公开(公告)号：US20200252375A1

公开(公告)日：2020-08-06

申请号：US16785211

申请日：2020-02-07

Applicant: Amazon Technologies, Inc.

Inventor： Po-Chun Chen ,  Omer Hashmi ,  Sanjay Bhal

IPC: H04L29/06 ,  H04L12/46 ,  H04L12/66 ,  H04L29/08

Abstract: A request to establish an encrypted VPN connection between a network external to a provider network connected to the provider network via a dedicated direct physical link and a set of resources of the provider network is received. A new isolated virtual network (IVN) is established to implement an encryption virtual private gateway to be used for the connection. One or more protocol processing engines (PPEs) are instantiated within the IVN, address information of the one or more PPEs is exchanged with the external network and a respective encrypted VPN tunnel is configured between each of the PPEs and the external network. Routing information pertaining to the set of resources is provided to the external network via at least one of the encrypted VPN tunnels, enabling routing of customer data to the set of resources within the provider network from the external network via an encrypted VPN tunnel implemented over a dedicated direct physical link between the external network and the provider network.

公开(公告)号：US10735292B1

公开(公告)日：2020-08-04

申请号：US16365608

申请日：2019-03-26

Applicant: Amazon Technologies, Inc.

Inventor： Erik Klayton Klavon ,  Po-Chun Chen ,  James Michael Lamanna ,  Halley Jagarapu ,  Jagan Selvarajah

IPC: H04L12/701 ,  H04L12/26 ,  H04L12/46 ,  H04L12/741 ,  H04L12/813 ,  H04L12/825

Abstract: A physical interconnect having multiple virtual paths is coupled between network devices of independent networks operated by different entities. In one aspect, the interconnect is monitored so that the entities can simultaneously and separately monitor network traffic being exchanged across the interconnect. Each entity can be assigned two virtual paths through the interconnect to pass network traffic through their network device, over the interconnect, through a network device of the other entity, back over the interconnect link and back through their network device. The network devices can be configured to loop back network packets using a variety of loopback configurations. Hardware policers that monitor capacity usage of the virtual paths can also be tested.

公开(公告)号：US10536389B1

公开(公告)日：2020-01-14

申请号：US14531919

申请日：2014-11-03

Applicant: Amazon Technologies, Inc.

Inventor： Po-Chun Chen

IPC: G06Q30/00 ,  H04L12/911 ,  G06Q30/02 ,  H04L12/24 ,  G06Q40/00 ,  G06Q10/10 ,  G06Q30/06 ,  G06Q10/06

Abstract: A connectivity coordinator may receive a request for a dedicated physical connection between a provider network and a client network. In response, the connectivity coordinator may determine a capacity for each connection capacity group available to accept the dedicated physical connection. The connectivity coordinator may use the determined capacities for each available connection capacity group to determine bias response information for each connection capacity group based on the determined capacities and a capacity bias model. The connectivity coordinator may provide the determined bias response information to the client as part of a response to the connectivity request to influence the client to select to connect to a connection capacity group that has more physical ports available to accept the dedicated physical connection than other connection capacity groups that have less ports available to accept the dedicated physical connection.

公开(公告)号：US10282669B1

公开(公告)日：2019-05-07

申请号：US14205175

申请日：2014-03-11

Applicant: Amazon Technologies, Inc.

Inventor： Po-Chun Chen ,  Patrick Brigham Cullen

IPC: G06N5/02 ,  G06N7/00 ,  G06N7/02 ,  G06F11/07

Abstract: Techniques are disclosed for determining a possible cause of a problem in a computer system. A trouble-shooting component of the computer system may perform forward chaining on the available data to determine one or more hypotheses of the cause of the problem. The component may then perform backward chaining on the hypotheses to determine missing information that, if known, would increase or decrease the likelihood of the hypotheses being true. Then, the component may perform Bayesian probability analysis on the known and missing information to determine a probability that each hypothesis is correct.

公开(公告)号：US11831611B2

公开(公告)日：2023-11-28

申请号：US16785211

申请日：2020-02-07

Applicant: Amazon Technologies, Inc.

Inventor： Po-Chun Chen ,  Omer Hashmi ,  Sanjay Bhal

IPC: H04L9/40 ,  H04L67/10 ,  H04L12/66 ,  H04L12/46

CPC classification number: H04L63/0272 ,  H04L12/4633 ,  H04L12/66 ,  H04L63/0428 ,  H04L63/18 ,  H04L67/10

Abstract: A request to establish an encrypted VPN connection between a network external to a provider network connected to the provider network via a dedicated direct physical link and a set of resources of the provider network is received. A new isolated virtual network (IVN) is established to implement an encryption virtual private gateway to be used for the connection. One or more protocol processing engines (PPEs) are instantiated within the IVN, address information of the one or more PPEs is exchanged with the external network and a respective encrypted VPN tunnel is configured between each of the PPEs and the external network. Routing information pertaining to the set of resources is provided to the external network via at least one of the encrypted VPN tunnels, enabling routing of customer data to the set of resources within the provider network from the external network via an encrypted VPN tunnel implemented over a dedicated direct physical link between the external network and the provider network.

公开(公告)号：US11088933B2

公开(公告)日：2021-08-10

申请号：US16252185

申请日：2019-01-18

Applicant: Amazon Technologies, Inc.

Inventor： Po-Chun Chen ,  Mark Edward Stalzer ,  Marco Eulenfeld

IPC: H04L12/751

Abstract: A system includes a provider network and a client network connected via a dedicated physical connection. The client network and the provider network exchange routing information using routing protocol messages, such as border gateway protocol (BGP) update messages exchanged during a BGP session. A provider network includes tag field values in outgoing routing protocol messages that indicate a portion of the provider network wherein resources of the provider network associated with a corresponding route are located. The client network may use the tag field value to determine whether to add the route to a routing table of the client network. A client network may also include tag field values in outgoing routing protocol messages to a provider network. The tag field values may indicate what portions of the provider network are to receive the routes from the client network. For example a tag field value may indicate that a route is to be propagated within a limited portion of the provider network.

公开(公告)号：US10708125B1

公开(公告)日：2020-07-07

申请号：US16122765

申请日：2018-09-05

Applicant: Amazon Technologies, Inc.

Inventor： Po-Chun Chen

IPC: H04L12/24 ,  H04L12/715 ,  H04L12/745 ,  H04L29/06 ,  H04L12/723 ,  H04L12/46 ,  G06F9/455 ,  H04L12/713

Abstract: The following description is directed to configuring gateways in computer networks. For example, a system includes a first configurable network programmed with a first set of network addresses and a second configurable network programmed with a second set of network addresses. The system includes a private gateway connecting the first configurable network and the second configurable network to a client private network. The system includes a server computer configured to generate routing information for the private gateway. The routing information can restrict the network addresses that are reachable from the client private network to non-overlapping network address spaces within each of the first configurable network and the second configurable network. The server computer is configured to use the generated routing information to configure the private gateway for forwarding network packets among the client private network, the first configurable network, and the second configurable network.

公开(公告)号：US10652115B1

公开(公告)日：2020-05-12

申请号：US15236099

申请日：2016-08-12

Applicant: Amazon Technologies, Inc.

Inventor： Po-Chun Chen ,  Hassan Ahmed

IPC: H04L12/26

Abstract: A system includes a provider network comprising resources of the provider network implemented on computing devices of the provider network and multiple networking devices. The networking devices are connected via physical network paths within the provider network. The system includes a traffic analyzer that receives at least two different sets of traffic information comprising different types of traffic measurements. The traffic analyzer determines traffic flowrates for the network paths of the provider network and/or a dedicated physical network path between the provider network and the customer network based on the at least two different sets of traffic information.

公开(公告)号：US10560431B1

公开(公告)日：2020-02-11

申请号：US15369626

申请日：2016-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Po-Chun Chen ,  Omer Hashmi ,  Sanjay Bhal

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/66 ,  H04L12/46

Abstract: A request to establish an encrypted VPN connection between a network external to a provider network connected to the provider network via a dedicated direct physical link and a set of resources of the provider network is received. A new isolated virtual network (IVN) is established to implement an encryption virtual private gateway to be used for the connection. One or more protocol processing engines (PPEs) are instantiated within the IVN, address information of the one or more PPEs is exchanged with the external network and a respective encrypted VPN tunnel is configured between each of the PPEs and the external network. Routing information pertaining to the set of resources is provided to the external network via at least one of the encrypted VPN tunnels, enabling routing of customer data to the set of resources within the provider network from the external network via an encrypted VPN tunnel implemented over a dedicated direct physical link between the external network and the provider network.

公开(公告)号：US20190173774A1

公开(公告)日：2019-06-06

申请号：US16252185

申请日：2019-01-18

Applicant: Amazon Technologies, Inc.

Inventor： Po-Chun Chen ,  Mark Edward Stalzer ,  Marco Eulenfeld

IPC: H04L12/751 ,  H04L12/66

Abstract: A system includes a provider network and a client network connected via a dedicated physical connection. The client network and the provider network exchange routing information using routing protocol messages, such as border gateway protocol (BGP) update messages exchanged during a BGP session. A provider network includes tag field values in outgoing routing protocol messages that indicate a portion of the provider network wherein resources of the provider network associated with a corresponding route are located. The client network may use the tag field value to determine whether to add the route to a routing table of the client network. A client network may also include tag field values in outgoing routing protocol messages to a provider network. The tag field values may indicate what portions of the provider network are to receive the routes from the client network. For example a tag field value may indicate that a route is to be propagated within a limited portion of the provider network.