公开(公告)号：US11411771B1

公开(公告)日：2022-08-09

申请号：US16457841

申请日：2019-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Anoop Dawani ,  Joseph Elmar Magerramov ,  David James Goodell ,  Richard H. Galliher

IPC: H04L12/46 ,  H04L12/66

Abstract: Techniques for networking in provider network substrate extensions are described. A compute instance of an isolated virtual network is hosted by an extension of a provider network that is in communication with the provider network via a secure tunnel through a customer network. A request to establish communications between the isolated virtual network and the customer network is received at an interface to the provider network. A message to cause a gateway of the extension to route traffic between the isolated virtual network and the customer network is sent via the secure tunnel.

公开(公告)号：US11659058B2

公开(公告)日：2023-05-23

申请号：US16457824

申请日：2019-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Eric Samuel Stone ,  Richard H. Galliher ,  David James Goodell ,  Patrick John Lawrence ,  Yang Lin ,  William Ashley ,  Steven Anthony Kady

IPC: H04L67/561 ,  H04L12/46 ,  H04L67/564

CPC classification number: H04L67/561 ,  H04L12/4633 ,  H04L12/4641 ,  H04L67/564

Abstract: A first service of a provider network obtains an identification of one or more substrate addressable devices included in an extension of the provider network. Based on the identification, a launch of one or more compute instances within the provider network is initiated. The one or more compute instances are to connect the provider network to the extension of the provider network across at least a third-party network by receiving a first control plane message directed to a first substrate addressable device of the one or more substrate addressable devices, by updating a message state data store based at least in part on the first control plane message, and by sending a second control plane message to the first substrate addressable device via a secure tunnel.

公开(公告)号：US11528201B1

公开(公告)日：2022-12-13

申请号：US16904415

申请日：2020-06-17

Applicant: Amazon Technologies, Inc.

Inventor： Steven Bruce Richards ,  David James Goodell ,  Nandita Mathews

IPC: H04L43/062 ,  H04L47/34 ,  H04L43/50

Abstract: Features are disclosed for enriching a packet of network traffic between a first computing environment and a second computing environment with telemetry information. Each computing environment can include a network device for enriching packets with telemetry information and parsing enriched packets. A source network device can select a packet of the network traffic for enrichment based on enrichment parameters and generate an enriched packet including payload information and telemetry information. A destination network device can receive the enriched packet and parse the enriched packet to separate the payload information and telemetry information. The destination network device can transmit transmission information to the source network device based on the enriched packet.

公开(公告)号：US12095666B1

公开(公告)日：2024-09-17

申请号：US17491263

申请日：2021-09-30

Applicant: Amazon Technologies, Inc.

Inventor： David James Goodell ,  Ethan Joseph Torretta ,  Bharadwaj Avva ,  Joseph Elmar Magerramov ,  Shovan Kumar Das

IPC: H04L45/741 ,  H04L12/46 ,  H04L45/02 ,  H04L45/745

CPC classification number: H04L45/741 ,  H04L12/4641 ,  H04L45/04 ,  H04L45/745

Abstract: A first set of network addresses of a first address family, and a second set of network addresses of a second address family, are assigned to a virtual machine. At a routing device, respective routing information entries for the two sets of network addresses are stored, without storing routing information entries for individual addresses of the sets. A first packet with a destination address within the first set, routed using the routing information entry for the first set, is obtained at the virtual machine. A second packet with a destination address within the second set, routed using the routing information entry for the second set, is obtained at the virtual machine.

公开(公告)号：US11374789B2

公开(公告)日：2022-06-28

申请号：US16457827

申请日：2019-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Eric Samuel Stone ,  Richard H. Galliher ,  David James Goodell ,  Patrick John Lawrence ,  Yang Lin ,  William Ashley ,  Steven Anthony Kady

IPC: H04L12/46 ,  H04L45/74 ,  H04L69/22

Abstract: A first message of a first type and having a first destination address is received in a provider network. The first destination address is associated with a virtual network address of the provider network and an address of a first device in an extension of the provider network, the extension of the provider network in communication with the provider network via at least a third-party network. A message state data store is updated based on at least a portion of the first message. A first payload of the first message is sent to the first device a first secure tunnel through the third-party network.

公开(公告)号：US20230308378A1

公开(公告)日：2023-09-28

申请号：US17705157

申请日：2022-03-25

Applicant: Amazon Technologies, Inc.

Inventor： Alan Michael Judge ,  Said Bshara ,  Julien Ridoux ,  Joshua Benjamin Levinson ,  David James Goodell ,  Erez Izenberg ,  Anthony Nicholas Liguori

IPC: H04L43/106 ,  H04L43/0852

CPC classification number: H04L43/106 ,  H04L43/0852 ,  H04L2212/00

Abstract: Various embodiments of apparatuses and methods for trusted and/or attested packet timestamping are described. In some embodiments, the disclosed system and methods include a reference timekeeper providing a reference clock to host computing devices. The host computing devices host compute instances using a first set of computing resources, and also contain isolated timing hardware utilizing a different set of computing resources. The isolated timing hardware sets a hardware clock based on a signal corresponding to the reference clock from the reference timekeeper. The isolated timing hardware then receives a packet from a particular compute instance, creates a timestamp for the packet based at least in part on the hardware clock, where the timestamp is outside the control of the compute instances, and sends the packet and the timestamp through a data network to transmit to a packet destination.

公开(公告)号：US11206181B1

公开(公告)日：2021-12-21

申请号：US17023844

申请日：2020-09-17

Applicant: Amazon Technologies, Inc.

Inventor： David James Goodell ,  Andrew Davenport ,  Benjamin Serebrin ,  James Watson ,  Ariana Meika Morgan ,  Rajeevardhan Gopalan

IPC: H04L12/24 ,  H04L12/911 ,  H04L29/08 ,  H04L12/927 ,  G06F9/455 ,  G06F9/50 ,  H04L29/06 ,  H04L12/919 ,  G06F9/48

Abstract: Techniques for safe oversubscription of connection tracking entries are described. A method for safe oversubscription of connection tracking entries may include receiving a request for an allocation of a resource on a physical host in a provider network, the request received by a resource allocation monitor from an instance hosted by the physical host, determining a resource availability on the physical host, the resource availability based on a total amount of the resource on the physical host, a reserved amount of the resource to a plurality of instances hosted by the physical host, and a shared amount of the resource, and granting or denying the resource allocation based at least on the determined resource availability.