公开(公告)号：US10389608B2

公开(公告)日：2019-08-20

申请号：US13833945

申请日：2013-03-15

Applicant: Amazon Technologies, Inc.

Inventor： Ian Roger Searle ,  Peter Nicholas Desantis

IPC: H04L12/26

Abstract: An overlay network analysis method obtains data including but not limited to client packet traffic data on an overlay network, and performs one or more analyses based on the obtained data to generate and output topological and/or performance information for the overlay network and/or the network substrate on which the overlay network is implemented. Client traffic data collected for specific client resource instances may be analyzed to generate performance metrics for the overlay network between the instances. Aggregated client traffic data for specific clients may also be analyzed to generate mappings of the clients' private network implementations on the overlay network, as well as performance metrics for the clients' private networks on the overlay network. In addition, client traffic data from multiple clients may be aggregated and analyzed to generate mappings and performance metrics for the overlay network as a whole.

公开(公告)号：US10374949B2

公开(公告)日：2019-08-06

申请号：US15823185

申请日：2017-11-27

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Andrew Bruce Dickinson ,  Eric Wayne Schultze ,  Ian Roger Searle ,  Shane Ashley Hall ,  Deepak Mohan ,  David Brian Lennon

IPC: H04L12/713 ,  H04L12/741 ,  H04L29/06

Abstract: Methods and apparatus that allow clients to connect resource instances to virtual networks in provider network environments via private IP. Via private IP linking methods and apparatus, a client of a provider network can establish private IP communications between the client's resource instances on the provider network and the client's resource instances provisioned in the client's virtual network via links from the private IP address space of the virtual network to the private IP address space of the provider network. The provider network client resource instances remain part of the client's provider network implementation and may thus also communicate with other resource instances on the provider network and/or with entities on external networks via public IP while communicating with the virtual network resource instances via private IP.

公开(公告)号：US10367753B2

公开(公告)日：2019-07-30

申请号：US15179739

申请日：2016-06-10

Applicant: Amazon Technologies, Inc.

Inventor： Eric W. Schultze ,  Aaron C. Thompson ,  Arijit Ganguly ,  Padmini C. Iyer ,  Tobias L. Holgers ,  Christopher J. Lefelhocz ,  Ian Roger Searle

IPC: H04L12/911 ,  H04L29/12 ,  H04L29/06 ,  H04L12/24

Abstract: A system may include resource instances and a network interface virtualization coordinator. Responsive to a record creation request, the coordinator creates an interface record that may include an IP address, subnet information and security properties. The coordinator may, in response to a request to attach the record to a resource instance, enable traffic directed to the IP address to flow to the resource instance. In response to a subsequent detach request, the traffic to the IP address may be disabled at the resource instance. The same interface record may be attached to another resource instance in response to another attach request, enabling traffic directed to the IP address to flow to the second resource instance.

公开(公告)号：US11469984B2

公开(公告)日：2022-10-11

申请号：US16543123

申请日：2019-08-16

Applicant: Amazon Technologies, Inc.

Inventor： Ian Roger Searle ,  Peter Nicholas Desantis

IPC: H04L43/0864

Abstract: An overlay network analysis method obtains data including but not limited to client packet traffic data on an overlay network, and performs one or more analyses based on the obtained data to generate and output topological and/or performance information for the overlay network and/or the network substrate on which the overlay network is implemented. Client traffic data collected for specific client resource instances may be analyzed to generate performance metrics for the overlay network between the instances. Aggregated client traffic data for specific clients may also be analyzed to generate mappings of the clients' private network implementations on the overlay network, as well as performance metrics for the clients' private networks on the overlay network. In addition, client traffic data from multiple clients may be aggregated and analyzed to generate mappings and performance metrics for the overlay network as a whole.

公开(公告)号：US20200021534A1

公开(公告)日：2020-01-16

申请号：US16523143

申请日：2019-07-26

Applicant: Amazon Technologies, Inc.

Inventor： Eric W. Schultze ,  Aaron C. Thompson ,  Arijit Ganguly ,  Padmini C. Iyer ,  Tobias L. Holgers ,  Christopher J. Lefelhocz ,  Ian Roger Searle

IPC: H04L12/911 ,  H04L12/24 ,  H04L29/12 ,  H04L29/06

Abstract: Methods and apparatus for interfaces to manage virtual network interface objects. A system may include resource instances and a network interface virtualization coordinator. Responsive to a record creation request, the coordinator creates an interface records that may include an IP address, subnet information and security properties. The coordinator may, in response to a request to attach the record to a resource instance, enable traffic directed to the IP address to flow to the resource instance. In response to a subsequent detach request, the traffic to the IP address may be disabled at the resource instance. The same interface record may be attached to another resource instance in response to another attach request, enabling traffic directed to the IP address to flow to the second resource instance.

公开(公告)号：US09569232B1

公开(公告)日：2017-02-14

申请号：US13770145

申请日：2013-02-19

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Aaron Douglas Dokey ,  Ajith Jayamohan ,  Ian Roger Searle

IPC: G06F9/455 ,  G06F12/14 ,  H04L29/06 ,  H04L12/26 ,  H04L12/851 ,  H04L12/06

CPC classification number: G06F9/455 ,  G06F9/45533 ,  G06F9/45558 ,  G06F12/14 ,  G06F2009/45591 ,  G06F2009/45595 ,  H04L29/06877 ,  H04L43/026 ,  H04L43/04 ,  H04L43/16 ,  H04L47/2441 ,  H04L63/0227 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1458

Abstract: Approaches are described for collecting and/or utilizing network traffic information, such as network flow data, within a virtualized computing environment. The network traffic information can be collected on one or more host computing devices that host virtual machines. The collected network traffic information can include virtualized computing environment specific information, such as a user account identifier (ID), virtual machine identifier (ID), session termination information and the like. The collected network traffic information can also be presented to the user of the virtualized computing environment.

Abstract translation: 描述了用于在虚拟化计算环境内收集和/或利用网络流量信息（诸如网络流数据）的方法。 可以在托管虚拟机的一个或多个主机计算设备上收集网络流量信息。 收集的网络流量信息可以包括诸如用户帐户标识符（ID），虚拟机标识符（ID），会话终止信息等的虚拟化计算环境特定信息。 收集的网络流量信息也可以呈现给虚拟化计算环境的用户。

公开(公告)号：US09231963B2

公开(公告)日：2016-01-05

申请号：US14551819

申请日：2014-11-24

Applicant: Amazon Technologies, Inc.

Inventor： Aaron Douglas Dokey ,  Ian Roger Searle ,  Eric Jason Brandwine

IPC: G06F21/32 ,  H04L29/06 ,  G06F21/50 ,  G06F21/55

CPC classification number: H04L63/1408 ,  G06F21/50 ,  G06F21/554

Abstract: The behavior of a group of resources, such as a fleet of servers, can be monitored to attempt to determine a baseline of acceptable behaviors. When a behavior is observed, the baseline can be consulted to determine whether the behavior is indicated to be acceptable. If not, the rate or extent at which the newly observed behavior is observed on groupings of similar resources can be monitored. This information can be used to determine whether the behavior is acceptable in which case information for the observed behavior can be used to automatically update the baseline such that the baseline is representative of current acceptable behavior within the group of resources.

公开(公告)号：US20230171188A1

公开(公告)日：2023-06-01

申请号：US18057670

申请日：2022-11-21

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Andrew Bruce Dickinson ,  Eric Wayne Schultze ,  Ian Roger Searle ,  Shane Ashley Hall ,  Deepak Mohan ,  David Brian Lennon

IPC: H04L45/586 ,  H04L45/74 ,  H04L45/745 ,  H04L9/40

CPC classification number: H04L45/586 ,  H04L45/74 ,  H04L45/745 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/101

Abstract: Methods and apparatus that allow clients to connect resource instances to virtual networks in provider network environments via private IP. Via private IP linking methods and apparatus, a client of a provider network can establish private IP communications between the client's resource instances on the provider network and the client's resource instances provisioned in the client's virtual network via links from the private IP address space of the virtual network to the private IP address space of the provider network. The provider network client resource instances remain part of the client's provider network implementation and may thus also communicate with other resource instances on the provider network and/or with entities on external networks via public IP while communicating with the virtual network resource instances via private IP.

公开(公告)号：US20220200926A1

公开(公告)日：2022-06-23

申请号：US17567222

申请日：2022-01-03

Applicant: Amazon Technologies, Inc.

Inventor： Eric W. Schultze ,  Aaron C. Thompson ,  Arijit Ganguly ,  Padmini Chandrasekhar Iyer ,  Tobias L. Holgers ,  Christopher J. Lefelhocz ,  Ian Roger Searle

IPC: H04L47/70 ,  H04L101/668 ,  H04L41/5051 ,  H04L41/5041 ,  G06F9/50 ,  H04L9/40 ,  H04L61/5007 ,  H04L41/00 ,  H04L41/50

Abstract: Methods and apparatus for interfaces to manage virtual network interface objects. A system may include resource instances and a network interface virtualization coordinator. Responsive to a record creation request, the coordinator creates an interface records that may include an IP address, subnet information and security properties. The coordinator may, in response to a request to attach the record to a resource instance, enable traffic directed to the IP address to flow to the resource instance. In response to a subsequent detach request, the traffic to the IP address may be disabled at the resource instance. The same interface record may be attached to another resource instance in response to another attach request, enabling traffic directed to the IP address to flow to the second resource instance.

公开(公告)号：US10133591B2

公开(公告)日：2018-11-20

申请号：US15430957

申请日：2017-02-13

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Aaron Douglas Dokey ,  Ajith Jayamohan ,  Ian Roger Searle

IPC: G06F9/455 ,  G06F12/14 ,  H04L12/26 ,  H04L29/06 ,  H04L12/851

Abstract: Approaches are described for collecting and/or utilizing network traffic information, such as network flow data, within a virtualized computing environment. The network traffic information can be collected on one or more host computing devices that host virtual machines. The collected network traffic information can include virtualized computing environment specific information, such as a user account identifier (ID), virtual machine identifier (ID), session termination information and the like. The collected network traffic information can also be presented to the user of the virtualized computing environment.