公开(公告)号：US20180359177A1

公开(公告)日：2018-12-13

申请号：US16048059

申请日：2018-07-27

Applicant: Amazon Technologies, Inc.

Inventor： James Christopher Sorenson, III ,  Douglas Stewart Laurence ,  Neha Shetty

IPC: H04L12/707 ,  H04L29/08 ,  H04L12/743

CPC classification number: H04L45/24 ,  H04L45/7453 ,  H04L67/1002

Abstract: A distributed load balancer in which a router receives packets from at least one client and routes packet flows to multiple load balancer nodes. The router exposes a public IP address and the load balancer nodes all advertise the same public IP address to the router. The router may implement a per-flow hashed multipath routing technique, for example an equal-cost multipath (ECMP) routing technique, to distribute the flows across the load balancer nodes. Thus, the multiple load balancer nodes may service a single public endpoint. The load balancer nodes may advertise to the router according to the Border Gateway Protocol (BGP). Rather than advertising itself, however, a load balancer node may be advertised to the router by one or more neighbor load balancer nodes; the neighbor nodes may terminate the BGP sessions with the router in response to determining that the load balancer node has failed.

公开(公告)号：US10237157B1

公开(公告)日：2019-03-19

申请号：US14736161

申请日：2015-06-10

Applicant: Amazon Technologies, Inc.

Inventor： Richard Michael Sears ,  Andrew Gary Hourselt ,  Douglas Stewart Laurence ,  Neha Shetty ,  James Christopher Sorenson, III

IPC: H04L12/26 ,  H04L29/12 ,  H04L12/707

Abstract: Methods and apparatus for handling failure of servers in traffic forwarding (TF) systems between networks. A TF system may include units each including multiple servers. Outbound and inbound traffic for a local network may be distributed among the units according to a routing technique, with each unit responsible for an allocated portion of the traffic. Servers in a unit may participate in a health check protocol to detect servers that are not healthy. If the healthy servers in a unit drops below a threshold at which the unit cannot reliably handle its allocated portion of the traffic, the servers may automatically take the unit out of service, for example by stopping advertisement of routes, and the traffic may be reallocated across the remaining units. This may help prevent congestion-related delays, high latency, packet losses, and other problems on connections through the unhealthy unit.

公开(公告)号：US10999184B2

公开(公告)日：2021-05-04

申请号：US16048059

申请日：2018-07-27

Applicant: Amazon Technologies, Inc.

Inventor： James Christopher Sorenson, III ,  Douglas Stewart Laurence ,  Neha Shetty

IPC: H04L29/08 ,  H04L12/26 ,  H04L12/707 ,  H04L12/743

Abstract: A distributed load balancer in which a router receives packets from at least one client and routes packet flows to multiple load balancer nodes. The router exposes a public IP address and the load balancer nodes all advertise the same public IP address to the router. The router may implement a per-flow hashed multipath routing technique, for example an equal-cost multipath (ECMP) routing technique, to distribute the flows across the load balancer nodes. Thus, the multiple load balancer nodes may service a single public endpoint. The load balancer nodes may advertise to the router according to the Border Gateway Protocol (BGP). Rather than advertising itself, however, a load balancer node may be advertised to the router by one or more neighbor load balancer nodes; the neighbor nodes may terminate the BGP sessions with the router in response to determining that the load balancer node has failed.

公开(公告)号：US09871712B1

公开(公告)日：2018-01-16

申请号：US13864148

申请日：2013-04-16

Applicant: Amazon Technologies, Inc.

Inventor： James Christopher Sorenson, III ,  Douglas Stewart Laurence ,  Neha Shetty

IPC: G06F15/173 ,  H04L12/26

CPC classification number: H04L43/10 ,  H04L43/0817

Abstract: A health check method for a distributed load balancer in which a router receives packets from at least one client and routes packet flows to multiple load balancer (LB) nodes, which in turn distribute the packet flows among multiple server nodes. Each LB node may be responsible for health checking one or more other LB nodes. In addition, each LB node may health check one or more of the server nodes. Heartbeat information for the nodes may be disseminated among the LB nodes according to a gossip protocol. The LB nodes may send LB node membership information to the server nodes. Failure of a node may be detected by the LB nodes according to the heartbeat information, and appropriate actions taken.

公开(公告)号：US12218923B1

公开(公告)日：2025-02-04

申请号：US17547909

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Neha Shetty ,  Steven Collison ,  Andrew Hourselt ,  James Christopher Sorenson, III ,  Douglas Stewart Laurence ,  Colm MacCárthaigh

IPC: H04L9/40 ,  G06F21/60

Abstract: Contents of client-initiated handshake messages of a security protocol are obtained at a handshake processing offloader configured for an application. The offloader uses a first security artifact (which is inaccessible from a front-end request processor of the application) and the contents of the handshake messages to generate a second security artifact. The second security artifact is transmitted to the front-end request processor, which uses it to perform cryptographic operations for client-server interactions of the application.

公开(公告)号：US09838302B1

公开(公告)日：2017-12-05

申请号：US14736157

申请日：2015-06-10

Applicant: Amazon Technologies, Inc.

Inventor： Richard Michael Sears ,  Andrew Gary Hourselt ,  Douglas Stewart Laurence ,  Neha Shetty ,  James Christopher Sorenson, III

IPC: H04L12/28 ,  H04L12/703 ,  H04L12/749

CPC classification number: H04L45/28 ,  H04L45/04 ,  H04L45/741

Abstract: Methods and apparatus for handling failure of traffic forwarding (TF) systems in networks that include multiple zones each including a TF system between a production network and a border network. A TF system advertises routes in its zone and handles egress of packets from sources on the local production network onto the border network. TF systems may also advertise low-priority routes in other zones. If a TF system in a zone fails, sources in the zone may make connection requests to the low-priority routes. Instead of egressing the packets onto the border network, the requests on the low-priority routes are responded to with reset messages. Thus, the sources do not have to wait for a connection timeout, and packets for destinations in the zone are not egressed onto local border networks in other zones and sent through thin pipes between the local border networks.