公开(公告)号：US20240171573A1

公开(公告)日：2024-05-23

申请号：US18058198

申请日：2022-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Sujan Bolisetti ,  Shovan Kumar Das ,  Jessica Kira Szmajda ,  Harshit Kumar Tiwari ,  Bashuman Deb ,  Stephen A. Saville

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/101 ,  H04L63/105

Abstract: Systems and methods are provided for creating and running an instance of a dynamic access control system (DACS). Trust providers may be defined in a trust broker of the DACS such that trust information associated with the trust providers can be used to create a custom data structure. Resources and resource groups may be defined in the DACS. Policies may be configured or coded in the DACS to map the custom data structure to recourses or resources groups. Additionally, policies may be configured or coded in the DACS to route the data structure and request to network segments or shared with other parties.

公开(公告)号：US11991211B1

公开(公告)日：2024-05-21

申请号：US17643781

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Hrushikesh Jaibheem Gangur ,  Tomasz Jozef Adamski ,  Christian Elsen ,  Baihu Qian ,  Nick Matthews ,  Omer Hashmi ,  Bashuman Deb ,  Thomas Nguyen Spendley

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/20 ,  H04L12/4675 ,  H04L63/0263 ,  H04L63/0272

Abstract: Systems and methods are provided for enforcing symmetric flows of cross-region network traffic through firewalls in multi-region network environments. Enforcement may be configured automatically by analyzing network policy data to identify cross-region traffic that is to be firewalled, and configuring gateway nodes in the various regions to implement symmetric bidirectional flows through any firewalls in the communication path. Beneficially, by enforcing symmetric bi-directional flows of traffic through any firewalls in a communication path, the firewalls may maintain the state of a given communication session even when the communication session is between endpoints in different regions that have different architectures.

公开(公告)号：US20240113998A1

公开(公告)日：2024-04-04

申请号：US18481966

申请日：2023-10-05

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L61/4511 ,  G06F9/455 ,  H04L12/46 ,  H04L41/12 ,  H04L47/2483 ,  H04L61/3015

CPC classification number: H04L61/4511 ,  G06F9/45558 ,  H04L12/4645 ,  H04L41/12 ,  H04L47/2483 ,  H04L61/3025 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Connectivity is enabled between a first and second isolated network using a virtual traffic hub that includes a decision master node responsible for determining a routing action for a packet received at the hub. At the hub, a determination is made that a particular domain name system (DNS) message being directed to a first resource in the first isolated network is to include an indication of a second resource in the second isolated network. The second resource is assigned a network address within a private address range of the second isolated network, which overlaps with a private address range being used in the first isolated network. The hub causes a transformed version of the network address to be included in the DNS message delivered to the first resource.

公开(公告)号：US11936558B1

公开(公告)日：2024-03-19

申请号：US17643774

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Justin Lin Hsieh ,  Daniel William Dacosta ,  Nick Matthews ,  Anoop Dawani ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Viktor Heorhiadi

IPC: H04L45/42 ,  H04L12/46 ,  H04L45/00 ,  H04L45/12 ,  H04L45/745

CPC classification number: H04L45/42 ,  H04L12/4641 ,  H04L45/123 ,  H04L45/22 ,  H04L45/745

Abstract: Systems and methods are provided for evaluation of networks and changes thereto using automated analysis of network models. The automated analysis can be used to determine how to implement and mutate networks efficiently and effectively, to determine whether and why network resources are unable to communicate with each other, and the like. Automated analysis can allow users (e.g., network administrators) to define networks and pose changes to networks using high-level policies (e.g., written in a declarative language), have those polices automatically translated to lower-level implementation operations for analysis, and in some cases have results of the analysis presented back to the users in an easy-to-understand form.

公开(公告)号：US11882017B2

公开(公告)日：2024-01-23

申请号：US17929649

申请日：2022-09-02

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/00 ,  H04L45/02 ,  H04L12/46 ,  H04L47/2483 ,  H04L45/302

CPC classification number: H04L45/04 ,  H04L12/4633 ,  H04L45/306 ,  H04L47/2483 ,  H04L2212/00

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.

公开(公告)号：US11824773B2

公开(公告)日：2023-11-21

申请号：US17218031

申请日：2021-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Bashuman Deb ,  Shridhar Kulkarni ,  Paul John Tillotson ,  Indira Radhika Pulla ,  Ramin Ali Dousti ,  Nicholas Ryan Lombardi ,  Steve Ge ,  Nick Matthews ,  Anoop Dawani

IPC: H04L45/586 ,  H04L45/24 ,  H04L12/46 ,  H04L45/00 ,  H04L45/02

CPC classification number: H04L45/586 ,  H04L12/4641 ,  H04L45/02 ,  H04L45/20 ,  H04L45/24

Abstract: A pair of virtual routers is configured. In response to programmatic requests, dynamic transfer of routing information between the routers in accordance with configuration settings indicated by a client is enabled. The routing information is associated with a set of isolated networks to which the virtual routers are attached. A network packet originating at an address in a first isolated network is transmitted to an address in a second isolated network using a route determined from routing information transmitted between the virtual routers according to the configuration settings.

公开(公告)号：US11729077B2

公开(公告)日：2023-08-15

申请号：US16699431

申请日：2019-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Nikhil Reddy Cheruku ,  Alok Mishra ,  Alexander Justin Penney

IPC: H04L41/0813 ,  H04L41/22 ,  H04L9/40 ,  H04L43/0817 ,  H04L43/0823

CPC classification number: H04L43/0817 ,  H04L41/0813 ,  H04L41/22 ,  H04L43/0823 ,  H04L63/0272

Abstract: This disclosure describes techniques for configuring and managing scalable global private networks associated with a service provider. Different input mechanisms, such as an API, a UI, or a CLI may be utilized to configure, and manage a global private network that spans across the cloud in different geographic locations and connects to different stand-alone networks. The user may proactively use the input mechanisms to configure and query different network resources to reactively configure settings for reacting to one or more events. The input mechanisms may also be utilized to define the network resources to be modeled within the global private network as well as connections within the global network. A user may configure events/metrics to be monitored, tasks/workflows to be performed, and the like. In some configurations, a network management service (NMS) may perform health monitoring and reachability monitoring to identify possible issues in the global network.

公开(公告)号：US20230164059A1

公开(公告)日：2023-05-25

申请号：US17456549

申请日：2021-11-24

Applicant: Amazon Technologies, Inc.

Inventor： Anoop Dawani ,  Bashuman Deb ,  Baihu Qian ,  Omer Hashmi ,  Nick Matthews ,  Shridhar Kulkarni ,  Thomas Nguyen Spendley ,  Indira Radhika Pulla ,  David Jonathan Adams ,  Nicholas Ryan Lombardi ,  Brandon Michael LaRue ,  Aaron Scott DeBruin ,  Ramin Ali Dousti

IPC: H04L45/00 ,  H04L45/30 ,  H04L45/44 ,  H04L45/02

CPC classification number: H04L45/04 ,  H04L45/306 ,  H04L45/566 ,  H04L45/44 ,  H04L45/02 ,  H04L63/0272

Abstract: Systems and methods are provided for management of network segments that cross geographic regions and/or other types of network divisions in a cloud-based network environment. Gateway may manage traffic across regions using routing metadata that includes a segment identifier. The gateways may also signal their routes across regions based on segment data, and implement the signaled routes using segment-based routing policies. Route selection may be performed using optimization data.

公开(公告)号：US20210160218A1

公开(公告)日：2021-05-27

申请号：US17145130

申请日：2021-01-08

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Andrew Bruce Dickinson ,  Christopher Ian Hendrie

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

公开(公告)号：US20200162383A1

公开(公告)日：2020-05-21

申请号：US16196709

申请日：2018-11-20

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Paul John Tillotson ,  Thomas Nguyen Spendley ,  Omer Hashmi ,  Baihu Qian ,  Mohamed Nader Farahat Hassan

IPC: H04L12/741 ,  H04L12/931 ,  H04L12/721 ,  H04L12/751 ,  H04L29/08 ,  H04L29/06 ,  G06F9/455

Abstract: At an action implementation layer of a virtual traffic hub, a packet is obtained from a first isolated network. A first action, generated at a decision making layer of the hub based on a first route table of the hub, is performed, resulting in transmission of at least one network packet to a first destination. In response to a second packet, obtained at the action implementation layer from a source outside the first isolated network, a second action is performed, resulting in transmission of at least one packet to a second destination. The second action is generated based on a second route table of the hub.