20180219983

Private allocated networks over shared communications infrastructure

Methods and systems for implementing private allocated networks in a virtual infrastructure are presented. One method operation creates virtual switches in one or more hosts in the virtual infrastructure. ... Nicira Inc

08/02/18 / #20180219915

Systems and methods for allocating spi values

Certain embodiments described herein are generally directed to allocating security parameter index (“spi”) values to a plurality of endpoints in a network. The spi values may be derived using an spi derivation formula and a plurality of parameters. ... Nicira Inc

08/02/18 / #20180219726

Consistent processing of transport node network data in a physical sharding architecture

Certain embodiments described herein are generally directed to consistent processing of transport node network configuration data in a physical sharding architecture. For example, in some embodiments a first central control plane (ccp) node of a plurality of ccp nodes determines a sharding table, which is shared by the plurality of ccp nodes. ... Nicira Inc

08/02/18 / #20180219699

Managing tunnel endpoints for facilitating creation of logical networks

Some embodiments provide a novel method for managing hardware forwarding elements (mhfes) that facilitate the creation of multiple logical networks on a set of shared physical forwarding elements. The method uses a set of logical controllers that generate data that defines a set of logical networks, and a set physical controllers to distribute the generated data to the hardware forwarding elements. ... Nicira Inc

07/19/18 / #20180205673

Managing network traffic in virtual switches based on logical port identifiers

Described herein are systems, methods, and software to enhance network traffic management. In one implementation, a first host identifies a packet to be transferred from a first virtual machine on the first host to a second virtual machine on a second host. ... Nicira Inc

07/12/18 / #20180198679

Consistent hashing for network traffic dispatching

A method is provided that uses a consistent hashing technique to dispatch incoming packets in a stable system prior to adding of a node. The method uses a hash table and assigns hash buckets in the table to each network node. ... Nicira Inc

06/28/18 / #20180183906

Method and system for implementing logical port classifications

The network control system of some embodiments implements logical port classifications to implement different features of logical networks onto a physical network. The network control system of some embodiments modifies flow entries at forwarding elements of the physical network to implement the logical network. ... Nicira Inc

06/28/18 / #20180183866

Performing context-rich attribute-based load balancing on a host

Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (vms) in some embodiments, containers in other embodiments, or a mix of both vms and containers in still other embodiments. ... Nicira Inc

06/28/18 / #20180183764

Collecting and processing contextual attributes on a host

Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (vms) in some embodiments, containers in other embodiments, or a mix of vms and containers in still other embodiments. ... Nicira Inc

06/28/18 / #20180183761

Performing appid based firewall services on a host

Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (vms) in some embodiments, containers in other embodiments, or a mix of vms and containers in still other embodiments. ... Nicira Inc

06/28/18 / #20180183760

Identification and adjustment of ineffective firewall rules

Network firewalls operate based on rules that define how a firewall should handle traffic passing through the firewall. At their most basic, firewall rules may indicate that certain network traffic should be denied from passing through a network firewall or indicate that certain network traffic should be allowed to pass through the network firewall. ... Nicira Inc

06/28/18 / #20180183759

Context based firewall services for data message flows for multiple concurrent users on one machine

Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (vms) in some embodiments, containers in other embodiments, or a mix of vms and containers in still other embodiments. ... Nicira Inc

06/28/18 / #20180183757

Micro-segmentation of virtual computing elements

The technology disclosed herein enables micro-segmentation of virtual computing elements. In a particular embodiment, a method provides identifying one or more multi-tier applications comprising a plurality of virtual machines. ... Nicira Inc

06/28/18 / #20180183756

Deep packet inspection with enhanced data packet analyzers

Examples provide a deep packet inspection for performing security operations on network data packets by a plurality of enhanced packet analyzers. A copy of a mirrored network data packet is sent to each of the packet analyzers. ... Nicira Inc

06/28/18 / #20180183730

Ip aliases in logical networks with hardware switches

Some embodiments provide a novel method of configuring a managed hardware forwarding element (mhfe) that implements a logical forwarding element (lfe) of a logical network to handle address resolution requests (e.g., address resolution protocol (arp) requests) for multiple addresses (e.g., ip addresses) associated with a single network interface of the logical network. The method identifies a physical port of the mhfe with which the multiple addresses are to be associated. ... Nicira Inc

06/28/18 / #20180183667

Migration of centralized routing components of logical router

Some embodiments provide a method for a controller that manages a physical network that implements multiple logical networks that include multiple logical routers. The method receives a command to change a particular centralized routing component of a logical router to an inactive state. ... Nicira Inc

06/28/18 / #20180181763

Collecting and storing threat level indicators for service rule processing

Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (vms) in some embodiments, containers in other embodiments, or a mix of vms and containers in still other embodiments. ... Nicira Inc

06/28/18 / #20180181754

Performing context-rich attribute-based process control services on a host

Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (vms) in some embodiments, containers in other embodiments, or a mix of vms and containers in still other embodiments. ... Nicira Inc

06/28/18 / #20180181521

Systems and methods for flipping nic teaming configuration without interfering live traffic

Systems and methods described herein facilitate configuration changes to an nic teaming device while enabling multiple i/o threads continue to run through the nic teaming device concurrently without interruption. At a given time, multiple configurations of the nic teaming device, e.g., one for a current configuration of the nic teaming device and one for a new configuration of the nic teaming device, can co-exist. ... Nicira Inc

06/28/18 / #20180181423

Collecting and processing contextual attributes on a host

Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (vms) in some embodiments, containers in other embodiments, or a mix of vms and containers in still other embodiments. ... Nicira Inc

06/28/18 / #20180181417

Logical port authentication for virtual machines

A computer system authenticates a logical port for a virtual machine. A logical network maintains logical network data for a logical switch having the logical port. ... Nicira Inc

06/21/18 / #20180176307

Bypassing a load balancer in a return path of network traffic

Some embodiments provide a method that allows a first data compute node (dcn) to forward outgoing traffic to a second dcn directly in spite of receiving the incoming traffic from the second dcn through a load balancer. That is, the return traffic's network path from the first dcn (e.g., a server machine) to the second dcn (e.g., a client machine) bypasses the load balancer, even though a request that initiated the return traffic is received through the load balancer. ... Nicira Inc

06/21/18 / #20180176261

Providing application visibility for micro-segmentation of a network deployment

A method of creating micro-segmentation policies for a network is provided. The method identifies a set of network nodes as seed nodes. ... Nicira Inc

06/21/18 / #20180176255

Native tag-based configuration for workloads in a virtual computing environment

A method of configuring networking, security, and operational parameters of workloads deployed in a virtualized computing environment includes the steps of: storing multiple policies, each defining one of networking, security, or operational parameters, and associating tags to each of the multiple policies, independent of deployment of a virtual computing instance in the virtual computing environment; responsive to a request to perform configuration of a virtual computing instance being deployed, retrieving policies among the stored multiple policies that are associated with same tags as tags contained in the request; generating configuration parameters for data path components in a host machine of the virtual computing instance and for data path components of the virtual computing instance based on the retrieved policies; and transmitting the generated configuration parameters to the host machine for the host machine to configure the networking, security, or operational parameters the virtual computing instance therewith.. . ... Nicira Inc

06/21/18 / #20180176252

Application template generation and deep packet inspection approach for creation of micro-segmentation policy for network applications

A method of creating micro-segmentation policy for a network is provided. The method monitors the network packet traffic to identify network traffic types and patterns. ... Nicira Inc

06/21/18 / #20180176185

Firewall rule management for hierarchical entities

System and method for managing firewall rules for hierarchical entities modify a processing order of the firewall rules to be executed in a distributed computer system based on hit counts of the firewall rules and direct descendent relationships of destination entities of the firewall rules.. . ... Nicira Inc

06/21/18 / #20180176184

Collecting firewall flow records of a virtual infrastructure

In a computer-implemented method for collecting firewall flow records, firewall flow records are received from a plurality of data end nodes of a virtualized infrastructure comprising a distributed firewall according to a collection schedule, wherein the collection schedule defines which data end nodes of the plurality of data end nodes from which firewall flow records are collected, a frequency of collection of firewall flow records from the data end nodes, and an amount of firewall flow records collected from the data end nodes. Firewall flow records received at a firewall flow record collection queue are processed, such that the received firewall flow records are prepared for storage at a flow record data store. ... Nicira Inc

06/21/18 / #20180176183

Managing firewall flow records of a virtual infrastructure

In a computer-implemented method for managing firewall flow records, firewall flow records of a virtual infrastructure including a distributed firewall are received, wherein the firewall flow records are captured according to firewall rules of the distributed firewall, and wherein the firewall flow records each include tuples and at least one field of network traffic data. Responsive to detecting a number of received firewall flow records exceeding a threshold value, it is determined whether the tuples are identical for any of the firewall flow records. ... Nicira Inc

06/21/18 / #20180176180

Configuring interactions with a firewall service virtual machine

For a host that executes one or more guest virtual machines (gvms), some embodiments provide a novel virtualization architecture for utilizing a firewall service virtual machine (svm) on the host to check the packets sent by and/or received for the gvms. In some embodiments, the gvms connect to a software forwarding element (e.g., a software switch) that executes on the host to connect to each other and to other devices operating outside of the host. ... Nicira Inc

06/21/18 / #20180176124

Bypassing a load balancer in a return path of network traffic

Some embodiments provide a method that allows a first data compute node (dcn) to forward outgoing traffic to a second dcn directly in spite of receiving the incoming traffic from the second dcn through a load balancer. That is, the return traffic's network path from the first dcn to the second dcn bypasses the load balancer, even though a request that initiated the return traffic is received through the load balancer. ... Nicira Inc

06/21/18 / #20180176102

Application assessment and visibility for micro-segmentation of a network deployment

A method for visualizing network flows of a network is provided. The method monitors network flows between a group of machines in a network. ... Nicira Inc

06/21/18 / #20180176073

Dynamic recovery from a split-brain failure in edge nodes

Some embodiments provide a method for employing the management and control system of a network to dynamically recover from a split-brain condition in the edge nodes of the network. The method of some embodiments takes a corrective action to automatically recover from a split-brain failure occurred at a pair of high availability (ha) edge nodes of the network. ... Nicira Inc

06/14/18 / #20180167363

Firewall policy enforcement based on high level identification strings

The technology disclosed herein enables the enforcement of firewall policies based on high level identification strings. In a particular embodiment, a method provides receiving a first reply from a first identification system directed to a requestor system. ... Nicira Inc

06/14/18 / #20180167316

Address resolution using multiple designated instances of a logical router

A logical routing element (lre) having multiple designated instances for routing packets from physical hosts (ph) to a logical network is provided. A ph in a network segment with multiple designated instances can choose among the multiple designated instances for sending network traffic to other network nodes in the logical network according to a load balancing algorithm. ... Nicira Inc

06/14/18 / #20180167296

System for aggregating statistics relating to a logical forwarding element

Some embodiments provide a system that implements a set of tools to define a set of one or more logical forwarding elements from a number of physical forwarding elements and a scalable framework to retrieve statistics relating each logical forwarding element. In some embodiments, the statistics relate to the logical ports of a logical forwarding element. ... Nicira Inc

06/14/18 / #20180167287

Capturing packets in a virtual switch

Described herein are systems, methods, and software to capture packets of interest in a virtual switch. In one implementation, a method of capturing packets of interest in a virtual switch includes identifying a request to capture packets associated with first packet attributes. ... Nicira Inc

06/14/18 / #20180167272

Handling failure at logical routers

Example methods are provided for a first routing component to handle failure at a logical router in a first network. One method may comprise learning first path information associated with a first path provided by an active second routing component, and second path information associated with a second path provided by a standby second routing component. ... Nicira Inc

06/07/18 / #20180159943

Performing context-rich attribute-based services on a host

Some embodiments provide a novel method for performing a service at a host computer that executes data compute nodes (dcns). For a data message, the method identifies a service tag and a set of attributes associated with the service tag. ... Nicira Inc

06/07/18 / #20180159821

Providing services for logical networks

Some embodiments provide a method for a network controller that manages several logical networks. The method receives a specification of a logical network that includes at least one logical forwarding element attached to a logical service (e.g., dhcp). ... Nicira Inc

06/07/18 / #20180159801

Service function chain (sfc) data communications with sfc data in virtual local area network identifier (vlan id) data fields

A data system transfers data packets over service function chains (sfcs). A classifier receives the packets and determines sfc identifiers (ids) and metadata. ... Nicira Inc

06/07/18 / #20180159790

Prioritizing flows in software defined networks

Described herein are systems, methods, and software to enhance network traffic management. In one implementation, a method of operating a network interface system on a host computing system includes receiving a plurality of network packets and, for each packet in the plurality of network packets, identifying whether the packet comprises a control packet for fault detection in a software defined network (sdn). ... Nicira Inc

06/07/18 / #20180159782

Context driven policy based packet capture

A computer system provides a method for context-based packet scanning in a computing environment. The method includes the steps of receiving a packet from a virtual machine, determining if a network flow associated with the packet exists in a context data structure, and upon determining that a context entry associated with the network flow exists in the context data structure, tagging the packet with context information included in the context entry, comparing the context information and network flow information to context and network flow criteria in one or more packet capture policies, and recording contents of the packet when the context information and network flow information match one of the one or more packet capture policies.. ... Nicira Inc

06/07/18 / #20180159733

Performing context-rich attribute-based services on a host

Some embodiments provide a novel method for configuring a set of service one or more nodes on a host to perform context-rich, attribute-based services on the host computer, which executes several data compute nodes (dcns) in addition to the set of service nodes. The method uses a context-filtering node on the host to collect a first set of attributes associated with service rules processed by the set of service nodes on the host computer. ... Nicira Inc

06/07/18 / #20180159696

Distributed multicast by endpoints

A novel method of conducting multicast traffic in a network is provided. The network includes multiple endpoints that receive messages from the network and generate messages for the network. ... Nicira Inc

05/31/18 / #20180152417

Security policy analysis based on detecting new network port connections

A computer system provides a method for identifying firewall rules to apply to a virtual machine based on detecting initiation of a new network connection from the virtual machine. An example method generally includes detecting initiation of communications on a network port by a virtual machine, identifying one or more applications executing on the virtual machine that initiated communications on the network port, identifying one or more firewall rules to apply to the virtual machine based, at least in part, on the identification of the one or more applications, determining a deviation between firewall rules applied to the virtual machine and the identified one or more firewall rules, and upon determining that a deviation exists between the firewall rules applied to the virtual machine and the identified one or more firewall rules, applying one or more rules corresponding to the determined deviation to the virtual machine.. ... Nicira Inc

05/31/18 / #20180152322

Method and system for virtual and physical network integration

The disclosure herein describes a virtual extensible local area network (vxlan) gateway. During operation, the vxlan gateway receives, from a physical host, an ethernet packet destined for a virtual machine residing in a remote layer-2 network broadcast domain that is different from a local layer-2 network broadcast domain where the physical host resides. ... Nicira Inc

05/31/18 / #20180152321

Efficient update of per-interface address groupings

Certain embodiments described herein are generally directed to a hypervisor-wide data structure that holds service rule address information for multiple vifs in a compact way, which can later be processed per-vif, in order to perform vif-specific address group updates. For example, certain embodiments described herein provide a network controller that maintains a global hash table for multiple vifs that maps network addresses to groups of one or more service rules. ... Nicira Inc

05/31/18 / #20180152263

Statistical approaches in nsx scale testing

Certain embodiments of the present disclosure are generally directed to testing connections between a plurality of endpoints in a logical network. For example, in some embodiments, a central controller may determine rates at which endpoints are to send packets to test connections and may adjust these rates based on feedback information from the endpoints regarding tested connections.. ... Nicira Inc

05/17/18 / #20180139175

Accessing nodes deployed on an isolated network

Example methods and systems are provided for a management entity on a first network to access a node deployed on a second network that is isolated from the first network. The method may comprise assigning a first network address to the node, the first network address being a transient network address for the management entity to access the node temporarily from the first network. ... Nicira Inc

05/17/18 / #20180139122

Enablement of multi-path routing in virtual edge systems

The technology disclosed herein enables multi-path routing in virtual edge systems of a virtual network environment. In a particular embodiment, a method provides establishing a connection for a communication with a client outside of the virtual network environment through a first virtual edge system of a plurality of virtual edge systems. ... Nicira Inc

05/10/18 / #20180131675

Firewall rule creation in a virtualized computing environment

Example methods are provided for a network management entity to perform firewall rule creation in a virtualized computing environment. The method may comprise obtaining flow data associated with an application-layer protocol session between a first endpoint and a second endpoint in the virtualized computing environment; and identifying, from the flow data, an association between a control flow and at least one data flow of the application-layer protocol session. ... Nicira Inc

05/10/18 / #20180131617

Congestion-aware load balancing

Certain embodiments presented herein relate to load balancing of data transmissions among a plurality of paths between endpoints (eps) coupled to virtual switches. In particular, between the virtual switches there may be a number of physical paths for the data to be communicated between the eps. ... Nicira Inc

05/03/18 / #20180124198

Cloud to on-premise port forwarding with ip address bound to loopback alias

An example method to provide communication between a first computer in a first computer network and a second computer in a second computer network is disclosed. The method includes aliasing the second computer's address in the second computer network to a loopback interface of a third computer in the first computer network and establishing a tunnel between the third computer and a fourth computer in the second computer network. ... Nicira Inc

05/03/18 / #20180124171

Adaptive data mirroring in virtual networks

Some embodiments provide a method for providing a continuous mirroring session between a monitored data compute node (dcn) and a monitoring dcn. The method provides such uninterrupted mirroring session regardless of relocations of the dcns during the mirroring session. ... Nicira Inc

05/03/18 / #20180124139

Port mirroring in overlay networks

A method of mirroring packets in a network. The method assigns an internet protocol (ip) multicast address to an overlay network for transmitting mirrored packets. ... Nicira Inc

05/03/18 / #20180124112

Efficient computation of address groupings across multiple network interfaces

Certain embodiments described herein are generally directed to normalizing service rules across multiple virtual interfaces (vifs). For example, certain embodiments described herein relate to a method for managing service rules. ... Nicira Inc

05/03/18 / #20180124061

Performing services on a host

Some embodiments provide a novel method for performing services on a host computer that executes several data compute nodes (dcns). The method receives, at a module executing on the host, a data message associated with a dcn executing on the host. ... Nicira Inc

05/03/18 / #20180123954

Virtualization port layer including physical switch port and logical switch port

Aspects of the present disclosure relate to introduction of a physical switch port and logical switch port to the virtualization layer. A virtual network interface card (vnic) can be associated with a physical switch port that routes traffic to logical switch ports based on a transmit function. ... Nicira Inc

05/03/18 / #20180123951

Media access control address learning for packets

Certain embodiments described herein are generally directed to media access control (mac) address learning for packets sent between end points (eps) in a network (e.g., overlay network). For example, in some embodiments, vteps may be used to provide packet forwarding services, load balancing services, gateway services, etc., to eps in the network. ... Nicira Inc

05/03/18 / #20180123939

Monitoring resource consumption for distributed services

A method for monitoring several data compute nodes (dcns) on a group of managed host machines is provided. The method receives service usage data from a group of managed hosts. ... Nicira Inc

05/03/18 / #20180123907

Managing resource consumption for distributed services

A method for managing service resources of a group of host machines is provided. Each host machine provides services for a corresponding set of data compute nodes (dcns). ... Nicira Inc

05/03/18 / #20180123903

Network health checker

A method of generating a network topology map in a datacenter comprising a network manager server and a set of host machines is provided. Each host machine hosts a set of data compute nodes (dcns). ... Nicira Inc

05/03/18 / #20180123877

Logical network configuration span

Certain embodiments described herein are generally directed to determining the spans of logical entities in a logical network using a graph theoretic method. For example, in some embodiments, a configuration of the logical network is represented as a directed graph with labeled edges. ... Nicira Inc

05/03/18 / #20180121250

Monitoring and optimizing interhost network traffic

Some embodiments provide a method for clustering a set of data compute nodes (dcns), which communicate with each other more frequently, on one or more host machines. The method groups together guest dcns (gdcns) that (1) execute on different host machines and (2) exchange network data among themselves more frequently, in order to reduce interhost network traffic. ... Nicira Inc

04/19/18 / #20180109416

Reducing data plane disruption in a virtual switch

Described herein are systems, methods, and software to reduce data plane disruption during a startup event for a virtual switch controller. In one example, during a startup event, applications are initiated on a virtual switch controller to configure the virtual switch. ... Nicira Inc

04/12/18 / #20180102959

Tracing network packets through logical and physical networks

Some embodiments provide a method for a first network controller that manages a set of logical forwarding elements implemented in several managed forwarding elements. The method receives a request to trace a specified packet having a particular source on a logical forwarding element. ... Nicira Inc

04/12/18 / #20180102943

Method and system for managing network nodes that implement a logical multi-node application

Some embodiments of the invention provide a novel method of managing network nodes that implement a logical multi-node application. The method can comprise obtaining log data describing events relating to a plurality of network nodes and obtaining network flow data describing flow of data between the plurality of network nodes. ... Nicira Inc

04/12/18 / #20180102937

Network operating system for managing and securing networks

Systems and methods for managing a network are described. A view of current state of the network is maintained where the current state of the network characterizes network topology and network constituents, including network entities and network elements residing in or on the network. ... Nicira Inc

04/05/18 / #20180097785

Scalable security key architecture for network encryption

An example method of key management for encryption of traffic in a network having a network nodes includes negotiating, between a first network node and a centralized key management server, to obtain a master key shared among the network nodes; receiving, at the first network node, a first identifier for the first network node and a second identifier for a second network node; generating, at the first network node, a first session key by supplying the master key, the first identifier, and the second identifier as parametric input to a function; establishing, using a network stack of the first network node, a first point-to-point tunnel through the network to the second network node without a key exchange protocol; and sending first traffic from the first network node to the second network node through the first point-to-point tunnel, the first traffic including a portion encrypted by the first session key.. . ... Nicira Inc

04/05/18 / #20180097778

Use of stateless marking to speed up stateful firewall rule processing

A novel method for stateful packet classification that uses hardware resources for performing stateless lookups and software resources for performing stateful connection flow handshaking is provided. To classify an incoming packet from a network, some embodiments perform stateless look up operations for the incoming packet in hardware and forward the result of the stateless look up to the software. ... Nicira Inc

04/05/18 / #20180097734

Anycast edge service gateways

Some embodiments provide a method for managing traffic in a virtualized environment. The method, in some embodiments, configures multiple edge service gateways (esgs) executing on multiple host machines (e.g., on a hypervisor) to use a same anycast inner interne protocol (ip) address and a same anycast inner media access control (mac) address. ... Nicira Inc

03/29/18 / #20180091415

Inline processing of learn actions in a virtual switch

Described herein are systems, methods, and software to enhance inline processing of data packets by a virtual switch. In at least one implementation, a virtual switch receives a data packet and initiates a flow process with a plurality of flow operations on the data packet. ... Nicira Inc

03/22/18 / #20180083837

Application-based network segmentation in a virtualized computing environment

Example methods are provided for host to implement application-based network segmentation in a virtualized computing environment. The method may comprise detecting an egress packet from a virtualized computing instance supported by the host for transmission to a destination and identifying a source application associated with the egress packet. ... Nicira Inc

03/22/18 / #20180083829

Using transactions to minimize churn in a distributed network control system

A particular network controller receives a first set of in-puts from the first controller and a second set of inputs from the second controller. The particular controller then starts to compute a set of out-puts using the first set of inputs. ... Nicira Inc

03/01/18 / #20180063237

Distributed global load-balancing system for software-defined data centers

The disclosure herein describes a system for providing distributed global server load balancing (gslb) over resources across multiple data centers. The system includes a directory group comprising one or more directory nodes and a plurality of gslb nodes registered to the directory group. ... Nicira Inc

03/01/18 / #20180063195

Adaptable network event monitoring configuration in datacenters

Some embodiments provide a method for defining an adaptable monitoring profile for a network. The defined network monitoring profile is independent of the security policy defined for the network and includes one or more log generation rules, each of which defines a logging policy for a set of data compute nodes (dcns) that share a common attribute. ... Nicira Inc

03/01/18 / #20180063194

Policy definition and enforcement for a network virtualization platform

A method of defining policy for a network virtualization platform of a data center is provided. The method receives a registration of one or more actions provided by each of a plurality of data center services. ... Nicira Inc

03/01/18 / #20180063176

Identifying and handling threats to data compute nodes in public cloud

Some embodiments provide a method for a public cloud manager that interacts with a management system of a public datacenter. The method receives a notification from a network controller that a second data compute node is compromised. ... Nicira Inc

03/01/18 / #20180063160

Isolated network stack to manage security for virtual machines

Some embodiments provide a novel method for monitoring network requests from a machine. The method captures the network request at various layers of a protocol stack. ... Nicira Inc

03/01/18 / #20180063103

Secure key management protocol for distributed network encryption

For an encryption management module of a host that executes one or more data compute nodes (dcns), some embodiments of the invention provide a method of providing key management and encryption services. The method initially receives an encryption key ticket at an encryption management module to be used to retrieve an encryption key identified by the ticket from a key manager. ... Nicira Inc

03/01/18 / #20180063087

Managed forwarding element executing in separate namespace of public cloud data compute node than workload application

Some embodiments provide a method for a network controller that manages a logical network implemented in a datacenter having forwarding elements to which the network controller does not have access. The method identifies a data compute node (dcn) operating on a host machine in the datacenter, to attach to the logical network. ... Nicira Inc

03/01/18 / #20180063086

Managed forwarding element executing in public cloud data compute node without overlay network

Some embodiments provide a method for a network controller that manages a logical network implemented in a datacenter having forwarding elements to which the network controller does not have access. The method identifies a data compute node (dcn), that operates on a host machine in the datacenter, to attach to the logical network. ... Nicira Inc

03/01/18 / #20180062933

Managed forwarding element executing in public cloud data compute node with different internal and external network addresses

Some embodiments provide a method for a network controller that manages a logical network implemented in a datacenter comprising forwarding elements to which the network controller does not have access. The method identifies a data compute node (dcn), that operates on a host machine in the datacenter, to attach to the logical network. ... Nicira Inc

03/01/18 / #20180062923

Use of public cloud inventory tags to configure data compute node for logical network

Some embodiments provide a method for a public cloud manager operating within a first data compute node of a public cloud. The method receives, through a set of public cloud provider apis, information regarding a new second data compute node created within the public cloud. ... Nicira Inc

03/01/18 / #20180062917

Extension of network control system into public cloud

Some embodiments provide a method for a first network controller that manages a logical network implemented in a datacenter including forwarding elements to which the first network controller does not have access. The method identifies a first data compute node (dcn) in the datacenter configured to execute a second network controller. ... Nicira Inc

03/01/18 / #20180062914

Edge node cluster network redundancy and fast convergence using an underlay anycast vtep ip

Some embodiments provide a method for providing redundancy and fast convergence for modules operating in a network. The method configures modules to use a same anycast inner ip address, anycast mac address, and to associate with a same anycast vtep ip address. ... Nicira Inc

03/01/18 / #20180062834

System and method for managing secret information using virtualization

A distributed computer system and method for managing secret information for virtual entities in the distributed computer system utilizes multiple secret storage service entities to provide secret information to a virtual entity to be hosted in a host computer in the distributed computer system. At least one piece of the secret information for the virtual entity is distributed to the multiple secret storage service entities to provide the secret information to the virtual entity using the at least one piece of the secret information from one of the multiple secret storage service entities.. ... Nicira Inc

03/01/18 / #20180060061

Method and system for tracking progress and providing fault tolerance in automated upgrade of a network virtualization platform

A method of upgrading nodes of a network virtualization platform is provided. The method receives a definition of an upgrade plan to upgrade a group of upgrade units. ... Nicira Inc

02/22/18 / #20180054351

Group-based network event notification

Example methods are provided for network management entity to perform group-based network event notification in a network environment that includes the network management entity and a notification consumer. The method may comprise: in response to detection of a first network event associated with a group, withholding notification of the first network event to the notification consumer; and in response to detection of a second network event associated with the group, withholding notification of the second network event to the notification consumer. ... Nicira Inc

02/22/18 / #20180052703

Maintaining security system information in virtualized computing environments

Example methods are provided for a host to maintain security system information in a virtualized computing environment, in which the host supporting a security system to secure a source virtualized computing instance. The method may include, based on an operation associated with the source virtualized computing instance, determining to maintain security system information associated with the security system. ... Nicira Inc

02/15/18 / #20180048702

Excluding stressed machines from load balancing of distributed applications

Some embodiments provide a method for an end machine, that implements a distributed application, to redirect new network connection requests to other end machines that also implement the distributed application. The method receives a set of measurement data from a set of resources of the end machine and determines whether a measurement data received from a particular resource has exceeded a threshold. ... Nicira Inc

02/15/18 / #20180048623

Firewall rule management

Some embodiments provide a central firewall management system that can be used to manage different firewall devices from a single management interface. This management interface provides a uniform interface for defining different firewall rule sets and deploying these rules sets on different firewall devices (e.g., port-linked firewall engines, firewall service vms, network-perimeter firewall devices, etc.). ... Nicira Inc

02/15/18 / #20180048537

Policy driven network qos deployment

Some embodiments provide a method for dynamically implementing quality of service (qos) for machines of a network. The method identifies a qos policy rule that defines a qos policy to be implemented for machines that meet a set of criteria specified by the qos policy rule. ... Nicira Inc

02/15/18 / #20180048478

Replicating broadcast, unknown-unicast, and multicast traffic in overlay logical networks bridged with physical networks

A novel method for performing replication of messages in a network that bridges one or more physical networks to an overlay logical network is provided. A physical gateway provides bridging between network nodes of a physical network and virtual machines in the overlay logical network by serving as an endpoint of the overlay logical network. ... Nicira Inc

02/15/18 / #20180046807

Intelligent identification of stressed machines for data security management

Some embodiments provide a method for preventing stressed end machines from being scanned for security check on a host machine that executes several different end machines scheduled to be scanned for security check. The method collects, at one of the end machines, a set of measurement data from a set of resources of the end machine. ... Nicira Inc

02/08/18 / #20180041443

Distributed network address translation for efficient cloud service access

A method for coordinating distributed network address translation (nat) in a network within which several logical networks are implemented. The logical networks include several tenant logical networks and at least one service logical network that include service virtual machines (vms) that are accessed by vms of the tenant logical networks. ... Nicira Inc

01/04/18 / #20180007162

Upgrading a proxy that decouples network connections from an application during application's downtime

Some embodiments provide a method for upgrading a proxy instance that receives incoming data destined for an application, as an intermediary between the application and a network interface of a machine. The method of some embodiments receives a notification that an updated version of a first proxy instance is available. ... Nicira Inc

01/04/18 / #20180007008

Firewall configuration versioning

Some embodiments provide a method for managing firewall protection in a datacenter that includes multiple host machines that each hosts a set of data compute nodes. The method maintains a firewall configuration for the host machines at a network manager of the data center. ... Nicira Inc

01/04/18 / #20180007007

Self-service firewall configuration

A novel method for managing firewall configuration of a software defined data center is provided. Such a firewall configuration is divided into multiple sections that each contains a set of firewall rules. ... Nicira Inc

01/04/18 / #20180007005

Implementing logical network security on a hardware switch

Some embodiments provide a method for configuring a hardware switch to implement a security policy associated with a logical router of a logical network. The method receives a logical router definition. ... Nicira Inc

01/04/18 / #20180007004

Implementing logical network security on a hardware switch

Some embodiments provide a method for applying a security policy defined for a logical network to an mhfe that integrates physical workloads (e.g., physical machines connected to the mhfe) with the logical network. The method applies the security policy to the mhfe by generating a set of acl rules based on the security policy's definition and configuring the mhfe to apply the acl rules on the network traffic that is forwarded to and/or from the physical machines. ... Nicira Inc

01/04/18 / #20180007000

Translation cache for firewall configuration

Some embodiments provide a method for distributing firewall configuration in a datacenter comprising multiple host machines. The method retrieves a rule in the firewall configuration for distribution to the host machines. ... Nicira Inc

01/04/18 / #20180006958

Decoupling network connections from an application while the application is temporarily down

Some embodiments provide a method for saving data communicated with an application during the application downtime. The method, in some embodiments, receives incoming data from an interface of a machine. ... Nicira Inc

01/04/18 / #20180006943

Installation of routing tables for logical router in route server mode

Some embodiments provide a method for a network controller operating on a host machine that hosts a particular one of multiple centralized routing components for a logical router. The method receives a routing table from a routing protocol application operating on the host machine. ... Nicira Inc

01/04/18 / #20180006926

Analysis of simultaneous multi-point packet capture

Some embodiments provide a method for presenting packets captured in a network. The method identifies a first set of packets from a first packet group of multiple captured packet groups. ... Nicira Inc

01/04/18 / #20180006923

Software tap for traffic monitoring in virtualized environment

Some embodiments provide a system for lossless packet monitoring in a virtualized. The system, using a virtual tap, intercepts packets from a data compute node operating on a host machine, between the data compute node (dcn) and a managed forwarding element on the host. ... Nicira Inc

01/04/18 / #20180006908

Distributed network troubleshooting using simultaneous multi-point packet capture

Some embodiments provide a method for performing a multi-point capture of packets in a network. The method identifies multiple nodes for the multi-point capture in the network. ... Nicira Inc

01/04/18 / #20180006902

Network workflow replay tool

A method of automatically identifying and recreating tenants environment issues in a set of datacenters by a workflow replay tool is provided. Each datacenter includes a network manager server. ... Nicira Inc

01/04/18 / #20180006880

Ranking of gateways in cluster

Some embodiments provide a method for managing a set of forwarding elements. The method receives configuration information for a set of gateways specifying (i) multiple gateways for implementing logical router ports and (ii) a ranking order of the gateways in the set. ... Nicira Inc

01/04/18 / #20180006878

Centralized troubleshooting tool for distributed virtual network

Some embodiments provide a method for troubleshooting a virtual network that is implemented over multiple computing devices, which include first and second host machines that host virtual machines (vms). Each vm interfaces the virtual network through a set of virtual network interface controllers (vnics). ... Nicira Inc

01/04/18 / #20180006877

Context-sensitive command whitelisting for centralized troubleshooting tool

Some embodiments provide a method for troubleshooting a virtual network that is implemented across a plurality of computing devices. The method provides a command line interface (cli) for receiving and executing commands for debugging and monitoring the virtual network. ... Nicira Inc

01/04/18 / #20180004577

Methods and systems for managing interconnection of virtual network functions

A method and apparatus is disclosed herein for use of a connectivity manager and a network infrastructure including the same. In one embodiment, the network infrastructure comprises one or more physical devices communicably coupled into a physical network infrastructure or via the overlay provided by the physical servers; and a virtual network domain containing a virtual network infrastructure executing on the physical network infrastructure. ... Nicira Inc

12/28/17 / #20170371716

Identifier (id) allocation in a virtualized computing environment

Example methods are provided for a first node to perform identifier (id) allocation in a virtualized computing environment that includes a cluster formed by the first node and at least one second node. The method may comprise retrieving, from a pool of ids associated with the cluster, a batch of ids to a cache associated with the first node. ... Nicira Inc

12/21/17 / #20170366504

Context-aware distributed firewall

A context-aware distributed firewall scheme is provided. A firewall engine tasked to provide firewall protection for a set of network addresses applies a reduced set of firewall rules that are relevant to the set of addresses associated with the machine. ... Nicira Inc

12/21/17 / #20170366446

Database protocol for exchanging forwarding state with hardware switches

Some embodiments provide a set of one or more network controllers that communicates with a wide range of devices, ranging from switches to appliances such as firewalls, load balancers, etc. The set of network controllers communicates with such devices to connect them to its managed virtual networks. ... Nicira Inc

12/21/17 / #20170366401

Network configuration health check

An example method is provided for a host to perform network configuration health check in a virtualized computing environment. The method may include selecting a source nic and one or more destination nics, based on a first network configuration of the host, generating one or more unicast probe packets that are addressed from the source nic to the respective one or more destination nics, and sending the one or more unicast probe packets to the respective one or more destination nics from the source nic via a physical switch connected to the host. ... Nicira Inc

12/14/17 / #20170359414

Management of advanced connection state during migration

Techniques for transferring connection data for a migrated virtual computing instance are described. The connection data transfer process includes the steps of, responsive to determining the virtual computing instance is to be migrated, transmitting the connection data, from a first memory buffer shared between a first instance of a service virtual computing instance and a first hardware abstraction layer executing in a source host, to a second memory buffer shared between a second instance of the service virtual computing instance and a second hardware abstraction layer executing in a destination host; responsive to determining the virtual computing instance is stopped in the source host, packing connection data changes including changes made to the connection data at the source host during a time period beginning when the connection data is copied and ending when the virtual computing instance is stopped; and transmitting the connection data changes to the destination host.. ... Nicira Inc

12/14/17 / #20170357611

Methods and systems to achieve multi-tenancy in rdma over converged ethernet

A method for providing multi-tenancy support for rdma in a system that includes a plurality of physical hosts. Each each physical host hosts a set of data compute nodes (dcns). ... Nicira Inc

12/07/17 / #20170353433

Traffic handling for containers in a virtualized computing environment

An example method is provided for a computing device to perform traffic handling for a container in a virtualized computing environment. The method may comprise receiving a traffic flow of packets from a virtual machine and identifying a container from which the traffic flow originates based on content of the received traffic flow of packets. ... Nicira Inc

11/30/17 / #20170346885

Load balancing for a team of network interface controllers

An example method is provided for a host to perform load balancing for multiple network interface controllers (nics) configured as a team. The method may comprise the host detecting egress packets from a virtualized computing instance supported by the host for transmission to a destination via the team. ... Nicira Inc

11/30/17 / #20170346732

Using headerspace analysis to identify flow entry reachability

Some embodiments provide a method that uses headerspace analysis. The method receives several flow entries for distribution to a set of forwarding elements that implement a logical network. ... Nicira Inc

11/16/17 / #20170331750

Adjusting connection validating control signals in response to changes in network traffic

Some embodiments provide a method for reducing the transmission of connection validating control signals when they are not needed. Network entities transmit connection validating control signals over network connections at regular intervals to validate that the network connections and the network entities remain functional. ... Nicira Inc

10/26/17 / #20170310738

Configuration change realization assessment and timeline builder

Techniques disclosed herein provide an approach for assessing configuration change realization and building timelines. In one embodiment, an event parser parses relevant log(s) of a computing system to identify events of interest therein and associated tasks. ... Nicira Inc

10/12/17 / #20170295101

Congestion-aware load balancing in data center networks

Example methods are provided for a first switch to perform congestion-aware load balancing in a data center network. The method may comprise: receiving probe packets from multiple next-hop second switches that connect the first switch with a third switch via multiple paths. ... Nicira Inc

10/12/17 / #20170295100

Virtual tunnel endpoints for congestion-aware load balancing

Example methods are provided for a source virtual tunnel endpoint (vtep) to perform congestion-aware load balancing in a data center network. The method may comprise the source vtep learning congestion state information associated with multiple paths provided by respective multiple intermediate switches connecting the source vtep with a destination vtep. ... Nicira Inc

10/12/17 / #20170295033

Methods and systems to offload overlay network packet encapsulation to hardware

A method for offloading packet encapsulation for an overlay network is provided. The method, at a virtualization software of a host, sends a mapping table of the overlay network to a physical network interface controller (nic) associated with the host. ... Nicira Inc

10/05/17 / #20170289040

Throughput resilience during link failover

Techniques disclosed herein provide an approach for providing throughput resilience during link failover when links are aggregated in a link aggregation group (lag). In one embodiment, failure of a link in the lag may be detected, and a transmission control protocol/interact protocol (tcp/ip) stack notified to ignore packet losses and not perform network congestion avoidance procedure(s) for one round-trip timeout (rto) period. ... Nicira Inc

10/05/17 / #20170288981

Troubleshooting virtual network reachability

A novel method for troubleshooting a logical network is provided. The logical network has logical forwarding elements operating inside virtual network forwarding engines. ... Nicira Inc

10/05/17 / #20170288953

Automatic setup of failure detection sessions

For a network with host machines that are hosting virtual machines, a method for facilitating bum (broadcast, unknown unicast, and multicast) traffic between a hardware switch (e.g., tor switch) and the host machines is provided. The network has a set of host machines configured as a cluster of replicators for replicating bum traffic from the hardware switch to the host machines. ... Nicira Inc

10/05/17 / #20170286799

Automated realization of hand-drawn topologies

Techniques disclosed herein provide an approach for automated realization of hand-drawn topologies. In one embodiment, a topologizer application is configured to parse an image depicting a hand-drawn topology and identify shapes and relationships between the shapes in the image. ... Nicira Inc

09/28/17 / #20170277557

Architecture of networks with middleboxes

Some embodiments provide a system for implementing a logical network that includes a set of end machines, a first logical middlebox, and a second logical middlebox connected by a set of logical forwarding elements. The system includes a set of nodes. ... Nicira Inc

09/21/17 / #20170272192

Synchronization of data and control planes of routers

Synchronization between a data plane of a router in a network and a control plane of the router is performed by a processor of the router. Route information associated with at least one network node in the network is learned using a routing protocol. ... Nicira Inc

09/14/17 / #20170264497

Method to reduce packet statistics churn

A method of collecting statistics for a set of logical entities associated with a flow-based managed forwarding element. A statistics collection flow table is created for collecting statistics for logical entities. ... Nicira Inc








ARCHIVE: New 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009



###

This listing is an abstract for educational and research purposes is only meant as a recent sample of applications filed, not a comprehensive history. Freshpatents.com is not affiliated or associated with Nicira Inc in any way and there may be associated servicemarks. This data is also published to the public by the USPTO and available for free on their website. Note that there may be alternative spellings for Nicira Inc with additional patents listed. Browse our Agent directory for other possible listings. Page by FreshPatents.com

###