公开(公告)号：US11330008B2

公开(公告)日：2022-05-10

申请号：US16799625

申请日：2020-02-24

Applicant: Amazon Technologies, Inc.

Inventor： Hardeep Singh Uppal ,  Jorge Vasquez ,  Craig Wesley Howard ,  Anton Stephen Radlein

IPC: H04L29/06 ,  H04L101/604 ,  H04L9/32 ,  H04L45/7453 ,  H04L61/4511 ,  H04L101/659 ,  H04L9/06 ,  H04L9/14 ,  H04L9/30 ,  H04L45/00

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

公开(公告)号：US10924411B2

公开(公告)日：2021-02-16

申请号：US16219770

申请日：2018-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Anton Stephen Radlein ,  Harvo Reyzell Jones ,  Hardeep Singh Uppal ,  Dennis Marinus ,  Dhiraj Gupta

IPC: G06F15/173 ,  H04L12/803 ,  H04L12/747 ,  H04L29/12 ,  H04L12/801 ,  H04L12/851 ,  H04L12/721 ,  H04L12/715 ,  H04L12/741 ,  H04L12/24 ,  H04L12/46 ,  H04W28/02 ,  H04W28/08 ,  H04W36/00 ,  H04W36/08 ,  H04L29/08 ,  H04L12/26

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point then forwards the traffic to the selected endpoint. In one embodiment, the access point applies network address translation to enable the traffic to be routed to the endpoint without terminating a connection at the endpoint. The access point may use a variety of techniques to ensure resiliency of the network and knowledge of available endpoints.

公开(公告)号：US20200314004A1

公开(公告)日：2020-10-01

申请号：US16366709

申请日：2019-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Amr Rashad ,  Hardeep Singh Uppal ,  Subramanian Ganapathy ,  Harvo Reyzell Jones

IPC: H04L12/717 ,  H04L12/24 ,  H04L12/707 ,  H04L12/26 ,  H04L12/741

Abstract: Systems and methods are described to enable management of redundant route announcements in an access point including multiple packet processors. Route controllers are described that can generate routing information distributing incoming packets to the access point among the packet processors. The route controllers can operate redundantly, such that a failure of a single controller does not cause a complete failure of the access point. To avoid different announcements by different route controllers (particularly under partial failure scenarios), the route controllers utilize a strongly consistent data store to store routing information. So long as a record within the data store contains valid information, it is considered authoritative and routing information from the record is announced by all route controllers. If the information is invalid, the route controllers attempt to overwrite the information with new, higher priority routing information. A single write succeeds, resulting in new authoritative routing information.

公开(公告)号：US20200162959A1

公开(公告)日：2020-05-21

申请号：US16219797

申请日：2018-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Anton Stephen Radlein ,  Harvo Reyzell Jones ,  Hardeep Singh Uppal ,  Dennis Marinus ,  Dhiraj Gupta

IPC: H04W28/02 ,  H04W28/08 ,  H04W36/08 ,  H04W36/00 ,  H04L12/46

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. The access points enable rapid use of connection-oriented communication sessions by conducting an initialization phase of the sessions locally on the access point. Session context information is then handed off to an endpoint for the service, which can provide the service through the already-established sessions. To avoid breaking sessions due to changes in network routing, each access point can apply a uniform selection criteria for endpoints, such that if client traffic is routed to a different access point, that access point redirects the traffic to the same endpoint previously servicing the traffic via an established session.

公开(公告)号：US10469513B2

公开(公告)日：2019-11-05

申请号：US15389314

申请日：2016-12-22

Applicant: Amazon Technologies, Inc.

Inventor： Hardeep Singh Uppal ,  Jorge Vasquez ,  Craig Wesley Howard ,  Anton Stephen Radlein

IPC: H04L9/00 ,  H04L29/06 ,  H04L9/32 ,  H04L12/743 ,  H04L29/12 ,  H04L9/06 ,  H04L9/14 ,  H04L9/30 ,  H04L12/733

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

公开(公告)号：US20190044846A1

公开(公告)日：2019-02-07

申请号：US16154580

申请日：2018-10-08

Applicant: Amazon Technologies, Inc.

Inventor： Craig Wesley Howard ,  Hardeep Singh Uppal

IPC: H04L12/707 ,  H04L12/26

CPC classification number: H04L43/0894 ,  G06F16/9566 ,  G06F16/9574 ,  H04L43/0876 ,  H04L61/1511

Abstract: Systems and methods for sloppy routing are provided. A client transmits a DNS query corresponding to a requested resource to a content delivery network (CDN) service provider. In some embodiments, the CDN service provider processes the DNS query to determine whether a threshold content delivery bandwidth has been exceeded by data links at cache servers. In other embodiments, additionally or alternatively, the CDN service provider determines whether a content provider has exceeded a threshold network usage that indicates a price at which the CDN service provider to provide content on behalf of the content provider. Using both or either of these thresholds, the CDN service provider can further process the DNS query by providing an alternative resource identifier or a cache IP address, both associated with an alternative POP. In some embodiments, the CDN service provider determines a routing mode for the response to the DNS query.

公开(公告)号：US10033627B1

公开(公告)日：2018-07-24

申请号：US14575798

申请日：2014-12-18

Applicant: Amazon Technologies, Inc.

Inventor： Craig Wesley Howard ,  Hardeep Singh Uppal

IPC: G06F15/173 ,  H04L12/707 ,  H04L12/747 ,  H04L12/26

CPC classification number: H04L45/22 ,  H04L43/0876 ,  H04L43/0888 ,  H04L43/16

Abstract: Systems and methods for sloppy routing are provided. A client transmits a DNS query corresponding to a requested resource to a content delivery network (CDN) service provider. In some embodiments, the CDN service provider processes the DNS query to determine whether a threshold content delivery bandwidth has been exceeded by data links at cache servers. In other embodiments, additionally or alternatively, the CDN service provider determines whether a content provider has exceeded a threshold network usage that indicates a price at which the CDN service provider to provide content on behalf of the content provider. Using both or either of these thresholds, the CDN service provider can further process the DNS query by providing an alternative resource identifier or a cache IP address, both associated with an alternative POP. In some embodiments, the CDN service provider determines a routing mode for the response to the DNS query.

公开(公告)号：US20180097631A1

公开(公告)日：2018-04-05

申请号：US15389302

申请日：2016-12-22

Applicant: Amazon Technologies, Inc.

Inventor： Hardeep Singh Uppal ,  Jorge Vasquez ,  Craig Wesley Howard ,  Anton Stephen Radlein

IPC: H04L9/32 ,  H04L12/743 ,  H04L29/12 ,  H04L29/06

CPC classification number: H04L63/1425 ,  H04L9/0643 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3236 ,  H04L9/3247 ,  H04L45/20 ,  H04L45/7453 ,  H04L61/1511 ,  H04L61/6004 ,  H04L61/6059 ,  H04L63/0428 ,  H04L63/1458

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.