TREA

Identifying routes with indirect addressing in a datacenter

Follow

Information

  • Patent Grant
  • 11736436
  • Patent Number
    11,736,436
  • Date Filed
    Thursday, February 25, 2021
    3 years ago
  • Date Issued
    Tuesday, August 22, 2023
    a year ago
Information
Abstract
Some embodiments provide a novel method of tracking connections in a network. The method receives an identification of a first network endpoint and a second network endpoint. The method then determines that the first network endpoint cannot directly address a packet flow to the second network endpoint. The method identifies an address translation rule of a network device that translates an address of the second network endpoint into a translated address. The method then determines that the first network endpoint can directly address a packet flow to the translated address. The method then identifies a route from the first network endpoint to the second endpoint through the network device that translates the address and displays the route including an identifier of the network device.
Description
BACKGROUND

Datacenters and other private or public networks with internal addressing schemes often have subnets with separate addressing schemes from the main network and other subnets. In some cases, a particular virtual machine (VM) or other device in the datacenter may not be able to directly address a second particular VM or device of the datacenter. However, the two VMs/devices may be able to connect through indirect addressing through a network device that provides indirect addressing, such as a network address translation (NAT) device or a load balancer that translates virtual internet protocol (VIP) addresses into dynamic IP (DIP) addresses. Such indirect addressing may be desirable for various reasons, such as providing additional security by hiding a group of IP addresses behind a single IP, re-using private IP space, and/or faster deployment of virtual Apps. NAT devices provide indirect addressing that enables private IP networks that use unregistered IP addresses to connect to the Internet or other networks and sub-networks. Load balancers provide indirect addressing that helps to distribute the load of multiple connections across multiple servers. Prior art network mapping systems display direct addressing routes between VMs in datacenters, however, there is a need for an efficient method for determining indirect routes between VMs/devices separated by network devices that provide address translation for indirect routing.


BRIEF SUMMARY

Some embodiments provide a novel method of tracking connections in a network. The method receives an identification of a first network endpoint and a second network endpoint. The method then determines that the first network endpoint cannot directly address a packet flow to the second network endpoint. The method identifies an address translation rule of a network device that translates an address of the second network endpoint into a translated address. The method then determines that the first network endpoint can directly address a packet flow to the translated address. The method then identifies a route (sometimes referred to herein as a “path”) from the first network endpoint to the second network endpoint through the network device that translates the address and displays the route including an identifier of the network device.


In some embodiments, the network device is a load balancer or a network address translation (NAT) device. The network device of some embodiments uses the address translation rule, e.g., a destination NAT (DNAT), to change IP addresses of packets sent between the first and second endpoints.


In some embodiments, the network device is one of multiple network devices that each change IP addresses and/or port addresses of packets sent between the first and second endpoints and displaying the route also includes displaying an identifier of each of the multiple network devices.


Displaying the route, in some embodiments, includes displaying an interface option that, when selected, displays at least one address of a packet flow before the packet flow passes through the network device. The displayed addresses may include both an incoming address of a packet flow entering the network device and a translated address of the packet flow leaving the network device.


In some embodiments, the incoming address is an incoming destination address of the packet flow and the translated address is a translated destination address of the packet flow. In some embodiments, the incoming address is an incoming source address of the packet flow and the translated address is a translated source address of the packet flow.


In some embodiments that include an interface option, when the interface option is selected, the method also displays an incoming and outgoing interface identifier for the address translation rule. The display of the incoming address may include a display of both an IP address and a port address. Likewise, the display of the translated address may include a display of an IP address and a port address.


In some embodiments, the method receives a command to us an indirect route before identifying the route. In other embodiments, the method automatically determines that the route passes through the network device and that the address translation rule applies to packets using the route.


In some embodiments, before identifying an address translation rule that produces a translated address that the first endpoint can directly address, the method identifies a second address translation rule that produces a translated address that the first endpoint cannot directly address.


In some embodiments, no address translation rule that applies to the second network endpoint produces a translated address that is directly addressable by the first network endpoint. In such embodiments, the method finds at least one additional translation rule that applies to a translated address produced by the first address translation rule (possibly in addition to subsequent address translation rules) that eventually produce a translated address that the first network endpoint can directly address.


The preceding Summary is intended to serve as a brief introduction to some embodiments of the invention. It is not meant to be an introduction or overview of all inventive subject matter disclosed in this document. The Detailed Description that follows and the Drawings that are referred to in the Detailed Description will further describe the embodiments described in the Summary as well as other embodiments. Accordingly, to understand all the embodiments described by this document, a full review of the Summary, Detailed Description, the Drawings and the Claims is needed. Moreover, the claimed subject matters are not to be limited by the illustrative details in the Summary, Detailed Description and the Drawing.





BRIEF DESCRIPTION OF THE DRAWINGS

The novel features of the invention are set forth in the appended claims. However, for purpose of explanation, several embodiments of the invention are set forth in the following figures.



FIGS. 1A-1B conceptually illustrate a process for determining and displaying an indirect route through a network between a first network endpoint and a second network endpoint.



FIG. 2A illustrates identification of a route using the first tested DNAT rule.



FIG. 2B illustrates an example of identification of a route using a second tested DNAT rule after the first tested DNAT rule fails to produce an indirect route.



FIG. 2C illustrates a second example of identification of a route using a second tested DNAT rule after the first tested DNAT rule fails to produce an indirect route.



FIG. 3 illustrates an example of an indirect route with nested DNAT rules.



FIG. 4 illustrates an example of a graphical user interface (GUI) of some embodiments for identifying indirect paths.



FIG. 5 illustrates a user interface tool that displays information about a router with a DNAT rule that provides part of the identified route.



FIG. 6 conceptually illustrates a network system of some embodiments with a network analyzer.



FIG. 7 conceptually illustrates an electronic system with which some embodiments of the invention are implemented.





DETAILED DESCRIPTION

In the following detailed description of the invention, numerous details, examples, and embodiments of the invention are set forth and described. However, it will be clear and apparent to one skilled in the art that the invention is not limited to the embodiments set forth and that the invention may be practiced without some of the specific details and examples discussed.


Some embodiments provide a novel method of tracking connections in a network. The method receives an identification of a first network endpoint and a second network endpoint. The method then determines that the first network endpoint cannot directly address a packet flow to the second network endpoint. In other words, the method determines that there is no path (i.e., no route) between the end points through direct addressing. In some embodiments, the method makes this determination based on user input. In other embodiments the method performs an automated path search between the two endpoints to determine whether there is a path that can be found for data message flows from the first network endpoint to the second network endpoint, by using direct addressing that relies on the destination address specified by the first network endpoint that provides the data message flow. If not, the method determines that a packet that uses a destination network address specified by the first network endpoint, or a machine executing on or associated with the first network endpoint, cannot reach the desired second network endpoint without going through at least one address translation.


When the method determines that the first network endpoint cannot directly address a packet flow to the second network endpoint (e.g., determines that there is no path between the first and second network endpoints through direct addressing), the method identifies an address translation rule of a network device that translates an address of the second network endpoint into a translated address. The method then determines that the first network endpoint can directly address a packet flow to the translated address. The method then identifies a route from the first network endpoint to the second endpoint through the network device that translates the address and displays the route including an identifier of the network device.


In some embodiments, the network device is a load balancer or a network address translation (NAT) device. The network device of some embodiments uses the address translation rule, e.g., a destination NAT (DNAT), to change IP addresses of packets sent between the first and second endpoints.


In some embodiments, the network device is one of multiple network devices that each change IP addresses and/or port addresses of packets sent between the first and second endpoints and displaying the route also includes displaying an identifier of each of the multiple network devices.


Displaying the route, in some embodiments, includes displaying an interface option that, when selected, displays at least one address of a packet flow before the packet flow passes through the network device. The displayed addresses may include both an incoming address of a packet flow entering the network device and a translated address of the packet flow leaving the network device.


In some embodiments, the incoming address is an incoming destination address of the packet flow and the translated address is a translated destination address of the packet flow. In some embodiments, the incoming address is an incoming source address of the packet flow and the translated address is a translated source address of the packet flow.


In some embodiments that include an interface option, when the interface option is selected, the method also displays an incoming and outgoing interface identifier for the address translation rule. The display of the incoming address may include a display of both an IP address and a port address. Likewise, the display of the translated address may include a display of an IP address and a port address.


In some embodiments, the method receives a command to use an indirect route before identifying the route. In other embodiments, the method automatically determines that the route passes through the network device and that the address translation rule applies to packets using the route.


In some embodiments, before identifying an address translation rule that produces a translated address that the first endpoint can directly address, the method identifies a second address translation rule that produces a translated address that the first endpoint cannot directly address.


In some embodiments, no address translation rule that applies to the second network endpoint produces a translated address that is directly addressable by the first network endpoint. In such embodiments, the method finds at least one additional translation rule that applies to a translated address produced by the first address translation rule (possibly in addition to subsequent address translation rules) that eventually produce a translated address that the first network endpoint can directly address.



FIGS. 1A-1B conceptually illustrate a process 100 for determining and displaying an indirect route through a network between a first network endpoint and a second network endpoint. FIG. 1A conceptually illustrates a portion of process 100 that determines whether a single DNAT rule produces a translated address for a second network endpoint that can be directly addressed from a first network endpoint. FIG. 1B conceptually illustrates a portion of process 100 that, when a single DNAT rule cannot produce a translated address for a second network endpoint that can be directly addressed by a first network endpoint, is applied iteratively to determine additional DNAT rules to produce a translated address that can be directly addressed from a first network endpoint.


In FIG. 1A, the process 100 starts by receiving (at 105) identities of two network endpoints where the first network endpoint cannot directly address packets to the second network endpoint. These identities may be received from a user and may be received through the selection of VMs, host machines, devices of the network, or other entities with a network address that are associated with these identities. The first network endpoint cannot directly address packets to the second network endpoint when it does not have or cannot use the second network endpoints address for any number of reasons, such as providing additional security by hiding a group of IP addresses behind a single IP, re-using private IP space, and/or faster deployment of virtual Apps. In such cases, indirect addressing can be used to direct flows from the first network endpoint to the second network endpoint.


In some embodiments, the process 100 not only receives (at 105) identifiers for the two endpoints, but also determines (at 105) that there is no path through the network between the two endpoints through direct addressing. In some of these embodiments, the process 100 makes (at 105) this determination, because when the user provides the two endpoints, the user also specifies that there is no route between these two endpoints through direct addressing. In other embodiments, the process 100 performs (at 105) a path search between the two endpoints to determine whether there is a direct path between these two endpoints through direct addressing. To perform this automated path search, the process 100 performs a path emulation operation that examines the forwarding records of all the intervening switches and routers between these two endpoints to determine whether there is a set of forwarding records of the intervening routers/switches that connects the two endpoints. One example of such an approach is described in U.S. Pat. No. 10,237,142 which is incorporated herein by reference.


The process 100 then identifies (at 110) a DNAT rule for translating the address of the second endpoint to a first level translated address. The DNAT rule is for translating the destination address of packets to match the IP address of the second endpoint. The DNAT rule itself may be a rule in a match-action format that matches a tuple plus an interface of incoming packets at a NAT device, or load balancer device, of the network (e.g., a 5-tuple of an incoming packet flow that includes a source IP address, a source port address, a destination IP address, a destination port address, and protocol, where the packet flow arrives at the NAT through a particular interface), then performs an action, such as replacing the 5-tuple of packets of that incoming packet flow with a 5-tuple with source port and IP addresses corresponding to the NAT and destination IP and port addresses corresponding to the second endpoint, before sending the packets of the packet flow out on an interface used by the second network endpoint. Identifying a DNAT rule as a rule that applies to the second endpoint may be done by checking DNAT rules of the network whose action includes replacing a destination IP address of an incoming packet with the destination address of the second network endpoint. The destination IP address of the match portion of the DNAT rule corresponding to that action is identified as the first level translated address. That is, the first level translated address is the destination address of the second network endpoint, translated through a single DNAT rule.


The process 100 then determines (at 115) whether the first endpoint connects to the first level translated address (of the second endpoint) by direct routing over the interface in the match portion of that DNAT rule. If the first endpoint does connect to the first level translated address, over the matching interface, by direct routing, then a complete path between the endpoints has been identified (as shown in FIG. 2A, below). Accordingly, the process 100 displays (at 120) a path including the NAT at which the identified DNAT rule is applied.


In some embodiments, the method determines whether an endpoint can directly address another endpoint or a router with an address translation rule using data collected by a network managing and monitoring tool (e.g., VMware's vRealize Network Insight) sometimes called a network analyzer. For example, in some embodiments, such a tool might collect data including an inventory of devices, machines, and software on the network, including hosts, VMs, VLANs, and data from network virtualization software (e.g., VMware's NSX), all addresses, all virtual routing and forwarding data, all routing tables, all routing functions, all NAT rules, etc. A network with a network analyzer is further described in FIG. 6, below.


If (at 115) the first endpoint does not connect to the first level translated address, over the matching interface, by direct routing, then a complete path between the endpoints has not been identified. This can occur either because the first endpoint cannot directly address packets to the address of first level translated address (as shown in FIG. 2B, below), or because the direct addressing does not use the matching interface (as shown in FIG. 2C, below). Since the initially identified DNAT does not result in a complete path, the process 100 determines (at 125) whether other DNAT rules apply to the second network endpoint. If other DNAT rules apply, then the process 100 returns to operation 110 to identify another DNAT rule that applies to the second network endpoint.


If (at 125) no other DNAT rules apply, then the process 100 has exhausted all the applicable first level translated addresses. Accordingly, the process 100 proceeds to operation 130 of FIG. 1B. As mentioned above, the portion of process 100 shown in FIG. 1B may be applied iteratively. One of ordinary skill in the art will understand that the process 100 implements a breadth first search of a conceptual tree of DNAT rules, first seeking a complete path using a single DNAT rule (as shown in FIG. 1A), then 2 nested DNAT rules (with one iteration of the portion of process 100 in FIG. 1B), then 3 nested DNAT rules (with a second iteration of the portion of process 100 in FIG. 1B), and so on until a complete path is discovered or all chains of DNAT rules are exhausted.


Each iteration starts after the preceding level of DNAT inspections have failed to produce a complete path between the first and second endpoints. That is, if no DNAT translates an address directly addressable from the first endpoint to the address of the second endpoint, then the next iteration inspects second level DNAT translated addresses. Paths with second level DNAT translated addresses include translation from the IP address of the second endpoint to an incoming address of a first NAT that applies a first level DNAT translation, the incoming address of the first NAT is translated in turn to an incoming address of a second NAT that applies a second level DNAT translation (as shown in FIG. 3, below) and so on.


In an iteration, the process 100 determines (at 130) whether any DNAT rules apply to level n−1 translated addresses, that is, whether there are any further DNAT rules that nest with the previous level of DNAT rules. Each iteration is applied only after the previous level of nested DNAT rules fails to produce a path between the endpoints. Therefore, if there are no further DNAT rules that nest with the previous level of nested DNAT rules, then the process 100 has determined that there is no path, direct or indirect between the endpoints. The process 100 then displays (at 135) a “no path” message.


If (at 130) there are DNAT rules that apply to the previous level of DNAT addresses, then the process 100 identifies (at 140) a DNAT rule for translating an address of an n−1 level translated address to an nth level translated address. That is, the process 100 identifies a new address provided by nesting another DNAT rule to a DNAT rule of the previous level.


The process 100 then determines (at 145) whether the first endpoint connects to the nth level translated address (of the second endpoint) by direct routing over the interface in the match portion of the last level DNAT rule. If the first endpoint does connect to the nth level translated address, over the matching interface, by direct routing, then a complete path between the endpoints has been identified. Accordingly, the process 100 displays (at 150) a path including any NATs at which the identified, nested DNAT rules are applied.


If (at 145) the first endpoint does not connect to the nth level translated address, over the matching interface, by direct routing, then a complete path between the endpoints has not been identified. This can occur either because the first endpoint cannot directly address packets to the address of nth level translated address, or because the direct addressing does not use the matching interface. Since the identified DNAT does not result in a complete path, the process 100 determines (at 155) whether other DNAT rules apply to any of the previous level of DNAT translated addresses. If other DNAT rules apply, then the process 100 returns to operation 140 to identify another DNAT rule that applies to the previous level of DNAT translated addresses.


If (at 145) no other DNAT rules apply, then the process 100 has exhausted all the applicable nth level translated addresses. Accordingly, the process 100 proceeds to operation 130 of the next iteration of operations 130-155 of FIG. 1B.



FIG. 2A illustrates identification of a path using the first tested DNAT rule. FIG. 2A illustrates three phases of the method of some embodiments. Phase (1) represents the method receiving an identification of two endpoints on different address spaces of the network. The endpoints are VMs 202 and 206, which use interfaces 204 and 208, respectively, to connect to the network (not shown). Phase (2) represents the method identifying a first level 1 DNAT rule. The DNAT rule is designated DNAT1-1, with the leading 1 representing the level (number of nested DNAT rules) and the trailing 1 identifying this rule as the first DNAT rule of its level to be tested to determine whether an indirect path with this DNAT rule and no additional NAT rules can be found. DNAT1-1 is implemented by a router 210 on interface 212. In the illustrated case, when an incoming packet on interface 212 and with a 5-tuple matching the match attributes of DNAT1-1 is received by router 210, the destination address of the incoming packet is translated to the address of VM 206 and sent out on interface 208. In phase (3) the method identifies a path through a set of routers 220A and 220B that do not translate an address of the packets forwarded through the routers. This path allows the VM 202 to send packets through direct addressing to the translated address (of router 210) and interface 212 that matches the match attributes of DNAT1-1. The path then continues on through the router 210 (translated using DNAT1-1), through the interface 208, and to VM 206.


One of ordinary skill in the art will understand that the set of routers that do not translate the addresses may include any number of routers in some embodiments and may even include different routers in different instantiations of the route display operation, even in cases where the same DNAT rules are implemented.


While FIG. 2A illustrates an example in which the first tested DNAT rule allowed an indirect route between VMs 202 and 204, FIG. 2B illustrates an example of identification of a path using a second tested DNAT rule after the first tested DNAT rule fails to produce an indirect route. FIG. 2B is intended to illustrate differences that start at phase (3), attempting to identify a direct addressed path to the translated address of the first identified DNAT rule, therefore, phases (1) and (2A) (not shown) of this example would be identical to phases (1) and (2) of FIG. 2A. In phase (3A) of FIG. 2B, the translated address of the first tested DNAT rule (DNAT 1-1), implemented by router 210, is not directly addressable from VM 202. Accordingly, the method, in phase (2B), selects a new DNAT rule, DNAT1-2 implemented by router 230 and applying to packets received over interface 232. Then, in phase (3B) the method identifies a direct path through a set of routers 220A and 220B that do not translate an address of the packets forwarded through the routers.


In some cases, even though an endpoint can directly address the translated address provided by a DNAT rule, the endpoint might not reach that address on an interface that the DNAT rule applies to. FIG. 2C illustrates a second example of identification of a path using a second tested DNAT rule after the first tested DNAT rule fails to produce an indirect route. FIG. 2C is intended to illustrate differences (from FIG. 2A) that start at phase (3), attempting to identify a direct addressed path to the translated address of the first identified DNAT rule, therefore, phases (1) and (2A) (not shown) of this example would be identical to phases (1) and (2) of FIG. 2A. In phase (3A) of FIG. 2C, unlike in phase (3A) of FIG. 2B the translated address of the first tested DNAT rule (DNAT 1-1), implemented by router 210, is directly addressable from VM 202. However, the translated address is directly addressable over interface 240 and DNAT1-1 does not apply to packets received over interface 240 (i.e., the interface match attribute of DNAT1-1 is interface 212, not interface 240). Accordingly, the method, in phase (2B), selects a new DNAT rule, DNAT1-2 implemented by router 230 and applying to packets received over interface 232. Then, in phase (3B) the method identifies a direct path through a set of routers 220A and 220B that do not translate an address of the packets forwarded through the routers.


As mentioned above with respect to FIG. 1B, in some cases, multiple nested network address translation rules are necessary to provide a route between two endpoints. FIG. 3 illustrates an example of an indirect path with nested DNAT rules. FIG. 3 includes 3 phases. In phase (3N) the method determines that the translated address of the last level 1 DNAT rule, DNAT1-N, implemented by router 302 on packets arriving over interface 306 and leaving over interface 304 of VM 206 is not directly addressable from VM 202. As described with respect to FIG. 1B, when no single DNAT rule allows an indirect path between two endpoints, the method of some embodiments seeks an indirect path using nested DNAT rules. Therefore, in phase (4), the method identifies a first nested set of DNAT rules, using DNAT2-1 on router 318 and DNAT1-1 on router 312. DNAT1-1 was identified (e.g., when identifying level 1 DNAT rules) as applying to the address of VM 206, using interface 314. The address of VM 206 is translated to a first translated address by router 312 using DNAT1-1. DNAT2-1 is identified as applying to the first translated address (e.g., having the first translated address and interface 316 as the action attributes of DNAT2-1) The first translated address is translated to a second translated address by router 318, and DNAT2-1 applies to packets arriving at the second translated address over interface 319. In phase (5) the method determines that the second translated address is directly addressable (through interface 319) by VM 202, and therefore that there is an indirect path from VM 202, through interface 204, through a set of routers 220A and 220B, through interface 319, through router 318 (using DNAT2-1), through interface 316, through router 312 (using DNAT1-1), through interface 314, to VM 206.



FIG. 4 illustrates an example of a graphical user interface (GUI) 400 of some embodiments for identifying indirect paths. One of ordinary skill in the art will understand that the specific interface controls and display boxes in FIG. 4 are merely an example and that other embodiments could use other, fewer, or additional GUI items. The GUI 400 includes an endpoint selection control 410 that receives selections from a user of the GUI 400 of endpoints within the network. In this example, the user has selected VM1 and VM2. After a user has selected two endpoints, the GUI 400 then displays address information for the endpoints in address display boxes 415 and 420 and an identifier of the currently selected endpoints in path identification box 425.


In this example, the GUI 400 has identified a router 210 with a DNAT rule that translates a destination address that is directly addressable from VM 202 to the address of VM 206. The GUI additionally displays a set of routers 430A-430E that provides a path (using direct addressing) from VM 202 to router 210 and an additional router 430F that provides a path from router 210 to VM 206. Although routers 430A-430F are all routers in the illustrated example, one of ordinary skill in the art will understand that in some embodiments other devices that send packets may be used in addition to or instead of any or all of the routers. For example, in some embodiments, some or all of the packet forwarding devices could be logical routers, physical routers, logical switches, physical switches, load balancers, routers or other hardware or software devices configured to perform as edge virtual routing and forwarding (VRF), or any other hardware or software device for directing packets in a network.



FIG. 5 illustrates a user interface tool that displays information about a router with a DNAT rule that provides part of the identified route. FIG. 5 shows the GUI 400, with the display object of router 210 selected by a cursor 500 (e.g., by a clicking operation, hovering operation, or some other cursor interaction with the display object of router 210. As a result of the selection, the GUI 400 creates a display box 510 that includes a name (or other identification information) of the router 210, the destination address of incoming packets, the destination address of outgoing packets, the in interface of the packets to which the DNAT rule, DNAT1-1, applies, and the out interface of the packets to which the DNAT rule, DNAT1-1, applies.


Although the above description refers to match attributes and action attributes of DNAT rules as including 5-tuples, in other embodiments, other tuples are used, e.g., 4-tuples that do not include the packet protocol. Although the match attributes in some embodiments and some cases include the interface that the packets are received on, in some embodiments the interface match attribute may be set to multiple interfaces, or set to any interface (i.e., the DNAT rule will apply to packets arriving at the matching address over any interface). In some embodiments, rather than a NAT, the indirect addressing rules will be applied by a load balancer.


The above described embodiments applied one or more DNAT rules to identify indirect paths through a network. However, one of ordinary skill in the art will understand that other embodiments may use other address translation rules in addition to or instead of DNAT rules. For example, some embodiments may use source NAT rules (SNAT) instead of or in addition to DNAT rules. Similarly, some embodiments may use conversion rules from virtual IP (VIP) addresses to dynamic IP (DIP) addresses (e.g., in load balancers) in addition to or instead of SNAT and/or DNAT rules.


The above described embodiments automatically determine which DNAT rule to use in determining an indirect route. However, in other embodiments, a user may be prompted to select a DNAT rule to use for the route. In other embodiments, the user may narrow the selection of address translation rules but not directly determine the address translation rules (e.g., by limiting the types or number of address translation rules can be applied to an indirect path, etc.)


In some embodiments, the data used to identify routing through the network (including through routers implementing NAT rules) are collected by a network analyzer. FIG. 6 conceptually illustrates a network system 600 of some embodiments with a network analyzer 605. The network system 600 could be implemented at a single datacenter or could include multiple locations (e.g., connected through an intervening network). The network system 600 includes multiple hosts 610-620. The hosts 610-620 are hosts for various machines (e.g., virtual machines, containers, etc.). The various machines on the hosts 610-620 communicate through a network fabric 625, which may include one or more load balancing (LB) appliances 630 and/or NAT appliances 635. These LB appliances 630 and NAT appliances 635 may be implemented as hardware, software, or software modules implemented on devices of the network fabric 625, such as software routers or hardware routers. In addition to or instead of LB appliances 630 and NAT appliances 635 in the network fabric, some embodiments may have LB appliances and NAT appliances implemented by the hosts, such as host 610.


The network analyzer 605 is a network managing and monitoring tool (e.g., VMware's vRealize Network Insight) that receives data from various hardware and software on the hosts 610-620 and the network fabric 625. For example, in some embodiments, the network analyzer 605 collects data including an inventory of devices, machines, and software on the network system, including hosts, VMs, VLANs, containers, and data from network virtualization software (e.g., VMware's NSX), all addresses, all virtual routing and forwarding data, all routing tables, all routing functions, all NAT rules, etc. This data may be analyzed and displayed in the user interfaces illustrated in FIGS. 4 and 5.



FIG. 7 conceptually illustrates an electronic system 700 with which some embodiments of the invention are implemented. The electronic system 700 can be used to execute any of the control, virtualization, or operating system applications described above. The electronic system 700 may be a computer (e.g., a desktop computer, personal computer, tablet computer, server computer, mainframe, a blade computer etc.), phone, PDA, or any other sort of electronic device. Such an electronic system includes various types of computer readable media and interfaces for various other types of computer readable media. Electronic system 700 includes a bus 705, processing unit(s) 710, a system memory 725, a read-only memory 730, a permanent storage device 735, input devices 740, and output devices 745.


The bus 705 collectively represents all system, peripheral, and chipset buses that communicatively connect the numerous internal devices of the electronic system 700. For instance, the bus 705 communicatively connects the processing unit(s) 710 with the read-only memory 730, the system memory 725, and the permanent storage device 735.


From these various memory units, the processing unit(s) 710 retrieve instructions to execute and data to process in order to execute the processes of the invention. The processing unit(s) may be a single processor or a multi-core processor in different embodiments.


The read-only-memory (ROM) 730 stores static data and instructions that are needed by the processing unit(s) 710 and other modules of the electronic system. The permanent storage device 735, on the other hand, is a read-and-write memory device. This device is a non-volatile memory unit that stores instructions and data even when the electronic system 700 is off. Some embodiments of the invention use a mass-storage device (such as a magnetic or optical disk and its corresponding disk drive) as the permanent storage device 735.


Other embodiments use a removable storage device (such as a floppy disk, flash drive, etc.) as the permanent storage device. Like the permanent storage device 735, the system memory 725 is a read-and-write memory device. However, unlike storage device 735, the system memory is a volatile read-and-write memory, such a random access memory. The system memory 725 stores some of the instructions and data that the processor needs at runtime. In some embodiments, the invention's processes are stored in the system memory 725, the permanent storage device 735, and/or the read-only memory 730. From these various memory units, the processing unit(s) 710 retrieve instructions to execute and data to process in order to execute the processes of some embodiments.


The bus 705 also connects to the input and output devices 740 and 745. The input devices 740 enable the user to communicate information and select commands to the electronic system. The input devices 740 include alphanumeric keyboards and pointing devices (also called “cursor control devices”). The output devices 745 display images generated by the electronic system 700. The output devices 745 include printers and display devices, such as cathode ray tubes (CRT) or liquid crystal displays (LCD). Some embodiments include devices such as a touchscreen that function as both input and output devices.


Finally, as shown in FIG. 7, bus 705 also couples electronic system 700 to a network 765 through a network adapter (not shown). In this manner, the computer can be a part of a network of computers (such as a local area network (“LAN”), a wide area network (“WAN”), or an Intranet, or a network of networks, such as the Internet. Any or all components of electronic system 700 may be used in conjunction with the invention.


Some embodiments include electronic components, such as microprocessors, storage and memory that store computer program instructions in a machine-readable or computer-readable medium (alternatively referred to as computer-readable storage media, machine-readable media, or machine-readable storage media). Some examples of such computer-readable media include RAM, ROM, read-only compact discs (CD-ROM), recordable compact discs (CD-R), rewritable compact discs (CD-RW), read-only digital versatile discs (e.g., DVD-ROM, dual-layer DVD-ROM), a variety of recordable/rewritable DVDs (e.g., DVD-RAM, DVD-RW, DVD+RW, etc.), flash memory (e.g., SD cards, mini-SD cards, micro-SD cards, etc.), magnetic and/or solid state hard drives, read-only and recordable Blu-Ray® discs, ultra-density optical discs, any other optical or magnetic media, and floppy disks. The computer-readable media may store a computer program that is executable by at least one processing unit and includes sets of instructions for performing various operations. Examples of computer programs or computer code include machine code, such as is produced by a compiler, and files including higher-level code that are executed by a computer, an electronic component, or a microprocessor using an interpreter.


While the above discussion primarily refers to microprocessor or multi-core processors that execute software, some embodiments are performed by one or more integrated circuits, such as application-specific integrated circuits (ASICs) or field-programmable gate arrays (FPGAs). In some embodiments, such integrated circuits execute instructions that are stored on the circuit itself.


As used in this specification, the terms “computer”, “server”, “processor”, and “memory” all refer to electronic or other technological devices. These terms exclude people or groups of people. For the purposes of the specification, the terms display or displaying means displaying on an electronic device. As used in this specification, the terms “computer readable medium,” “computer readable media,” and “machine readable medium” are entirely restricted to tangible, physical objects that store information in a form that is readable by a computer. These terms exclude any wireless signals, wired download signals, and any other ephemeral signals.


This specification refers throughout to computational and network environments that include virtual machines (VMs). However, virtual machines are merely one example of data compute nodes (DCNs) or data compute end nodes, also referred to as addressable nodes. DCNs may include non-virtualized physical hosts, virtual machines, containers that run on top of a host operating system without the need for a hypervisor or separate operating system, and hypervisor kernel network interface modules.


VMs, in some embodiments, operate with their own guest operating systems on a host using resources of the host virtualized by virtualization software (e.g., a hypervisor, virtual machine monitor, etc.). The tenant (i.e., the owner of the VM) can choose which applications to operate on top of the guest operating system. Some containers, on the other hand, are constructs that run on top of a host operating system without the need for a hypervisor or separate guest operating system. In some embodiments, the host operating system uses name spaces to isolate the containers from each other and therefore provides operating-system level segregation of the different groups of applications that operate within different containers. This segregation is akin to the VM segregation that is offered in hypervisor-virtualized environments that virtualize system hardware, and thus can be viewed as a form of virtualization that isolates different groups of applications that operate in different containers. Such containers are more lightweight than VMs.


Hypervisor kernel network interface modules, in some embodiments, are non-VM DCNs that include a network stack with a hypervisor kernel network interface and receive/transmit threads. One example of a hypervisor kernel network interface module is the vmknic module that is part of the ESXi™ hypervisor of VMware, Inc.


It should be understood that while the specification refers to VMs, the examples given could be any type of DCNs, including physical hosts, VMs, non-VM containers, and hypervisor kernel network interface modules. In fact, the example networks could include combinations of different types of DCNs in some embodiments.


While the invention has been described with reference to numerous specific details, one of ordinary skill in the art will recognize that the invention can be embodied in other specific forms without departing from the spirit of the invention. In addition, a number of the figures conceptually illustrate processes. The specific operations of these processes may not be performed in the exact order shown and described. The specific operations may not be performed in one continuous series of operations, and different specific operations may be performed in different embodiments. Furthermore, the process could be implemented using several sub-processes, or as part of a larger macro process. Thus, one of ordinary skill in the art would understand that the invention is not to be limited by the foregoing illustrative details, but rather is to be defined by the appended claims.

Claims
  • 1. A method of identifying a route in a network between a first network endpoint and a second network endpoint, the method comprising: determining that the first network endpoint cannot directly address a packet flow to the second network endpoint;based on the determination that the first network endpoint cannot directly address the packet flow to the second network endpoint, identifying an address translation rule of a network device that translates an address of the second network endpoint into a translated address;determining that the first network endpoint can directly address a packet flow to the translated address;identifying a route from the first network endpoint to the second endpoint through the network device that translates the address; anddisplaying the route including an identifier of the network device.
  • 2. The method of claim 1, wherein the network device is a network address translation (NAT) device.
  • 3. The method of claim 1, wherein the network device comprises a load balancer.
  • 4. The method of claim 1, wherein the network device uses the address translation rule to change IP addresses of packets sent between the first and second endpoints.
  • 5. The method of claim 1, wherein the network device is one of a plurality of network devices that each change IP addresses of packets sent between the first and second endpoints, wherein displaying the route further includes displaying an identifier of each of the plurality of network devices.
  • 6. The method of claim 1, wherein the network device uses the address translation rule to change port addresses of packets sent between the first and second endpoints.
  • 7. The method of claim 1, wherein displaying the route comprises displaying an interface option that when selected displays at least one address of a packet flow before the packet flow passes through the network device.
  • 8. The method of claim 7, wherein the interface option, when selected, displays an incoming address of a packet flow entering the network device and a translated address of the packet flow leaving the network device.
  • 9. The method of claim 8, wherein the incoming address is an incoming source address of the packet flow and the translated address is a translated source address of the packet flow.
  • 10. The method of claim 8, wherein the incoming address is an incoming destination address of the packet flow and the translated address is a translated destination address of the packet flow.
  • 11. The method of claim 8, wherein the interface option, when selected, further displays an incoming and outgoing interface identifier for the address translation rule.
  • 12. The method of claim 8, wherein the display of the incoming address comprises a display of an IP address and a port address.
  • 13. The method of claim 8, wherein the display of the translated address comprises a display of an IP address and a port address.
  • 14. The method of claim 1 further comprising, before identifying the route, receiving a command to use an indirect route.
  • 15. The method of claim 1 further comprising automatically determining that the route passes through the network device and that the address translation rule applies to packets using the route.
  • 16. The method of claim 1, wherein the address translation rule is a first address translation rule and the translated address is a first translated address, the method further comprising, before identifying the first address translation rule: identifying a second translation rule that a network device uses to translate an address of the second network endpoint into a second translated address; anddetermining that the first network endpoint cannot directly address a packet flow to the second translated address.
  • 17. A method of identifying a route in a network between a first network endpoint and a second network endpoint that the first network endpoint cannot directly address, the method comprising: determining whether a first translation rule exists that translates an address of the second network endpoint to a first translated address to which the first network endpoint can directly address packets, the first translated address associated with a first network device;based on a determination that the first network endpoint cannot directly address the packets to the first translated address, identifying a second translation rule that a second network device, preceding the first network device, uses to translate the first translated address to a second translated address to which the first network endpoint can directly address packets;identifying a route from the first network endpoint to the second network endpoint through the first and second network devices; anddisplaying the route including first and second identifiers for the first and second network devices.
  • 18. The method of claim 17, wherein each of the first and second network devices comprise a network address translation (NAT) device or a load balancer.
  • 19. The method of claim 17, wherein the first and second network devices use the first and second translation rules to change IP addresses of packets sent between the first and second endpoints.
  • 20. The method of claim 17, wherein the first and second network devices use the first and second translation rules to change port addresses of packets sent between the first and second endpoints.
Priority Claims (1)
Number Date Country Kind
202041057383 Dec 2020 IN national
US Referenced Citations (360)
Number Name Date Kind
5224100 Lee et al. Jun 1993 A
5245609 Ofek et al. Sep 1993 A
5265092 Soloway et al. Nov 1993 A
5504921 Dev et al. Apr 1996 A
5550816 Hardwick et al. Aug 1996 A
5729685 Chatwani et al. Mar 1998 A
5751967 Raab et al. May 1998 A
5781534 Perlman et al. Jul 1998 A
5805819 Chin et al. Sep 1998 A
6104699 Holender et al. Aug 2000 A
6104700 Haddock et al. Aug 2000 A
6141738 Munter et al. Oct 2000 A
6219699 McCloghrie et al. Apr 2001 B1
6430160 Smith et al. Aug 2002 B1
6456624 Eccles et al. Sep 2002 B1
6512745 Abe et al. Jan 2003 B1
6539432 Taguchi et al. Mar 2003 B1
6658002 Ross et al. Dec 2003 B1
6680934 Cain Jan 2004 B1
6721334 Ketcham Apr 2004 B1
6785843 McRae et al. Aug 2004 B1
6882642 Kejriwal et al. Apr 2005 B1
6941487 Balakrishnan et al. Sep 2005 B1
6963585 Pennec et al. Nov 2005 B1
6999454 Crump Feb 2006 B1
7013342 Riddle Mar 2006 B2
7062559 Yoshimura et al. Jun 2006 B2
7079544 Wakayama et al. Jul 2006 B2
7180856 Breslau et al. Feb 2007 B1
7197572 Matters et al. Mar 2007 B2
7200144 Terrell et al. Apr 2007 B2
7209439 Rawlins et al. Apr 2007 B2
7243143 Bullard Jul 2007 B1
7283473 Arndt et al. Oct 2007 B2
7315985 Gauvin et al. Jan 2008 B1
7342916 Das et al. Mar 2008 B2
7391771 Orava et al. Jun 2008 B2
7450598 Chen et al. Nov 2008 B2
7457870 Lownsbrough et al. Nov 2008 B1
7463579 Lapuh et al. Dec 2008 B2
7478173 Delco Jan 2009 B1
7483370 Dayal et al. Jan 2009 B1
7555002 Arndt et al. Jun 2009 B2
7577131 Joseph et al. Aug 2009 B2
7590133 Hatae et al. Sep 2009 B2
7602723 Mandato et al. Oct 2009 B2
7606260 Oguchi et al. Oct 2009 B2
7627692 Pessi Dec 2009 B2
7633955 Saraiya et al. Dec 2009 B1
7639625 Kaminsky et al. Dec 2009 B2
7643488 Khanna et al. Jan 2010 B2
7649851 Takashige et al. Jan 2010 B2
7706266 Plamondon Apr 2010 B2
7710874 Balakrishnan et al. May 2010 B2
7729245 Breslau et al. Jun 2010 B1
7760735 Chen et al. Jul 2010 B1
7764599 Doi et al. Jul 2010 B2
7792987 Vohra et al. Sep 2010 B1
7802000 Huang et al. Sep 2010 B1
7808919 Nadeau et al. Oct 2010 B2
7808929 Wong et al. Oct 2010 B2
7818452 Matthews et al. Oct 2010 B2
7826482 Minei et al. Nov 2010 B1
7839847 Nadeau et al. Nov 2010 B2
7885276 Lin Feb 2011 B1
7936770 Frattura et al. May 2011 B1
7937438 Miller et al. May 2011 B1
7937492 Kompella et al. May 2011 B1
7948986 Ghosh et al. May 2011 B1
7953865 Miller et al. May 2011 B1
7991859 Miller et al. Aug 2011 B1
7995483 Bayar et al. Aug 2011 B1
8018943 Pleshek et al. Sep 2011 B1
8024478 Patel Sep 2011 B2
8027354 Portolani et al. Sep 2011 B1
8031606 Memon et al. Oct 2011 B2
8031633 Bueno et al. Oct 2011 B2
8046456 Miller et al. Oct 2011 B1
8054832 Shukla et al. Nov 2011 B1
8055789 Richardson et al. Nov 2011 B2
8060875 Lambeth Nov 2011 B1
8131852 Miller et al. Mar 2012 B1
8149737 Metke et al. Apr 2012 B2
8155028 Abu-Hamdeh et al. Apr 2012 B2
8161270 Parker et al. Apr 2012 B1
8166201 Richardson et al. Apr 2012 B2
8199750 Schultz et al. Jun 2012 B1
8223668 Allan et al. Jul 2012 B2
8224931 Brandwine et al. Jul 2012 B1
8224971 Miller et al. Jul 2012 B1
8254273 Kaminsky et al. Aug 2012 B2
8265062 Tang et al. Sep 2012 B2
8265075 Pandey Sep 2012 B2
8281067 Stolowitz Oct 2012 B2
8290137 Yurchenko et al. Oct 2012 B2
8306043 Breslau et al. Nov 2012 B2
8312129 Miller et al. Nov 2012 B1
8339959 Moisand et al. Dec 2012 B1
8339994 Gnanasekaran et al. Dec 2012 B2
8345558 Nicholson et al. Jan 2013 B2
8351418 Zhao et al. Jan 2013 B2
8359576 Prasad et al. Jan 2013 B2
8456984 Ranganathan et al. Jun 2013 B2
8504718 Wang et al. Aug 2013 B2
8565108 Marshall et al. Oct 2013 B1
8571031 Davies et al. Oct 2013 B2
8611351 Gooch et al. Dec 2013 B2
8612627 Brandwine Dec 2013 B1
8625594 Safrai et al. Jan 2014 B2
8625603 Ramakrishnan et al. Jan 2014 B1
8625616 Vobbilisetty et al. Jan 2014 B2
8644188 Brandwine et al. Feb 2014 B1
8645952 Biswas et al. Feb 2014 B2
8750288 Nakil et al. Jun 2014 B2
8762501 Kempf et al. Jun 2014 B2
8806005 Miri et al. Aug 2014 B2
8837300 Nedeltchev et al. Sep 2014 B2
8838743 Lewites et al. Sep 2014 B2
8929221 Breslau et al. Jan 2015 B2
8934495 Hilton et al. Jan 2015 B1
9059926 Akhter et al. Jun 2015 B2
9197529 Ganichev et al. Nov 2015 B2
9226220 Banks et al. Dec 2015 B2
9258195 Pendleton et al. Feb 2016 B1
9280448 Farrell et al. Mar 2016 B2
9282019 Ganichev et al. Mar 2016 B2
9344349 Ganichev et al. May 2016 B2
9407580 Ganichev et al. Aug 2016 B2
9602334 Benny Mar 2017 B2
9729433 Polland Aug 2017 B2
9860151 Ganichev et al. Jan 2018 B2
9898317 Nakil et al. Feb 2018 B2
10044581 Russell Aug 2018 B1
10181993 Ganichev et al. Jan 2019 B2
10200306 Nhu et al. Feb 2019 B2
10469342 Lenglet et al. Nov 2019 B2
10608887 Jain et al. Mar 2020 B2
10728121 Chitalia et al. Jul 2020 B1
10778557 Ganichev et al. Sep 2020 B2
10805239 Nhu et al. Oct 2020 B2
11128550 Lenglet et al. Sep 2021 B2
11196628 Shen et al. Dec 2021 B1
11201808 Ganichev et al. Dec 2021 B2
11336533 Bogado et al. May 2022 B1
11336590 Nhu et al. May 2022 B2
11558426 Shen et al. Jan 2023 B2
11570090 Shen et al. Jan 2023 B2
20010020266 Kojima et al. Sep 2001 A1
20010043614 Viswanadham et al. Nov 2001 A1
20020093952 Gonda Jul 2002 A1
20020178356 Mattila Nov 2002 A1
20020194369 Rawlins et al. Dec 2002 A1
20030041170 Suzuki Feb 2003 A1
20030058850 Rangarajan et al. Mar 2003 A1
20040024879 Dingman Feb 2004 A1
20040073659 Rajsic et al. Apr 2004 A1
20040098505 Clemmensen May 2004 A1
20040186914 Shimada Sep 2004 A1
20040267866 Carollo et al. Dec 2004 A1
20040267897 Hill et al. Dec 2004 A1
20050018669 Arndt et al. Jan 2005 A1
20050027881 Figueira et al. Feb 2005 A1
20050053079 Havala Mar 2005 A1
20050083953 May Apr 2005 A1
20050105524 Stevens May 2005 A1
20050111445 Wybenga et al. May 2005 A1
20050120160 Plouffe et al. Jun 2005 A1
20050132044 Guingo et al. Jun 2005 A1
20050149604 Navada Jul 2005 A1
20050182853 Lewites et al. Aug 2005 A1
20050220030 Nagami et al. Oct 2005 A1
20050220096 Friskney et al. Oct 2005 A1
20050232230 Nagami et al. Oct 2005 A1
20060002370 Rabie et al. Jan 2006 A1
20060026225 Canali et al. Feb 2006 A1
20060028999 Iakobashvili et al. Feb 2006 A1
20060029056 Perera et al. Feb 2006 A1
20060037075 Frattura et al. Feb 2006 A1
20060174087 Hashimoto et al. Aug 2006 A1
20060187908 Shimozono et al. Aug 2006 A1
20060193266 Siddha et al. Aug 2006 A1
20060206655 Chappell et al. Sep 2006 A1
20060218447 Garcia et al. Sep 2006 A1
20060221961 Basso et al. Oct 2006 A1
20060282895 Rentzis et al. Dec 2006 A1
20060291388 Amdahl et al. Dec 2006 A1
20070050763 Kagan et al. Mar 2007 A1
20070055789 Claise et al. Mar 2007 A1
20070064673 Bhandaru et al. Mar 2007 A1
20070097982 Wen et al. May 2007 A1
20070156919 Potti et al. Jul 2007 A1
20070260721 Bose et al. Nov 2007 A1
20070286185 Eriksson et al. Dec 2007 A1
20070297428 Bose et al. Dec 2007 A1
20080002579 Lindholm et al. Jan 2008 A1
20080002683 Droux et al. Jan 2008 A1
20080021925 Sweeney Jan 2008 A1
20080049614 Briscoe et al. Feb 2008 A1
20080049621 McGuire et al. Feb 2008 A1
20080049752 Grant Feb 2008 A1
20080049786 Ram et al. Feb 2008 A1
20080059556 Greenspan et al. Mar 2008 A1
20080071900 Hecker et al. Mar 2008 A1
20080086726 Griffith et al. Apr 2008 A1
20080112551 Forbes et al. May 2008 A1
20080159301 Heer Jul 2008 A1
20080240095 Basturk Oct 2008 A1
20090010254 Shimada Jan 2009 A1
20090100298 Lange et al. Apr 2009 A1
20090109973 Ilnicki Apr 2009 A1
20090123903 Weitenberner May 2009 A1
20090150527 Tripathi et al. Jun 2009 A1
20090245138 Sapsford et al. Oct 2009 A1
20090248895 Archer et al. Oct 2009 A1
20090249213 Murase et al. Oct 2009 A1
20090292858 Lambeth et al. Nov 2009 A1
20090327903 Smith et al. Dec 2009 A1
20100128623 Dunn et al. May 2010 A1
20100131636 Suri et al. May 2010 A1
20100188976 Rahman et al. Jul 2010 A1
20100214949 Smith et al. Aug 2010 A1
20100232435 Jabr et al. Sep 2010 A1
20100254385 Sharma et al. Oct 2010 A1
20100275199 Smith et al. Oct 2010 A1
20100306408 Greenberg et al. Dec 2010 A1
20100332626 Jonsson Dec 2010 A1
20110022695 Dalal et al. Jan 2011 A1
20110055710 Kirkby et al. Mar 2011 A1
20110075664 Lambeth et al. Mar 2011 A1
20110085557 Gnanasekaran et al. Apr 2011 A1
20110085559 Chung et al. Apr 2011 A1
20110085563 Kotha et al. Apr 2011 A1
20110128959 Bando et al. Jun 2011 A1
20110137602 Desineni et al. Jun 2011 A1
20110194567 Shen Aug 2011 A1
20110202920 Takase Aug 2011 A1
20110261825 Ichino Oct 2011 A1
20110299413 Chatwani et al. Dec 2011 A1
20110299534 Koganti et al. Dec 2011 A1
20110299537 Saraiya et al. Dec 2011 A1
20110305167 Koide Dec 2011 A1
20110317559 Kern et al. Dec 2011 A1
20110317696 Aldrin et al. Dec 2011 A1
20120079478 Galles et al. Mar 2012 A1
20120151352 Ramprasad et al. Jun 2012 A1
20120159454 Barham et al. Jun 2012 A1
20120182992 Cowart et al. Jul 2012 A1
20120275331 Benkö et al. Nov 2012 A1
20120287791 Xi et al. Nov 2012 A1
20120314599 Vilke et al. Dec 2012 A1
20130010600 Jocha et al. Jan 2013 A1
20130019008 Jorgenson et al. Jan 2013 A1
20130024579 Zhang et al. Jan 2013 A1
20130031233 Feng et al. Jan 2013 A1
20130041934 Annamalaisami et al. Feb 2013 A1
20130044636 Koponen et al. Feb 2013 A1
20130054761 Kempf et al. Feb 2013 A1
20130058346 Sridharan et al. Mar 2013 A1
20130067067 Miri et al. Mar 2013 A1
20130097329 Alex Apr 2013 A1
20130125120 Zhang et al. May 2013 A1
20130163427 Beliveau et al. Jun 2013 A1
20130163475 Beliveau et al. Jun 2013 A1
20130294249 Lin et al. Nov 2013 A1
20130332602 Nakil et al. Dec 2013 A1
20130332983 Koorevaar et al. Dec 2013 A1
20130339544 Mithyantha Dec 2013 A1
20130346487 Tanimoto Dec 2013 A1
20140019639 Ueno Jan 2014 A1
20140029451 Nguyen Jan 2014 A1
20140115578 Cooper et al. Apr 2014 A1
20140119203 Sundaram et al. May 2014 A1
20140126418 Brendel et al. May 2014 A1
20140157405 Joll et al. Jun 2014 A1
20140177633 Manula et al. Jun 2014 A1
20140195666 Dumitriu et al. Jul 2014 A1
20140207926 Benny Jul 2014 A1
20140219086 Cantu' et al. Aug 2014 A1
20140281030 Cui et al. Sep 2014 A1
20140282823 Rash et al. Sep 2014 A1
20140297846 Hoja et al. Oct 2014 A1
20140304393 Annamalaisami et al. Oct 2014 A1
20140317313 Okita Oct 2014 A1
20140351415 Harrigan et al. Nov 2014 A1
20150016286 Ganichev et al. Jan 2015 A1
20150016287 Ganichev et al. Jan 2015 A1
20150016298 Ganichev et al. Jan 2015 A1
20150016469 Ganichev et al. Jan 2015 A1
20150043378 Bardgett et al. Feb 2015 A1
20150180755 Zhang et al. Jun 2015 A1
20150195169 Liu et al. Jul 2015 A1
20150263899 Tubaltsev et al. Sep 2015 A1
20150271011 Neginhal et al. Sep 2015 A1
20150281036 Sun et al. Oct 2015 A1
20160105333 Lenglet et al. Apr 2016 A1
20160119204 Murasato et al. Apr 2016 A1
20160142291 Polland May 2016 A1
20160149791 Ganichev et al. May 2016 A1
20160226741 Ganichev et al. Aug 2016 A1
20160274558 Strohmenger et al. Sep 2016 A1
20160359880 Pang et al. Dec 2016 A1
20170026270 Shankar Jan 2017 A1
20170222881 Holbrook et al. Aug 2017 A1
20170288991 Ganesh Oct 2017 A1
20170317954 Masurekar et al. Nov 2017 A1
20170358111 Madsen Dec 2017 A1
20170373950 Szilagyi et al. Dec 2017 A1
20180041470 Schultz Feb 2018 A1
20180062939 Kulkarni et al. Mar 2018 A1
20180063188 Karin et al. Mar 2018 A1
20180091388 Levy et al. Mar 2018 A1
20180102959 Ganichev et al. Apr 2018 A1
20180123903 Holla et al. May 2018 A1
20180136798 Aggour et al. May 2018 A1
20180219751 Cavuto et al. Aug 2018 A1
20180262447 Nhu et al. Sep 2018 A1
20180262594 Nhu et al. Sep 2018 A1
20180309637 Gill et al. Oct 2018 A1
20180373961 Wang et al. Dec 2018 A1
20180375728 Gangil et al. Dec 2018 A1
20190014029 Burgio et al. Jan 2019 A1
20190109769 Jain et al. Apr 2019 A1
20190129738 Ekbote May 2019 A1
20190140931 Ganichev et al. May 2019 A1
20190158377 Chau May 2019 A1
20200067799 Lenglet et al. Feb 2020 A1
20200106744 Miriyala et al. Apr 2020 A1
20200136943 Banyai et al. Apr 2020 A1
20200169476 Vela et al. May 2020 A1
20200204457 Hu et al. Jun 2020 A1
20200210195 Lampert et al. Jul 2020 A1
20200304389 Bauan et al. Sep 2020 A1
20200313985 Jayakumar et al. Oct 2020 A1
20200322243 Xi et al. Oct 2020 A1
20200322249 Liu Oct 2020 A1
20200336387 Suzuki et al. Oct 2020 A1
20210014157 Zhou Jan 2021 A1
20210029059 Nhu et al. Jan 2021 A1
20210051100 Chitalia et al. Feb 2021 A1
20210051109 Chitalia et al. Feb 2021 A1
20210092064 Sidebottom et al. Mar 2021 A1
20210216908 Lu et al. Jul 2021 A1
20210218630 Lu et al. Jul 2021 A1
20210218652 Raut et al. Jul 2021 A1
20210266259 Renner, III et al. Aug 2021 A1
20210311764 Rosoff et al. Oct 2021 A1
20210367927 Selvaraj Nov 2021 A1
20220014451 Naik et al. Jan 2022 A1
20220021616 K Jan 2022 A1
20220038368 Shen et al. Feb 2022 A1
20220038501 Shen et al. Feb 2022 A1
20220103452 Ganichev et al. Mar 2022 A1
20220103460 Yu Mar 2022 A1
20220150136 Chen May 2022 A1
20220165035 Cui et al. May 2022 A1
20220224620 Chhabra et al. Jul 2022 A1
20220263721 Bogado et al. Aug 2022 A1
20230006886 Parashar et al. Jan 2023 A1
20230023956 Gajjar et al. Jan 2023 A1
20230039791 Paladugu Feb 2023 A1
Foreign Referenced Citations (9)
Number Date Country
1154601 Nov 2001 EP
2002141905 May 2002 JP
2003069609 Mar 2003 JP
2003124976 Apr 2003 JP
2003318949 Nov 2003 JP
9506989 Mar 1995 WO
2012126488 Sep 2012 WO
2013184846 Dec 2013 WO
2015005968 Jan 2015 WO
Non-Patent Literature Citations (9)
Entry
Non-Published commonly Owned U.S. Appl. No. 17/006,845, filed Aug. 30, 2020, 70 pages, VMware, Inc.
Non-Published commonly Owned U.S. Appl. No. 17/006,846, filed Aug. 30, 2020, 47 pages, VMware, Inc.
Non-Published commonly Owned U.S. Appl. No. 17/006,847, filed Aug. 30, 2020, 47 pages, VMware, Inc.
Non-Published commonly Owned U.S. Appl. No. 17/185,690, filed Feb. 25, 2021, 38 pages, VMware, Inc.
Phaal, Peter, et al., “sFlow Version 5,” Jul. 2004, 46 pages, available at http://www.sflow.org/sflow_version_5.txt.
Phan, Doantam, et al., “Visual Analysis of Network Flow Data with Timelines and Event Plots,” VizSEC 2007, Month Unknown 2007, 16 pages.
Non-Published commonly Owned U.S. Appl. No. 17/732,440, filed Apr. 28, 2022, 46 pages, VMware, Inc.
Levin, Anna, et al., “Network Monitoring in Federated Cloud Environment,” 2017 IEEE International Conference on Smart Computing, May 29-31, 2017, 6 pages, IEEE, Hong Kong, China.
Non-Published commonly Owned U.S. Appl. No. 18/102,699, filed Jan. 28, 2023, 77 pages, VMware, Inc.
Related Publications (1)
Number Date Country
20220210120 A1 Jun 2022 US