Propagating access rules on virtual networks in provider network environments

    公开(公告)号:US10326710B1

    公开(公告)日:2019-06-18

    申请号:US14843881

    申请日:2015-09-02

    Abstract: Methods and apparatus that automatically propagate access rules for access groups within clients' virtual networks on a provider network. A peering protocol may be used to advertise routes from a gateway of a client's external network to a virtual gateway of the client's virtual network via direct and/or virtual connections. The advertised routes may be automatically propagated into the virtual network so that traffic can flow between the source address ranges of the advertised routes and the virtual network. Access group information may be included as metadata with at least some route advertisements. Access rules for access groups on the virtual network may be automatically created or updated according to the metadata included with the advertised routes to allow access from network addresses on the client's external network to the client's resources in the access groups.

    Route advertisement management using tags in directly connected networks

    公开(公告)号:US10187289B1

    公开(公告)日:2019-01-22

    申请号:US14981677

    申请日:2015-12-28

    Abstract: A system includes a provider network and a client network connected via a dedicated physical connection. The client network and the provider network exchange routing information using routing protocol messages, such as border gateway protocol (BGP) update messages exchanged during a BGP session. A provider network includes tag field values in outgoing routing protocol messages that indicate a portion of the provider network wherein resources of the provider network associated with a corresponding route are located. The client network may use the tag field value to determine whether to add the route to a routing table of the client network. A client network may also include tag field values in outgoing routing protocol messages to a provider network. The tag field values may indicate what portions of the provider network are to receive the routes from the client network. For example a tag field value may indicate that a route is to be propagated within a limited portion of the provider network.

    NETWORK CONNECTION AUTOMATION
    8.
    发明申请
    NETWORK CONNECTION AUTOMATION 有权
    网络连接自动化

    公开(公告)号:US20150082039A1

    公开(公告)日:2015-03-19

    申请号:US14029496

    申请日:2013-09-17

    Abstract: A computing resource service provider receives a request from a customer to establish a physical connection between a provider network device and a customer network device in a colocation center. Once the connection has been established, the customer may transmit cryptographic authentication information, through the physical connection, to the provider network device. The provider network device transmits this information to an authentication service operated by the computing resource service provider to verify the authenticity of the information. If the information is authentic, the authentication service may re-configure the provider network device to allow the customer to access one or more services provided by the computing resource service provider. The authentication service may transmit cryptographic authentication information to the customer to verify the identity of the computing resource service provider.

    Abstract translation: 计算资源服务提供者接收来自客户的请求,以在托管中心内的提供商网络设备和客户网络设备之间建立物理连接。 一旦建立了连接,客户可以通过物理连接将加密认证信息传送到提供商网络设备。 提供商网络设备将该信息发送到由计算资源服务提供商操作的认证服务,以验证信息的真实性。 如果信息是真实的,认证服务可以重新配置提供商网络设备以允许客户访问计算资源服务提供商提供的一个或多个服务。 验证服务可以向客户发送加密认证信息,以验证计算资源服务提供商的身份。

    PARTITIONED PRIVATE INTERCONNECTS TO PROVIDER NETWORKS

    公开(公告)号:US20210142374A1

    公开(公告)日:2021-05-13

    申请号:US17156363

    申请日:2021-01-22

    Abstract: Methods and apparatus for partitioned private interconnects to provider networks are described. At least a portion of available bandwidth of a private physical interconnect between a provider network and a connectivity intermediary's network is designated as the bandwidth limit of an interconnect partition set up on behalf of a customer at the request of the intermediary. The intermediary's network comprises one or more devices to which at least one of the customer's devices is connected. Access to one or more resources of the provider network via the interconnect is enabled. Traffic monitoring results associated with the interconnect are used to enforce the designated bandwidth limit of the partition.

Patent Agency Ranking