Yong Qing Feng

20200328967, Oct 15, 2020

Apr 11, 2019

16/382002

- Palo Alto CA, US
Li Sun - Sunnyvale CA, US
Yanjun Lin - Sunnyvale CA, US
Yang Ping - San Jose CA, US
Mary Firenze - Los Altos CA, US
Pierluigi Rolando - Santa Clara CA, US
Yong Feng - Sunnyvale CA, US
Raju Koganty - San Jose CA, US
Jianjun Shen - Redwood City CA, US
Medhavi Dhawan - Cupertino CA, US

H04L 12/717
H04L 12/707
G06F 9/455

Some embodiments provide a method for assigning different service path identifiers to each of a set of different service paths along each of which a same set of service operations are performed on a set of packets. The method retrieves an available service path identifier from an identifier storage that stores service path identifiers for multiple service paths. The method generates a set of proposed service path identifiers based on the retrieved available service path identifier and the number of service paths in the set of service paths. The method performs a write operation on the identifier storage based on the set of proposed service path identifiers, and based on a determination that the write operation was successful, assigns the set of proposed service path identifiers to the set of service paths. Based on the set of service path identifiers, the method forwards the set of packets along the set of service paths.

20200272497, Aug 27, 2020

Jun 18, 2019

16/445016

- Palo Alto CA, US
Yang Ping - San Jose CA, US
Akhila Naveen - Palo Alto CA, US
Yong Feng - Sunnyvale CA, US
Kantesh Mundaragi - Pune, IN
Rahul Mishra - Mountain View CA, US
Pierluigi Rolando - Santa Clara CA, US
Jayant Jain - Cupertino CA, US
Raju Koganty - San Jose CA, US

G06F 9/455
H04L 12/721
H04L 12/803
H04L 29/08

Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

20200272501, Aug 27, 2020

Jun 18, 2019

16/445064

- Palo Alto CA, US
Yang Ping - San Jose CA, US
Akhila Naveen - Palo Alto CA, US
Fenil Kavathia - Sunnyvale CA, US
Yong Feng - Sunnyvale CA, US
Pierluigi Rolando - Santa Clara CA, US
Jayant Jain - Cupertino CA, US
Raju Koganty - San Jose CA, US

G06F 9/455
H04L 12/721
H04L 12/803
H04L 29/08

Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

20200274757, Aug 27, 2020

Jun 18, 2019

16/445035

- Palo Alto CA, US
Kantesh Mundaragi - Pune, IN
Rahul Mishra - Mountain View CA, US
Jayant Jain - Cupertino CA, US
Raju Koganty - San Jose CA, US
Akhila Naveen - Palo Alto CA, US
Fenil Kavathia - Sunnyvale CA, US
Yong Feng - Sunnyvale CA, US

H04L 12/24
H04L 29/08
G06F 9/455

Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

20200274769, Aug 27, 2020

Jun 18, 2019

16/445062

- Palo Alto CA, US
Yang Ping - San Jose CA, US
Yanjun Lin - Sunnyvale CA, US
Li Sun - Sunnyvale CA, US
Fenil Kavathia - Sunnyvale CA, US
Yong Feng - Sunnyvale CA, US
Pierluigi Rolando - Santa Clara CA, US
Jayant Jain - Cupertino CA, US
Raju Koganty - San Jose CA, US

H04L 12/24

Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

20200274944, Aug 27, 2020

Jun 18, 2019

16/444935

- Palo Alto CA, US
Fenil Kavathia - Sunnyvale CA, US
Yong Feng - Sunnyvale CA, US
Pierluigi Rolando - Santa Clara CA, US
Jayant Jain - Cupertino CA, US
Raju Koganty - San Jose CA, US

H04L 29/08
H04L 12/713

Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

20200076684, Mar 5, 2020

Sep 2, 2018

16/120283

- Palo Alto CA, US
Kantesh Mundaragi - Sunnyvale CA, US
Rahul Mishra - Mountain View CA, US
Fenil Kavathia - Sunnyvale CA, US
Raju Koganty - San Jose CA, US
Pierluigi Rolando - Santa Clara CA, US
Yong Feng - Sunnyvale CA, US
Jayant Jain - Cupertino CA, US

H04L 12/24
H04L 29/08
H04L 12/717
H04L 12/66
H04L 12/931

Some embodiments provide a method for configuring a gateway machine in a datacenter. The method receives a definition of a logical network for implementation in the datacenter. The logical network includes at least one logical switch to which logical network endpoints attach and a logical router for handling data traffic between the logical network endpoints in the datacenter and an external network. The method receives configuration data attaching a third-party service to at least one interface of the logical router via an additional logical switch designated for service attachments. The third-party service is for performing non-forwarding processing on the data traffic between the logical network endpoints and the external network. The method configures the gateway machine in the datacenter to implement the logical router and redirect at least a subset of the data traffic between the logical network endpoints and the external network to the attached third-party service.

20200076734, Mar 5, 2020

Sep 2, 2018

16/120281

- Palo Alto CA, US
Kantesh Mundaragi - Sunnyvale CA, US
Rahul Mishra - Mountain View CA, US
Fenil Kavathia - Sunnyvale CA, US
Raju Koganty - San Jose CA, US
Pierluigi Rolando - Santa Clara CA, US
Yong Feng - Sunnyvale CA, US
Jayant Jain - Cupertino CA, US

H04L 12/741
H04L 29/08

Some embodiments provide a method for forwarding a data message. The method performs a lookup to map a set of header fields of the data message to an identifier corresponding to a service that performs non-forwarding processing on data messages. The method uses a dynamically-updated data structure for the identifier to retrieve instructions for forwarding data messages to the service. The method forwards the data message according to the retrieved instructions from the data structure for the identifier.