公开(公告)号：US11336528B2

公开(公告)日：2022-05-17

申请号：US16699446

申请日：2019-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Nikhil Reddy Cheruku ,  Alok Mishra ,  Alexander Justin Penney

IPC: H04L12/24 ,  H04L41/12 ,  H04L41/0681 ,  H04L12/46 ,  H04L43/026 ,  H04L41/22 ,  H04L43/087 ,  H04L41/5009 ,  H04L43/0829 ,  H04L41/5003 ,  H04L43/0852 ,  H04L43/00 ,  H04L43/16

Abstract: This disclosure describes techniques for configuring and managing scalable global private networks associated with a service provider. Different input mechanisms, such as an API, a UI, or a CLI may be utilized to configure, and manage a global private network that spans across the cloud in different geographic locations and connects to different stand-alone networks. The user may proactively use the input mechanisms to configure and query different network resources to reactively configure settings for reacting to one or more events. The input mechanisms may also be utilized to define the network resources to be modeled within the global private network as well as connections within the global network. A user may configure events/metrics to be monitored, tasks/workflows to be performed, and the like. In some configurations, a network management service (NMS) may perform health monitoring and reachability monitoring to identify possible issues in the global network.

公开(公告)号：US11310155B1

公开(公告)日：2022-04-19

申请号：US17218024

申请日：2021-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Bashuman Deb ,  Guru Kannan ,  Paul John Tillotson ,  Ramin Ali Dousti ,  Indira Radhika Pulla ,  Fahed Hijazi ,  Xiyuan Gou ,  Steve Ge ,  Yuxin Ren ,  Brandon Michael LaRue ,  Jaywant U Kapadnis

IPC: H04L12/713 ,  H04L45/586 ,  H04L45/12 ,  H04L43/0864 ,  H04L47/762 ,  H04L65/102 ,  H04L47/125

Abstract: A category of auxiliary tasks (such as routing configuration management or packet content transformation) associated with transmission of network packets between sets of network endpoints is determined. A virtual router is configured to transmit the packets between the sets of network endpoints. Connectivity is enabled between the virtual router and an auxiliary task offloading resource. Results of an auxiliary task performed at the offloading resource are used to transmit at least some packets between the sets of network endpoints.

公开(公告)号：US10797989B2

公开(公告)日：2020-10-06

申请号：US16136137

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/715 ,  H04L12/713 ,  H04L12/751 ,  H04L29/12 ,  H04L12/851 ,  G06F16/2457 ,  H04L12/46

Abstract: Metadata indicating that an action implementation node and a routing decision master node have been assigned to a virtual traffic hub programmatically associated with one or more isolated networks is stored. The routing decision master node determines a first action to be implemented for packets of a network flow using state information of the isolated networks, and provides a representation of a first action to the first action implementation node. Based on performing the first action at the action implementation node, contents of a data packet received from one isolated network are transmitted to another isolated network.

公开(公告)号：US10742446B2

公开(公告)日：2020-08-11

申请号：US16136133

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/46 ,  H04L29/12 ,  H04L12/851 ,  H04L12/931 ,  G06F9/455

Abstract: Configuration operations to enable connectivity, using a virtual traffic hub, between a plurality of isolated networks including a first isolated network with a first private address range, are initiated. The hub includes a plurality of nodes including a decision master node responsible for determining routing actions for packets received at the hub. At the decision master node, a translation mapping is obtained for a second private address range of a second isolated network, which overlaps with the first private address range. At a particular node of the hub, using the mapping, a header of a network packet received from the second isolated network and directed to a destination outside the second isolated network is modified.

公开(公告)号：US20200162362A1

公开(公告)日：2020-05-21

申请号：US16196717

申请日：2018-11-20

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Paul John Tillotson ,  Thomas Nguyen Spendley ,  Omer Hashmi ,  Baihu Qian ,  Mohamed Nader Farahat Hassan

IPC: H04L12/715 ,  H04L12/721

Abstract: Network pathways are identified to transfer packets between a pair of regional virtual traffic hubs of a provider network. At a first hub of the pair, a first action is performed, resulting in a transmission of a packet received from a first isolated network to the second hub along a pathway selected using dynamic routing parameters. At the second hub, a second action is performed, resulting in the transmission of the packet to a destination within a second isolated network.

公开(公告)号：US12301443B2

公开(公告)日：2025-05-13

申请号：US18537691

申请日：2023-12-12

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/00 ,  H04L12/46 ,  H04L45/02 ,  H04L45/302 ,  H04L47/2483

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.

公开(公告)号：US12212482B2

公开(公告)日：2025-01-28

申请号：US17933067

申请日：2022-09-16

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Paul John Tillotson ,  Thomas Nguyen Spendley ,  Omer Hashmi ,  Baihu Qian ,  Mohamed Nader Farahat Hassan

IPC: H04L45/02 ,  H04L45/00 ,  H04L45/12

Abstract: Network pathways are identified to transfer packets between a pair of regional virtual traffic hubs of a provider network. At a first hub of the pair, a first action is performed, resulting in a transmission of a packet received from a first isolated network to the second hub along a pathway selected using dynamic routing parameters. At the second hub, a second action is performed, resulting in the transmission of the packet to a destination within a second isolated network.

公开(公告)号：US20240171583A1

公开(公告)日：2024-05-23

申请号：US18058168

申请日：2022-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Shovan Kumar Das ,  Jessica Kira Szmajda ,  Bashuman Deb ,  Sujan Bolisetti ,  Shridhar Kulkarni ,  Baihu Qian ,  Brandon Michael LaRue ,  Stephen A. Saville

IPC: H04L9/40

CPC classification number: H04L63/102 ,  H04L63/0236 ,  H04L63/101

Abstract: Systems and methods are provided for creating and running an instance of a dynamic access control system (DACS). Trust providers may be defined in a trust broker of the DACS such that trust information associated with the trust providers can be used to create a custom data structure. Resources and resource groups may be defined in the DACS. Policies may be configured or coded in the DACS to map the custom data structure to recourses or resources groups. Additionally, policies may be configured or coded in the DACS to route the data structure and request to network segments or shared with other parties.

公开(公告)号：US20230079670A1

公开(公告)日：2023-03-16

申请号：US17933067

申请日：2022-09-16

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Paul John Tillotson ,  Thomas Nguyen Spendley ,  Omer Hashmi ,  Baihu Qian ,  Mohamed Nader Farahat Hassan

IPC: H04L45/02 ,  H04L45/12 ,  H04L45/00

Abstract: Network pathways are identified to transfer packets between a pair of regional virtual traffic hubs of a provider network. At a first hub of the pair, a first action is performed, resulting in a transmission of a packet received from a first isolated network to the second hub along a pathway selected using dynamic routing parameters. At the second hub, a second action is performed, resulting in the transmission of the packet to a destination within a second isolated network.

公开(公告)号：US11601365B2

公开(公告)日：2023-03-07

申请号：US17218036

申请日：2021-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Bashuman Deb ,  Shridhar Kulkarni ,  Paul John Tillotson ,  Ramin Ali Dousti ,  Indira Radhika Pulla ,  Steve Ge ,  Nicholas Ryan Lombardi ,  Nick Matthews ,  Anoop Dawani

IPC: H04L45/586 ,  H04L45/02 ,  H04L45/16

Abstract: An indication of a set of premises between which network traffic is to be routed via a private fiber backbone of a provider network is obtained. Respective virtual routers are configured for a first premise and a second premise, and connectivity is established between the virtual routers and routing information sources at the premises. Contents of at least one network packet originating at the first premise are transmitted to the second premise via the private fiber backbone using routing information obtained at the virtual routers from the routing information source at the second premise.