公开(公告)号：US09450967B1

公开(公告)日：2016-09-20

申请号：US13461596

申请日：2012-05-01

申请人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

发明人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

IPC分类号： G06F15/177 ,  H04L29/06 ,  H04L12/24

CPC分类号： H04L63/126 ,  H04L41/08 ,  H04L41/0823 ,  H04L41/5041 ,  H04L63/0218 ,  H04L63/1458 ,  H04L63/20

摘要： A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.

摘要翻译： 代表客户实体实现网络网关。 网络网关可以使用分布式计算机系统来实现，并且网络网关可以将客户实体的网络连接到公共通信网络。 网络网关可以包括网络相关服务，而不需要添加专门的硬件。 响应于从客户实体接收到的指令，网络网关可以以编程方式提供。 网络网关可以通过几种不同类型的数据连接进行配置和访问。 网络网关凭借在分布式计算机系统上的实现，可根据需要进行扩展，而无需客户实体的额外输入。

公开(公告)号：US09294437B1

公开(公告)日：2016-03-22

申请号：US13461478

申请日：2012-05-01

申请人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

发明人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

IPC分类号： G06F15/173 ,  H04L29/06

CPC分类号： H04L63/00 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/1458 ,  H04L63/20

摘要： A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.

摘要翻译： 代表客户实体实现网络网关。 网络网关可以使用分布式计算机系统来实现，并且网络网关可以将客户实体的网络连接到公共通信网络。 网络网关可以包括网络相关服务，而不需要添加专门的硬件。 响应于从客户实体接收到的指令，网络网关可以以编程方式提供。 网络网关可以通过几种不同类型的数据连接进行配置和访问。 网络网关凭借在分布式计算机系统上的实现，可根据需要进行扩展，而无需客户实体的额外输入。

公开(公告)号：US09288182B1

公开(公告)日：2016-03-15

申请号：US13461566

申请日：2012-05-01

申请人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

发明人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

IPC分类号： G06F15/173 ,  H04L29/06 ,  H04L12/24

CPC分类号： H04L63/00 ,  H04L41/022 ,  H04L63/0272 ,  H04L63/1441 ,  H04L63/1458 ,  H04L63/20

摘要： A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.

摘要翻译： 代表客户实体实现网络网关。 网络网关可以使用分布式计算机系统来实现，并且网络网关可以将客户实体的网络连接到公共通信网络。 网络网关可以包括网络相关服务，而不需要添加专门的硬件。 响应于从客户实体接收到的指令，网络网关可以以编程方式提供。 网络网关可以通过几种不同类型的数据连接进行配置和访问。 网络网关凭借在分布式计算机系统上的实现，可根据需要进行扩展，而无需客户实体的额外输入。

公开(公告)号：US09438556B1

公开(公告)日：2016-09-06

申请号：US13461661

申请日：2012-05-01

申请人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

发明人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

IPC分类号： G06F15/177 ,  H04L29/12

CPC分类号： H04L61/2007 ,  G06F9/45558 ,  G06F2009/4557 ,  H04L61/2514

摘要： A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.

摘要翻译： 代表客户实体实现网络网关。 网络网关可以使用分布式计算机系统来实现，并且网络网关可以将客户实体的网络连接到公共通信网络。 网络网关可以包括网络相关服务，而不需要添加专门的硬件。 响应于从客户实体接收到的指令，网络网关可以以编程方式提供。 网络网关可以通过几种不同类型的数据连接进行配置和访问。 网络网关凭借在分布式计算机系统上的实现，可根据需要进行扩展，而无需客户实体的额外输入。

公开(公告)号：US09055117B1

公开(公告)日：2015-06-09

申请号：US13246532

申请日：2011-09-27

申请人： Andrew B. Dickinson ,  Arijit Ganguly ,  Benjamin Tobler ,  Faisal M. Bhamani ,  Christopher J. Lefelhocz ,  Colin J. Whittaker

发明人： Andrew B. Dickinson ,  Arijit Ganguly ,  Benjamin Tobler ,  Faisal M. Bhamani ,  Christopher J. Lefelhocz ,  Colin J. Whittaker

IPC分类号： G06F15/16 ,  H04L29/12

CPC分类号： H04L61/2517 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L61/2503 ,  H04L61/2514 ,  H04L61/2532 ,  H04L61/2557

摘要： Systems and methods are disclosed that facilitate the management of network address information utilized by hosted computing devices. Each host computing device includes a local network and port address management component that is configured with port address translation information for the specific host computing device. Additionally, one or more edge computing devices also include a local network and port address management component that is configured with network and port address translation information. The network and port address translation information facilitates the correlation of internal network address information associated with a virtual machine instance with a tuple of an externally accessible network address and port address information. The local network and port address translation management components utilize the network and port address translation information to translate communication requests to and from the virtual machine instances without requiring a centralized network and port address translation component.

摘要翻译： 公开了有助于托管计算设备使用的网络地址信息的管理的系统和方法。 每个主机计算设备包括配置有特定主机计算设备的端口地址转换信息的本地网络和端口地址管理组件。 此外，一个或多个边缘计算设备还包括配置有网络和端口地址转换信息的本地网络和端口地址管理组件。 网络和端口地址转换信息有助于将与虚拟机实例相关联的内部网络地址信息与外部可访问网络地址和端口地址信息的元组相关联。 本地网络和端口地址转换管理组件利用网络和端口地址转换信息来转换来自虚拟机实例的通信请求，而不需要集中的网络和端口地址转换组件。

公开(公告)号：US10009315B2

公开(公告)日：2018-06-26

申请号：US13044494

申请日：2011-03-09

申请人： Andrew B. Dickinson ,  Eric Jason Brandwine

发明人： Andrew B. Dickinson ,  Eric Jason Brandwine

IPC分类号： G06F15/173 ,  H04L29/12 ,  H04L29/08 ,  H04L12/26

CPC分类号： H04L61/2084 ,  H04L43/0817 ,  H04L61/1511 ,  H04L61/2076 ,  H04L61/2514 ,  H04L61/2521 ,  H04L67/1002 ,  H04L67/18 ,  H04L67/2814

摘要： Global remappable addresses can be announced from multiple points across the Internet or other public networks. A global address can be mapped to one or more internal addresses for a provider, such that when traffic is received to a given network location the provider can determine whether the traffic is to be processed in the current network location or a different network location, as may be determined using a static process or a dynamic process based on any of a number of factors. If the traffic is destined for a different network location, the traffic can be remapped and forwarded to that network location over a public or private network. Once the traffic is in the determined destination network location, the traffic can be remapped and delivered to the ultimate destination. The remappings and destination network locations can be adjusted at any time, based on any of a number of factors, without significant risk of dropping traffic.

公开(公告)号：US09407539B1

公开(公告)日：2016-08-02

申请号：US13168508

申请日：2011-06-24

申请人： Andrew B. Dickinson ,  Eric Jason Brandwine

发明人： Andrew B. Dickinson ,  Eric Jason Brandwine

IPC分类号： G06F15/173 ,  H04L12/725 ,  H04L29/08

CPC分类号： H04L45/306 ,  G06F9/50 ,  H04L67/1021

摘要： Systems and methods utilize network destination identifiers, such as IP addresses, that are simultaneously advertised from multiple locations. The network destination identifiers may be announced in multiple geographic regions. Network traffic routed to devices advertising the network destination identifiers may be routed to appropriate endpoints. When a device receives such traffic, it may send the traffic to an endpoint in a network served by the device. In some instances, such as when such an endpoint is not available, the network traffic may be sent to another network that is served by another device that advertises the network destination identifiers.

摘要翻译： 系统和方法利用从多个位置同时发布的诸如IP地址的网络目的地标识符。 可以在多个地理区域中公布网络目的地标识符。 路由到广告网络目的地标识符的设备的网络流量可以被路由到适当的端点。 当设备接收到这样的流量时，它可以将流量发送到由设备服务的网络中的端点。 在某些情况下，例如当这样的端点不可用时，网络流量可以被发送到由通告网络目的地标识符的另一设备服务的另一网络。

公开(公告)号：US20130263256A1

公开(公告)日：2013-10-03

申请号：US12981198

申请日：2010-12-29

申请人： Andrew B. Dickinson ,  Eric Jason Brandwine

发明人： Andrew B. Dickinson ,  Eric Jason Brandwine

IPC分类号： G06F21/00

CPC分类号： H04L63/1458 ,  H04L63/1416

摘要： Systems and methods protect against denial of service attacks. Remotely originated network traffic addressed to one or more network destinations is routed through one or more locations. One or more of the locations may be geographically proximate to a source of a denial of service attack. One or more denial of service attack mitigation strategies is applied to portions of the network traffic received at the one or more locations. Network traffic not blocked pursuant to the one or more denial of service attack mitigation strategies is dispatched to its intended recipient. Dispatching the unblocked network traffic to its intended recipient may include the use of one or more private channels and/or one or more additional denial of service attack mitigation strategies.

公开(公告)号：US08966622B2

公开(公告)日：2015-02-24

申请号：US12981198

申请日：2010-12-29

申请人： Andrew B. Dickinson ,  Eric Jason Brandwine

发明人： Andrew B. Dickinson ,  Eric Jason Brandwine

IPC分类号： G06F11/00

CPC分类号： H04L63/1458 ,  H04L63/1416

摘要： Systems and methods protect against denial of service attacks. Remotely originated network traffic addressed to one or more network destinations is routed through one or more locations. One or more of the locations may be geographically proximate to a source of a denial of service attack. One or more denial of service attack mitigation strategies is applied to portions of the network traffic received at the one or more locations. Network traffic not blocked pursuant to the one or more denial of service attack mitigation strategies is dispatched to its intended recipient. Dispatching the unblocked network traffic to its intended recipient may include the use of one or more private channels and/or one or more additional denial of service attack mitigation strategies.

摘要翻译： 系统和方法可防止拒绝服务攻击。 寻址到一个或多个网络目的地的远程发起的网络流量被路由通过一个或多个位置。 一个或多个位置可能在地理上靠近拒绝服务攻击的来源。 一个或多个拒绝服务攻击缓解策略被应用于在一个或多个位置处接收到的网络流量的部分。 根据一个或多个拒绝服务攻击缓解策略阻止的网络流量被发送到其预期接收者。 将未阻塞的网络流量调度到其预期接收者可以包括使用一个或多个私有信道和/或一个或多个附加拒绝服务攻击缓解策略。

公开(公告)号：US08683023B1

公开(公告)日：2014-03-25

申请号：US12828060

申请日：2010-06-30

申请人： Eric Jason Brandwine ,  Andrew B. Dickinson

发明人： Eric Jason Brandwine ,  Andrew B. Dickinson

IPC分类号： G06F15/177 ,  G06F15/173

CPC分类号： H04L12/4641 ,  H04L45/02 ,  H04L45/586 ,  H04L45/64 ,  H04L61/20

摘要： Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network, including for communications involving computing nodes of the managed virtual computer network connected to the substrate network and/or other external nodes of the managed virtual computer network that are not connected to the substrate network. The managed virtual computer network may have multiple associated virtual network addresses, and the managing of the communications may further include using one or more edge modules to direct all communication that have a destination virtual network address within a range or other group of multiple virtual network addresses assigned to one or more external nodes to be forwarded over the substrate network to an edge module associated with the one or more external nodes, including to route communications between different external nodes via the substrate network.

摘要翻译： 描述了用于管理覆盖在不同的基板计算机网络上的被管理的虚拟计算机网络的通信的技术，包括用于涉及连接到被管理的虚拟计算机网络的衬底网络和/或其他外部节点的被管理的虚拟计算机网络的计算节点的通信， 不连接到基板网络。 受管理的虚拟计算机网络可以具有多个相关联的虚拟网络地址，并且通信的管理还可以包括使用一个或多个边缘模块来引导具有目标虚拟网络地址的所有通信在多个虚拟网络地址的范围或其他组内 分配给一个或多个外部节点以通过衬底网络转发到与一个或多个外部节点相关联的边缘模块，包括经由衬底网络路由不同外部节点之间的通信。