公开(公告)号：US11451467B2

公开(公告)日：2022-09-20

申请号：US17000150

申请日：2020-08-21

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Paul John Tillotson ,  Thomas Nguyen Spendley ,  Omer Hashmi ,  Baihu Qian ,  Mohamed Nader Farahat Hassan

IPC: H04L45/02 ,  H04L45/12 ,  H04L45/00

Abstract: Network pathways are identified to transfer packets between a pair of regional virtual traffic hubs of a provider network. At a first hub of the pair, a first action is performed, resulting in a transmission of a packet received from a first isolated network to the second hub along a pathway selected using dynamic routing parameters. At the second hub, a second action is performed, resulting in the transmission of the packet to a destination within a second isolated network.

公开(公告)号：US20210218664A1

公开(公告)日：2021-07-15

申请号：US17151014

申请日：2021-01-15

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/715 ,  H04L12/46 ,  H04L12/851 ,  H04L12/725

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.

公开(公告)号：US20210168034A1

公开(公告)日：2021-06-03

申请号：US16699424

申请日：2019-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Nikhil Reddy Cheruku ,  Alok Mishra ,  Alexander Justin Penney

IPC: H04L12/24 ,  H04L12/46

Abstract: This disclosure describes techniques for configuring and managing scalable global private networks associated with a service provider. Different input mechanisms, such as an API, a UI, or a CLI may be utilized to configure, and manage a global private network that spans across the cloud in different geographic locations and connects to different stand-alone networks. The user may proactively use the input mechanisms to configure and query different network resources to reactively configure settings for reacting to one or more events. The input mechanisms may also be utilized to define the network resources to be modeled within the global private network as well as connections within the global network. A user may configure events/metrics to be monitored, tasks/workflows to be performed, and the like. In some configurations, a network management service (NMS) may perform health monitoring and reachability monitoring to identify possible issues in the global network.

公开(公告)号：US10999169B1

公开(公告)日：2021-05-04

申请号：US16699440

申请日：2019-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Nikhil Reddy Cheruku ,  Alok Mishra ,  Alexander Justin Penney

IPC: H04L12/26 ,  H04L12/24 ,  H04L29/08

Abstract: This disclosure describes techniques for configuring and managing scalable global private networks associated with a service provider. Different input mechanisms, such as an API, a UI, or a CLI may be utilized to configure, and manage a global private network that spans across the cloud in different geographic locations and connects to different stand-alone networks. The user may proactively use the input mechanisms to configure and query different network resources to reactively configure settings for reacting to one or more events. The input mechanisms may also be utilized to define the network resources to be modeled within the global private network as well as connections within the global network. A user may configure events/metrics to be monitored, tasks/workflows to be performed, and the like. In some configurations, a network management service (NMS) may perform health monitoring and reachability monitoring to identify possible issues in the global network.

公开(公告)号：US20210058364A1

公开(公告)日：2021-02-25

申请号：US17091995

申请日：2020-11-06

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L29/12 ,  H04L12/24 ,  H04L12/46 ,  G06F9/455 ,  H04L12/851

Abstract: Connectivity is enabled between a first and second isolated network using a virtual traffic hub that includes a decision master node responsible for determining a routing action for a packet received at the hub. At the hub, a determination is made that a particular domain name system (DNS) message being directed to a first resource in the first isolated network is to include an indication of a second resource in the second isolated network. The second resource is assigned a network address within a private address range of the second isolated network, which overlaps with a private address range being used in the first isolated network. The hub causes a transformed version of the network address to be included in the DNS message delivered to the first resource.

公开(公告)号：US20210044512A1

公开(公告)日：2021-02-11

申请号：US17000150

申请日：2020-08-21

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Paul John Tillotson ,  Thomas Nguyen Spendley ,  Omer Hashmi ,  Baihu Qian ,  Mohamed Nader Farahat Hassan

IPC: H04L12/715 ,  H04L12/721

Abstract: Network pathways are identified to transfer packets between a pair of regional virtual traffic hubs of a provider network. At a first hub of the pair, a first action is performed, resulting in a transmission of a packet received from a first isolated network to the second hub along a pathway selected using dynamic routing parameters. At the second hub, a second action is performed, resulting in the transmission of the packet to a destination within a second isolated network.

公开(公告)号：US10897417B2

公开(公告)日：2021-01-19

申请号：US16136138

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/00 ,  H04L12/715 ,  H04L12/46 ,  H04L12/851 ,  H04L12/725

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.

公开(公告)号：US10887284B1

公开(公告)日：2021-01-05

申请号：US16401842

申请日：2019-05-02

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Omer Hashmi

IPC: H04L29/06 ,  H04L12/26 ,  H04L9/08

Abstract: A provider network includes a service that creates virtual private network (VPN) endpoint nodes. Application programming interfaces are available that the creation of VPN endpoint nodes, peer them together, and attach them to respective virtual private networks to thereby establish communication tunnels between pairs of virtual private networks. Each VPN endpoint node may be implemented as a fault tolerant endpoint node in which the node is created as a plurality of virtual machines. Each of the virtual machines is configured from a common machine image that includes software capable of causing the respective virtual machine to configure a tunnel such as an IPSec tunnel. One of the virtual machines, however, is operated in an active mode, while another virtual machine is configured to operate in a standby mode.

公开(公告)号：US10834044B2

公开(公告)日：2020-11-10

申请号：US16136131

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L29/12 ,  H04L12/24 ,  H04L12/46 ,  G06F9/455 ,  H04L12/851

Abstract: Connectivity is enabled between a first and second isolated network using a virtual traffic hub that includes a decision master node responsible for determining a routing action for a packet received at the hub. At the hub, a determination is made that a particular domain name system (DNS) message being directed to a first resource in the first isolated network is to include an indication of a second resource in the second isolated network. The second resource is assigned a network address within a private address range of the second isolated network, which overlaps with a private address range being used in the first isolated network. The hub causes a transformed version of the network address to be included in the DNS message delivered to the first resource.

公开(公告)号：US10798179B2

公开(公告)日：2020-10-06

申请号：US15422076

申请日：2017-02-01

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Omer Hashmi

IPC: G06F15/16 ,  H04L29/08 ,  H04L12/46 ,  H04L12/66 ,  H04L29/06

Abstract: A system includes a virtual private gateway (VGW) provisioning service that is configured to receive a request to establish a VGW. The request specifies a service accessible through the VGW and a customer-configurable policy. The policy restricts access to the specified service to requests sent via the VGW to the specified service. Responsive to the request, the VGW provisioning service instantiates a VGW virtual machine. The VGW virtual machine includes a VGW application configured to establish a secure tunnel over a public network to a remote node and to receive encrypted traffic from the remote node over the secure tunnel. The VGW provisioning service also causes route data for the specified service to be provided to the VGW virtual machine. The VGW application advertises the route data for the specified service over the secure tunnel. The VGW provisioning service provides the policy to the identified service for compliance thereon.