公开(公告)号：US20240333775A1

公开(公告)日：2024-10-03

申请号：US18741445

申请日：2024-06-12

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Justin Lin Hsieh ,  Daniel William Dacosta ,  Nick Matthews ,  Viktor Heorhiadi ,  Lalith Kumar Ramamoorthi ,  Anoop Dawani ,  Omer Hashmi ,  Thomas Nguyen Spendley

IPC: H04L9/40 ,  H04L12/46 ,  H04L41/0893 ,  H04L45/24 ,  H04L47/20

CPC classification number: H04L63/205 ,  H04L12/4675 ,  H04L41/0893 ,  H04L45/24 ,  H04L47/20 ,  H04L63/0272

Abstract: Systems and methods are provided for obtaining policy data associated with a private network implemented at least partly within a cloud provider network; establishing, based on the policy data, a first segment within the private network, wherein in a first geographic region of the cloud provider network, traffic associated with the first segment is isolated from traffic associated with a second segment of the private network, and wherein in a second geographic region of the cloud provider network, traffic associated with the first segment is isolated from traffic associated with a third segment of the private network; obtaining metadata indicating an isolated network of the cloud provider network is associated with the first segment; and enabling the isolated network to communicate, over the first segment, across the first geographic region and the second geographic region.

公开(公告)号：US12021902B1

公开(公告)日：2024-06-25

申请号：US17643769

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Justin Lin Hsieh ,  Daniel William Dacosta ,  Nick Matthews ,  Viktor Heorhiadi ,  Lalith Kumar Ramamoorthi ,  Anoop Dawani ,  Omer Hashmi ,  Thomas Nguyen Spendley

IPC: H04L29/06 ,  H04L9/40 ,  H04L12/46 ,  H04L41/0893 ,  H04L45/24 ,  H04L47/20

CPC classification number: H04L63/205 ,  H04L12/4675 ,  H04L41/0893 ,  H04L45/24 ,  H04L47/20 ,  H04L63/0272

Abstract: Systems and methods are provided for evaluation of communication paths through networks to determine whether communication is permitted across one or more internal network boundaries. The analysis may be used to determine whether a node in one isolated network (e.g., VPC, VPN, client on-premise network, etc.) is able to communicate with a node in another isolated network across region and/or segment boundaries. The automated analysis can allow users (e.g., network administrators) to see what high-level policies (e.g., Cloud WAN policies written in a declarative language) are interfering with or permitting communication between the nodes.

公开(公告)号：US20230179517A1

公开(公告)日：2023-06-08

申请号：US18160997

申请日：2023-01-27

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Bashuman Deb ,  Shridhar Kulkarni ,  Paul John Tillotson ,  Ramin Ali Dousti ,  Indira Radhika Pulla ,  Steve Ge ,  Nicholas Ryan Lombardi ,  Nick Matthews ,  Anoop Dawani

IPC: H04L45/586 ,  H04L45/02 ,  H04L45/16

CPC classification number: H04L45/586 ,  H04L45/04 ,  H04L45/16

Abstract: An indication of a set of premises between which network traffic is to be routed via a private fiber backbone of a provider network is obtained. Respective virtual routers are configured for a first premise and a second premise, and connectivity is established between the virtual routers and routing information sources at the premises. Contents of at least one network packet originating at the first premise are transmitted to the second premise via the private fiber backbone using routing information obtained at the virtual routers from the routing information source at the second premise.

公开(公告)号：US11533231B2

公开(公告)日：2022-12-20

申请号：US16699424

申请日：2019-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Nikhil Reddy Cheruku ,  Alok Mishra ,  Alexander Justin Penney

IPC: H04L41/12 ,  H04L41/0893 ,  H04L12/46 ,  H04L41/22

Abstract: This disclosure describes techniques for configuring and managing scalable global private networks associated with a service provider. Different input mechanisms, such as an API, a UI, or a CLI may be utilized to configure, and manage a global private network that spans across the cloud in different geographic locations and connects to different stand-alone networks. The user may proactively use the input mechanisms to configure and query different network resources to reactively configure settings for reacting to one or more events. The input mechanisms may also be utilized to define the network resources to be modeled within the global private network as well as connections within the global network. A user may configure events/metrics to be monitored, tasks/workflows to be performed, and the like. In some configurations, a network management service (NMS) may perform health monitoring and reachability monitoring to identify possible issues in the global network.

公开(公告)号：US20210168056A1

公开(公告)日：2021-06-03

申请号：US16699431

申请日：2019-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Nikhil Reddy Cheruku ,  Alok Mishra ,  Alexander Justin Penney

IPC: H04L12/26 ,  H04L12/24 ,  H04L29/06

Abstract: This disclosure describes techniques for configuring and managing scalable global private networks associated with a service provider. Different input mechanisms, such as an API, a UI, or a CLI may be utilized to configure, and manage a global private network that spans across the cloud in different geographic locations and connects to different stand-alone networks. The user may proactively use the input mechanisms to configure and query different network resources to reactively configure settings for reacting to one or more events. The input mechanisms may also be utilized to define the network resources to be modeled within the global private network as well as connections within the global network. A user may configure events/metrics to be monitored, tasks/workflows to be performed, and the like. In some configurations, a network management service (NMS) may perform health monitoring and reachability monitoring to identify possible issues in the global network.

公开(公告)号：US20210168036A1

公开(公告)日：2021-06-03

申请号：US16699446

申请日：2019-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Nikhil Reddy Cheruku ,  Alok Mishra ,  Alexander Justin Penney

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/46

Abstract: This disclosure describes techniques for configuring and managing scalable global private networks associated with a service provider. Different input mechanisms, such as an API, a UI, or a CLI may be utilized to configure, and manage a global private network that spans across the cloud in different geographic locations and connects to different stand-alone networks. The user may proactively use the input mechanisms to configure and query different network resources to reactively configure settings for reacting to one or more events. The input mechanisms may also be utilized to define the network resources to be modeled within the global private network as well as connections within the global network. A user may configure events/metrics to be monitored, tasks/workflows to be performed, and the like. In some configurations, a network management service (NMS) may perform health monitoring and reachability monitoring to identify possible issues in the global network.

公开(公告)号：US10757009B2

公开(公告)日：2020-08-25

申请号：US16196717

申请日：2018-11-20

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Paul John Tillotson ,  Thomas Nguyen Spendley ,  Omer Hashmi ,  Baihu Qian ,  Mohamed Nader Farahat Hassan

IPC: H04L12/715 ,  H04L12/721

Abstract: Network pathways are identified to transfer packets between a pair of regional virtual traffic hubs of a provider network. At a first hub of the pair, a first action is performed, resulting in a transmission of a packet received from a first isolated network to the second hub along a pathway selected using dynamic routing parameters. At the second hub, a second action is performed, resulting in the transmission of the packet to a destination within a second isolated network.

公开(公告)号：US11991211B1

公开(公告)日：2024-05-21

申请号：US17643781

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Hrushikesh Jaibheem Gangur ,  Tomasz Jozef Adamski ,  Christian Elsen ,  Baihu Qian ,  Nick Matthews ,  Omer Hashmi ,  Bashuman Deb ,  Thomas Nguyen Spendley

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/20 ,  H04L12/4675 ,  H04L63/0263 ,  H04L63/0272

Abstract: Systems and methods are provided for enforcing symmetric flows of cross-region network traffic through firewalls in multi-region network environments. Enforcement may be configured automatically by analyzing network policy data to identify cross-region traffic that is to be firewalled, and configuring gateway nodes in the various regions to implement symmetric bidirectional flows through any firewalls in the communication path. Beneficially, by enforcing symmetric bi-directional flows of traffic through any firewalls in a communication path, the firewalls may maintain the state of a given communication session even when the communication session is between endpoints in different regions that have different architectures.

公开(公告)号：US20240113998A1

公开(公告)日：2024-04-04

申请号：US18481966

申请日：2023-10-05

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L61/4511 ,  G06F9/455 ,  H04L12/46 ,  H04L41/12 ,  H04L47/2483 ,  H04L61/3015

CPC classification number: H04L61/4511 ,  G06F9/45558 ,  H04L12/4645 ,  H04L41/12 ,  H04L47/2483 ,  H04L61/3025 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Connectivity is enabled between a first and second isolated network using a virtual traffic hub that includes a decision master node responsible for determining a routing action for a packet received at the hub. At the hub, a determination is made that a particular domain name system (DNS) message being directed to a first resource in the first isolated network is to include an indication of a second resource in the second isolated network. The second resource is assigned a network address within a private address range of the second isolated network, which overlaps with a private address range being used in the first isolated network. The hub causes a transformed version of the network address to be included in the DNS message delivered to the first resource.

公开(公告)号：US11936558B1

公开(公告)日：2024-03-19

申请号：US17643774

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Justin Lin Hsieh ,  Daniel William Dacosta ,  Nick Matthews ,  Anoop Dawani ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Viktor Heorhiadi

IPC: H04L45/42 ,  H04L12/46 ,  H04L45/00 ,  H04L45/12 ,  H04L45/745

CPC classification number: H04L45/42 ,  H04L12/4641 ,  H04L45/123 ,  H04L45/22 ,  H04L45/745

Abstract: Systems and methods are provided for evaluation of networks and changes thereto using automated analysis of network models. The automated analysis can be used to determine how to implement and mutate networks efficiently and effectively, to determine whether and why network resources are unable to communicate with each other, and the like. Automated analysis can allow users (e.g., network administrators) to define networks and pose changes to networks using high-level policies (e.g., written in a declarative language), have those polices automatically translated to lower-level implementation operations for analysis, and in some cases have results of the analysis presented back to the users in an easy-to-understand form.