公开(公告)号：US10193866B2

公开(公告)日：2019-01-29

申请号：US15798052

申请日：2017-10-30

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Andrew Bruce Dickinson ,  Christopher Ian Hendrie

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

公开(公告)号：US10142226B1

公开(公告)日：2018-11-27

申请号：US15604596

申请日：2017-05-24

Applicant: Amazon Technologies, Inc.

Inventor： Yiwen Wu ,  Bashuman Deb ,  Russell Richard Leighton ,  Mark Edward Stalzer

IPC: H04L12/713 ,  H04L12/46 ,  H04L29/08 ,  H04L12/741

Abstract: A forwarding engine of a fleet of forwarding engines forwards packets received from outside a provider network via a direct physical link to a resource within the provider network. A virtual router of a fleet of virtual routers obtains routing metadata from a client-side networking device outside the provider network via a routing information exchange protocol and transmits the routing metadata to the forwarding engine, which uses the metadata to forward the packets. In response to a first trigger, the number of forwarding engines in the fleet is modified. In response to a second trigger, the number of virtual routers in the fleet is modified.

公开(公告)号：US10002001B1

公开(公告)日：2018-06-19

申请号：US13770992

申请日：2013-02-19

Applicant: Amazon Technologies, Inc.

Inventor： Christopher Ian Hendrie ,  Bashuman Deb ,  Paul John Tillotson

IPC: G06F9/44 ,  G06F12/06 ,  G06F3/06

CPC classification number: G06F12/0692 ,  G06F3/0607 ,  G06F3/0661 ,  G06F3/067 ,  G06F12/0646 ,  G06F16/10

Abstract: The embodiments herein allow importation of a disk image (real or virtual) into a compute service environment. Any imported disk image can be reconfigured into a geometry compatible with the compute service environment into which it is imported. The reconfiguration can be accomplished through modifying the C, H, and S address values in the master boot record in order to match the virtualized disk environment.

公开(公告)号：US09935829B1

公开(公告)日：2018-04-03

申请号：US14495372

申请日：2014-09-24

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Bashuman Deb

IPC: H04L12/24 ,  H04L12/26 ,  G06F15/177 ,  G06F9/455

CPC classification number: H04L41/0816 ,  G06F9/455 ,  G06F15/177 ,  H04L41/085 ,  H04L41/0896 ,  H04L43/0876 ,  H04L43/16

Abstract: A control-plane component of a virtualization-based packet processing service determines (a) a performance goal for a first category of packet processing operations to be implemented using compute instances of a virtual computing service and (b) one or more packet processing rules. The control-plane component assigns one or more compute instances as nodes of a packet processing cluster designated to perform the requested operations. The control-plane component provides metadata to the client, to be used to establish connectivity between the cluster and one or more sources of the traffic whose packets are to be processed.

公开(公告)号：US20150169343A1

公开(公告)日：2015-06-18

申请号：US14631682

申请日：2015-02-25

Applicant: Amazon Technologies, Inc.

Inventor： Avichai M. Lissack ,  Bashuman Deb

IPC: G06F9/455

CPC classification number: G06F9/45533 ,  G06F8/76

Abstract: Techniques are described for facilitating sharing and reuse of executable software images between multiple execution environments. In at least some situations, the executable software images are virtual machine images (e.g., images that are bootable or otherwise loadable by a virtual machine in a particular virtualization environment, and that each include operating system software and/or software for one or more application programs, optionally along with one or more hard disks or other representations of stored data). The described techniques may include use of an image conversion tool that is configured to support interactions with multiple distinct types of source execution environments to extract executable software images from those environments, and to modify extracted software images for execution in one or more distinct types of destination execution environments, optionally as directed by one or more users via a GUI provided by the image conversion tool.

Abstract translation: 描述了用于促进在多个执行环境之间共享和重用可执行软件映像的技术。 在至少一些情况下，可执行软件映像是虚拟机映像（例如，虚拟机在特定虚拟化环境中可引导或以其他方式加载的映像，并且每个映像包括用于一个或多个应用程序的操作系统软件和/或软件 程序，可选地与一个或多个硬盘或存储数据的其他表示）。 所描述的技术可以包括使用图像转换工具，其被配置为支持与多个不同类型的源执行环境的交互以从这些环境提取可执行软件映像，并且修改提取的软件映像以在一个或多个不同类型的目的地中执行 执行环境，可选地由一个或多个用户经由图像转换工具提供的GUI指示。

公开(公告)号：US20140351814A1

公开(公告)日：2014-11-27

申请号：US14454631

申请日：2014-08-07

Applicant: Amazon Technologies, Inc.

Inventor： Aparna Nagargadde ,  Bashuman Deb

IPC: G06F9/455 ,  H04L12/26

CPC classification number: G06F9/45533 ,  G06F9/455 ,  H04L43/08 ,  H04L45/586

Abstract: Systems and method for the management of virtual machine instances are provided. A network data transmission analysis system can host virtual machine networks. A component of a hosted virtual machine network is configured in a manner to receive commands directed towards a simulated network device. The component may then execute a process or processes on the hosted virtual machine network which correspond to the received command.

Abstract translation: 提供了用于管理虚拟机实例的系统和方法。 网络数据传输分析系统可以托管虚拟机网络。 托管虚拟机网络的组件被配置为接收指向模拟网络设备的命令。 然后，组件可以在对应于所接收的命令的托管虚拟机网络上执行进程或进程。

公开(公告)号：US12212482B2

公开(公告)日：2025-01-28

申请号：US17933067

申请日：2022-09-16

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Paul John Tillotson ,  Thomas Nguyen Spendley ,  Omer Hashmi ,  Baihu Qian ,  Mohamed Nader Farahat Hassan

IPC: H04L45/02 ,  H04L45/00 ,  H04L45/12

Abstract: Network pathways are identified to transfer packets between a pair of regional virtual traffic hubs of a provider network. At a first hub of the pair, a first action is performed, resulting in a transmission of a packet received from a first isolated network to the second hub along a pathway selected using dynamic routing parameters. At the second hub, a second action is performed, resulting in the transmission of the packet to a destination within a second isolated network.

公开(公告)号：US12184647B2

公开(公告)日：2024-12-31

申请号：US18058198

申请日：2022-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Sujan Bolisetti ,  Shovan Kumar Das ,  Jessica Kira Szmajda ,  Harshit Kumar Tiwari ,  Bashuman Deb ,  Stephen A. Saville

IPC: H04L9/40

Abstract: Systems and methods are provided for creating and running an instance of a dynamic access control system (DACS). Trust providers may be defined in a trust broker of the DACS such that trust information associated with the trust providers can be used to create a custom data structure. Resources and resource groups may be defined in the DACS. Policies may be configured or coded in the DACS to map the custom data structure to recourses or resources groups. Additionally, policies may be configured or coded in the DACS to route the data structure and request to network segments or shared with other parties.

公开(公告)号：US20240171583A1

公开(公告)日：2024-05-23

申请号：US18058168

申请日：2022-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Shovan Kumar Das ,  Jessica Kira Szmajda ,  Bashuman Deb ,  Sujan Bolisetti ,  Shridhar Kulkarni ,  Baihu Qian ,  Brandon Michael LaRue ,  Stephen A. Saville

IPC: H04L9/40

CPC classification number: H04L63/102 ,  H04L63/0236 ,  H04L63/101

Abstract: Systems and methods are provided for creating and running an instance of a dynamic access control system (DACS). Trust providers may be defined in a trust broker of the DACS such that trust information associated with the trust providers can be used to create a custom data structure. Resources and resource groups may be defined in the DACS. Policies may be configured or coded in the DACS to map the custom data structure to recourses or resources groups. Additionally, policies may be configured or coded in the DACS to route the data structure and request to network segments or shared with other parties.

公开(公告)号：US11652736B2

公开(公告)日：2023-05-16

申请号：US16917788

申请日：2020-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Dheerendra Talur ,  Milind Madhukar Kulkarni ,  Bashuman Deb ,  Jose De Jesus Camacho Ruiz

IPC: H04L45/00 ,  H04L45/42 ,  H04L43/0817 ,  H04L12/46 ,  H04L41/0604 ,  H04L43/0823 ,  H04L45/586 ,  G06F9/455

CPC classification number: H04L45/20 ,  H04L12/4641 ,  H04L41/0627 ,  H04L43/0817 ,  H04L43/0823 ,  H04L45/42 ,  H04L45/54 ,  H04L45/586 ,  G06F2009/45595

Abstract: Systems and methods are provided to enable packets of network traffic to be hashed to available network gateway. Each packet can include a route table with a pool of network gateways as a next-hop of the packet. A network device may intercept the packet and hash the packet to a network gateway of the pool of network gateways. The network gateway can correspond to a stateful network router and the stateful network router can transmit the packet to a network appliance. The network device can monitor and perform health-checks on the network gateways, the stateful network routers, and the network appliances. The network device can remove components that are no longer healthy or available and can add components that subsequently become healthy.