公开(公告)号：US09813379B1

公开(公告)日：2017-11-07

申请号：US14274546

申请日：2014-05-09

Applicant: Amazon Technologies, Inc.

Inventor： Upendra Bhalchandra Shevade ,  Gregory Rustin Rogers ,  Kevin Christopher Miller ,  Bashuman Deb ,  Michael Brooke Furr

IPC: H04L29/06 ,  H04L12/707 ,  H04L12/721

CPC classification number: H04L63/0272 ,  H04L41/5025 ,  H04L41/5051 ,  H04L41/5077 ,  H04L45/24 ,  H04L45/70

Abstract: A request to establish a VPN connection between a customer data center and a set of resources of a provider network is received. A new isolated virtual network (IVN) is established to implement a virtual private gateway to be used for the connection. One or more protocol processing engines (PPEs) are instantiated within the IVN, and a respective VPN tunnel is configured between each of the PPEs and the customer data center. Routing information pertaining to the set of resources is provided to the customer data center via at least one of the VPN tunnels, enabling routing of customer data to the set of resources within the provider network from the customer data center.

公开(公告)号：US12160366B2

公开(公告)日：2024-12-03

申请号：US17218039

申请日：2021-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Baihu Qian ,  Guru Kannan ,  Shridhar Kulkarni ,  Paul John Tillotson ,  Ramin Ali Dousti ,  Indira Radhika Pulla ,  Yuxin Ren ,  Fahed Hijazi ,  Xiyuan Gou ,  Steve Ge ,  Nicholas Ryan Lombardi ,  Brandon Michael LaRue ,  Jaywant U. Kapadnis ,  Anoop Dawani

IPC: H04L45/586 ,  H04L45/74 ,  H04L65/102 ,  H04L69/12 ,  H04L69/326

Abstract: A message indicating an auxiliary task associated with traffic transmitted via a virtual router between a pair of isolated networks is received at an offloading device. A stack multiplexer at the offloading device selects a protocol stack instance to process the message. A result of the auxiliary task is obtained by the multiplexer from the selected protocol stack instance and transmitted to the virtual router, where it is used to transmit a packet between the isolated networks.

公开(公告)号：US20230164076A1

公开(公告)日：2023-05-25

申请号：US17456548

申请日：2021-11-24

Applicant: Amazon Technologies, Inc.

Inventor： Anoop Dawani ,  Bashuman Deb ,  Baihu Qian ,  Omer Hashmi ,  Nick Matthews ,  Shridhar Kulkarni ,  Thomas Nguyen Spendley ,  Steve Ge ,  Justin Lin Hsieh ,  Guru Kannan ,  Alok Mishra

IPC: H04L45/745 ,  H04L12/46 ,  H04L12/66

CPC classification number: H04L45/745 ,  H04L12/4641 ,  H04L12/66

Abstract: Systems and methods are provided for management of network segments that cross geographic regions and/or other types of network divisions in a cloud-based network environment. A cloud-based network provider's geographically-dispersed network infrastructure may serve as the core of a client's private wide area network, and the client may define isolated segments to which other networks (virtual private clouds, virtual private networks, etc.) may be attached. The various segments may remain logically isolated from each other even when implemented across some or all of the same regions—and using the same physical and/or virtual routing components—as other segments of the same client and/or other clients.

公开(公告)号：US11438255B2

公开(公告)日：2022-09-06

申请号：US17151014

申请日：2021-01-15

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/00 ,  H04L45/02 ,  H04L12/46 ,  H04L47/2483 ,  H04L45/302

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.

公开(公告)号：US11336528B2

公开(公告)日：2022-05-17

申请号：US16699446

申请日：2019-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Nikhil Reddy Cheruku ,  Alok Mishra ,  Alexander Justin Penney

IPC: H04L12/24 ,  H04L41/12 ,  H04L41/0681 ,  H04L12/46 ,  H04L43/026 ,  H04L41/22 ,  H04L43/087 ,  H04L41/5009 ,  H04L43/0829 ,  H04L41/5003 ,  H04L43/0852 ,  H04L43/00 ,  H04L43/16

Abstract: This disclosure describes techniques for configuring and managing scalable global private networks associated with a service provider. Different input mechanisms, such as an API, a UI, or a CLI may be utilized to configure, and manage a global private network that spans across the cloud in different geographic locations and connects to different stand-alone networks. The user may proactively use the input mechanisms to configure and query different network resources to reactively configure settings for reacting to one or more events. The input mechanisms may also be utilized to define the network resources to be modeled within the global private network as well as connections within the global network. A user may configure events/metrics to be monitored, tasks/workflows to be performed, and the like. In some configurations, a network management service (NMS) may perform health monitoring and reachability monitoring to identify possible issues in the global network.

公开(公告)号：US20220141080A1

公开(公告)日：2022-05-05

申请号：US17491992

申请日：2021-10-01

Applicant: Amazon Technologies, Inc.

Inventor： Behdad Baniani ,  Bashuman Deb ,  Colm Gearóid MacCárthaigh

IPC: H04L41/06 ,  H04L12/46 ,  H04L45/02 ,  H04L12/66 ,  H04L45/745

Abstract: At a computing service, an indication of associations of a set of network interfaces with a gateway is obtained. Individual ones of the interfaces are configured in respective availability-based resource groups. In response to detecting that a message originates at a resource within a particular availability-based resource group, a network interface of the set is selected based at least partly on the source of availability-based resource group, and the message is transmitted to a network address assigned to the selected interface.

公开(公告)号：US11310155B1

公开(公告)日：2022-04-19

申请号：US17218024

申请日：2021-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Bashuman Deb ,  Guru Kannan ,  Paul John Tillotson ,  Ramin Ali Dousti ,  Indira Radhika Pulla ,  Fahed Hijazi ,  Xiyuan Gou ,  Steve Ge ,  Yuxin Ren ,  Brandon Michael LaRue ,  Jaywant U Kapadnis

IPC: H04L12/713 ,  H04L45/586 ,  H04L45/12 ,  H04L43/0864 ,  H04L47/762 ,  H04L65/102 ,  H04L47/125

Abstract: A category of auxiliary tasks (such as routing configuration management or packet content transformation) associated with transmission of network packets between sets of network endpoints is determined. A virtual router is configured to transmit the packets between the sets of network endpoints. Connectivity is enabled between the virtual router and an auxiliary task offloading resource. Results of an auxiliary task performed at the offloading resource are used to transmit at least some packets between the sets of network endpoints.

公开(公告)号：US11310149B1

公开(公告)日：2022-04-19

申请号：US17033221

申请日：2020-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Dheerendra Talur ,  Milind Madhukar Kulkarni ,  Justin Davies

IPC: H04L12/715 ,  H04L12/46 ,  H04L45/00 ,  H04L45/74

Abstract: Systems and methods are provided to enable packets of network traffic to be routed to a network appliance. Bidirectional flows of network traffic can be routed to the same network appliance based on flow information of the corresponding packets. A network device may intercept the packet corresponding to a first flow and route the packet to a specific network appliance based on the first flow information. The network device may generate a direction agnostic tuple value based on data groups of the first flow information. The network device may propagate the direction agnostic tuple value across availability zones to a second network device in a different availability zone to store the direction agnostic tuple value for use for subsequent packets. The second network device can receive a second packet and transmit the second packet to the same network appliance based on the direction agnostic tuple value.

公开(公告)号：US10797989B2

公开(公告)日：2020-10-06

申请号：US16136137

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/715 ,  H04L12/713 ,  H04L12/751 ,  H04L29/12 ,  H04L12/851 ,  G06F16/2457 ,  H04L12/46

Abstract: Metadata indicating that an action implementation node and a routing decision master node have been assigned to a virtual traffic hub programmatically associated with one or more isolated networks is stored. The routing decision master node determines a first action to be implemented for packets of a network flow using state information of the isolated networks, and provides a representation of a first action to the first action implementation node. Based on performing the first action at the action implementation node, contents of a data packet received from one isolated network are transmitted to another isolated network.

公开(公告)号：US10742446B2

公开(公告)日：2020-08-11

申请号：US16136133

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/46 ,  H04L29/12 ,  H04L12/851 ,  H04L12/931 ,  G06F9/455

Abstract: Configuration operations to enable connectivity, using a virtual traffic hub, between a plurality of isolated networks including a first isolated network with a first private address range, are initiated. The hub includes a plurality of nodes including a decision master node responsible for determining routing actions for packets received at the hub. At the decision master node, a translation mapping is obtained for a second private address range of a second isolated network, which overlaps with the first private address range. At a particular node of the hub, using the mapping, a header of a network packet received from the second isolated network and directed to a destination outside the second isolated network is modified.