公开(公告)号：US11671365B2

公开(公告)日：2023-06-06

申请号：US17093315

申请日：2020-11-09

Applicant: Amazon Technologies, Inc.

Inventor： Andrew Bruce Dickinson

IPC: H04L12/745 ,  H04L12/741 ,  H04L12/725 ,  H04L12/46 ,  H04L12/713 ,  H04L12/931 ,  H04L12/721 ,  H04L45/748 ,  H04L45/00 ,  H04L45/302 ,  H04L45/586 ,  H04L49/354

CPC classification number: H04L45/748 ,  H04L12/4633 ,  H04L12/4641 ,  H04L45/306 ,  H04L45/38 ,  H04L45/54 ,  H04L45/586 ,  H04L49/354

Abstract: Route tables may be associated with ingress traffic for logically isolated networks. A routing device at the edge of a logically isolated network may receive a route to include in a route table that is associated with ingress traffic to the logically isolated network to forward the ingress traffic to a network appliance hosted in the logically isolated network. Network packets received at the edge routing device may have a destination of a computing resource hosted in the logically isolated network. The edge routing device may identify the route in the route table to override the destination in the network packet with the network appliance and forward the network packet to the network appliance according to the route.

公开(公告)号：US10812384B2

公开(公告)日：2020-10-20

申请号：US16025822

申请日：2018-07-02

Applicant: Amazon Technologies, Inc.

Inventor： Kyle Tailor Akers ,  Chao Yuan ,  Kevin Christopher Miller ,  Andrew Bruce Dickinson ,  Michael Siaosi Voegele ,  Daniel Lee McCarriar ,  Yohanes Santoso ,  David Brian Lennon

IPC: G06F15/173 ,  H04L12/741 ,  H04L29/12

Abstract: Techniques are described for managing customer-specified routing policies for network-accessible computing resources. In some situations, the customer-specified routing policies may be based at least in part on DNS (“Domain Name System”) information specified by a customer, such as if the customer specifies one or more target destinations to use with an indicated DNS domain name that are different from the destination IP address(es) provided for that DNS domain name by DNS servers—if so, the managing of such a DNS-based routing policy for that customer may include identifying when network-accessible computing resources provided to the customer send electronic communications to that DNS domain name, and causing those electronic communications to be redirected to the customer-specified target destination(s). Such customer-specified target destinations may include, in different situations, final destinations, intermediate destinations, etc., as well as identify particular routes.

公开(公告)号：US20190222636A1

公开(公告)日：2019-07-18

申请号：US16362192

申请日：2019-03-22

Applicant: Amazon Technologies, Inc.

Inventor： Tobias Lars-Olov Holgers ,  Kevin Christopher Miller ,  Andrew Bruce Dickinson ,  David Carl Salyers ,  Xiao Zhang ,  Shane Ashley Hall ,  Christopher Ian Hendrie ,  Aniket Deepak Divecha ,  Ralph William Flora

IPC: H04L29/08 ,  H04L29/06 ,  G06F9/455

CPC classification number: H04L67/10 ,  G06F9/45533 ,  H04L67/42

Abstract: A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the first interface group to the client-side components. In response to a detection of an unhealthy state of the first compute instance, the first VNI is attached to a different compute instance by the control-plane component.

公开(公告)号：US10243920B1

公开(公告)日：2019-03-26

申请号：US14969235

申请日：2015-12-15

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Andrew Bruce Dickinson

IPC: G06F15/177 ,  H04L29/12 ,  H04L12/741 ,  G06F9/455

Abstract: In various methods and apparatus Internet Protocol (IP) addresses can be moved between virtual machine instances in a provider network. Customers can cause an IP address to be moved between virtual machine instances such as by submitting an application programming interface call. The provider network also may include a server system that implements the dynamic host configuration protocol such as the DHCP for version 6. The DHCP server system moves the requested IP address by exchanging messages with the effected instances. The DHCP server system may transmit a message to remove the IP address from a first instance by including the IP address with a valid lifetime set to a minimal time-out value. The DHCP server system may transmit a message to add the IP address to a second instance by including the IP address and a corresponding valid lifetime value of greater than the minimal time-out value.

公开(公告)号：US20180054421A1

公开(公告)日：2018-02-22

申请号：US15798052

申请日：2017-10-30

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Andrew Bruce Dickinson ,  Christopher Ian Hendrie

IPC: H04L29/06

CPC classification number: H04L63/0272 ,  H04L61/2514 ,  H04L61/2521 ,  H04L61/2592 ,  H04L67/104

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

公开(公告)号：US20180034663A1

公开(公告)日：2018-02-01

申请号：US15728277

申请日：2017-10-09

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Richard Alexander Sheehan ,  Douglas Stewart Laurence ,  Marwan Salah EL-Din Oweis ,  Andrew Bruce Dickinson

IPC: H04L12/46 ,  G06F9/455 ,  H04L29/12

CPC classification number: H04L12/4633 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L61/6004 ,  H04L61/6059

Abstract: In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service.

公开(公告)号：US09807057B1

公开(公告)日：2017-10-31

申请号：US14109535

申请日：2013-12-17

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Andrew Bruce Dickinson ,  Christopher Ian Hendrie

IPC: G06F9/00 ,  G06F15/16 ,  H04L29/06

CPC classification number: H04L63/0272 ,  H04L61/2514 ,  H04L61/2521 ,  H04L61/2592 ,  H04L67/104

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

公开(公告)号：US09774611B1

公开(公告)日：2017-09-26

申请号：US14204864

申请日：2014-03-11

Applicant: Amazon Technologies, Inc.

Inventor： Joseph Paul Zipperer ,  Andrew Bruce Dickinson ,  Kirk Arlo Petersen

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/57

CPC classification number: H04L63/1408 ,  G06F21/552 ,  G06F21/554 ,  G06F21/57 ,  G06F21/85 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/1441 ,  H04L63/1458 ,  H04L2463/141

Abstract: Functionality is disclosed herein for dynamically deploying an upstream network traffic filter in a network. The upstream network filter is dynamically deployed in a location that is closer to an entry point of an attack such that attack traffic reaches the upstream network filter before reaching a network traffic filter that is configured to perform network traffic filtering for a computing resource that is under attack. The upstream network traffic filter includes rules that are based on at least a portion of the rules that are applied by the network traffic filter.

公开(公告)号：US09172599B1

公开(公告)日：2015-10-27

申请号：US14109569

申请日：2013-12-17

Applicant: Amazon Technologies, Inc.

Inventor： Thomas Bradley Scholl ,  Andrew Bruce Dickinson

IPC: G01R31/08 ,  H04L12/24 ,  H04L12/707

CPC classification number: H04L41/0668 ,  H04L41/0654 ,  H04L45/04 ,  H04L45/22 ,  H04L45/245 ,  H04L45/28 ,  Y02D50/30

Abstract: Systems and methods are described to provide fault tolerant folded Clos networks. A folded Clos network is disclosed including a set of tier 1 routers interconnected with a set of tier 2 routers. Tier 1 routers are configured to view a set of tier 2 routers as a single aggregate router. Accordingly, tier 1 routers are unaware of faults between tier 2 routers and additional tier 1 routers. A throwback router is connected to each tier 2 router to facilitate handling of data under such fault conditions. When a tier 2 router receives undeliverable data, the data is passed to a throwback router, which retransmits the data to an additional tier 2 router. Data that is retransmitted multiple times can be disregarded by the throwback router.

Abstract translation: 描述了系统和方法来提供容错折叠Clos网络。 公开了一种折叠Clos网络，其包括与一组二层路由器互连的一层层次1路由器。 一级路由器被配置为将一组二层路由器视为单个聚合路由器。 因此，第1层路由器不知道第2层路由器和其他1级路由器之间的故障。 一个倒带路由器连接到每个二层路由器，以便于在这种故障条件下处理数据。 当二层路由器接收到不可投递的数据时，数据将被传递给一个丢弃的路由器，该路由器将数据重发到另一个二层路由器。 多次重传的数据可以被丢弃路由器忽略。

公开(公告)号：US10862709B1

公开(公告)日：2020-12-08

申请号：US15409487

申请日：2017-01-18

Applicant: Amazon Technologies, Inc.

Inventor： Andrew Bruce Dickinson ,  Kevin Christopher Miller ,  Eric Wayne Schultze

IPC: H04L12/66 ,  H04L12/46 ,  H04L12/721

Abstract: A flow policy service that allows clients to define policies for packet flows to, from, and within their virtual networks on a provider network. Logic may be embedded in a flow policy that dictates what happens to a packet as it enters the network, or after the packet leaves an appliance. Via the service, a client may define conditional rules that specify different paths that packets should follow on the provider network according to conditional evaluations of information about the packets, for example source and/or destination endpoints of the packets, or output codes from appliances that process the packets.