公开(公告)号：US10742593B1

公开(公告)日：2020-08-11

申请号：US15714799

申请日：2017-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Jorge Vasquez ,  Mohanish Narayan ,  Harvo Reyzell Jones

IPC: H04L29/12 ,  H04L29/06

Abstract: A hybrid content request routing system is described herein. The hybrid content request routing system may use aspects of the anycast routing technique and aspects of the domain name server (DNS) resolver-based routing technique to identify the appropriate network address to provide to a user device in response to receiving a DNS query. For example, the hybrid content request routing system may include one or more points of presence (POPs), with some or all of the POPs forming one or more virtual POPs. Individual POPs may be assigned unique network addresses and POPs that form a virtual POP may be assigned the same anycast network address. The hybrid content request routing system can measure latencies from user devices to the individual POP network addresses and to the anycast network addresses and use the measured latencies to identify the network address that may result in the lowest latency.

公开(公告)号：US11330008B2

公开(公告)日：2022-05-10

申请号：US16799625

申请日：2020-02-24

Applicant: Amazon Technologies, Inc.

Inventor： Hardeep Singh Uppal ,  Jorge Vasquez ,  Craig Wesley Howard ,  Anton Stephen Radlein

IPC: H04L29/06 ,  H04L101/604 ,  H04L9/32 ,  H04L45/7453 ,  H04L61/4511 ,  H04L101/659 ,  H04L9/06 ,  H04L9/14 ,  H04L9/30 ,  H04L45/00

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

公开(公告)号：US10469513B2

公开(公告)日：2019-11-05

申请号：US15389314

申请日：2016-12-22

Applicant: Amazon Technologies, Inc.

Inventor： Hardeep Singh Uppal ,  Jorge Vasquez ,  Craig Wesley Howard ,  Anton Stephen Radlein

IPC: H04L9/00 ,  H04L29/06 ,  H04L9/32 ,  H04L12/743 ,  H04L29/12 ,  H04L9/06 ,  H04L9/14 ,  H04L9/30 ,  H04L12/733

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

公开(公告)号：US20180097631A1

公开(公告)日：2018-04-05

申请号：US15389302

申请日：2016-12-22

Applicant: Amazon Technologies, Inc.

Inventor： Hardeep Singh Uppal ,  Jorge Vasquez ,  Craig Wesley Howard ,  Anton Stephen Radlein

IPC: H04L9/32 ,  H04L12/743 ,  H04L29/12 ,  H04L29/06

CPC classification number: H04L63/1425 ,  H04L9/0643 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3236 ,  H04L9/3247 ,  H04L45/20 ,  H04L45/7453 ,  H04L61/1511 ,  H04L61/6004 ,  H04L61/6059 ,  H04L63/0428 ,  H04L63/1458

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

公开(公告)号：US11290418B2

公开(公告)日：2022-03-29

申请号：US16987806

申请日：2020-08-07

Applicant: Amazon Technologies, Inc.

Inventor： Jorge Vasquez ,  Mohanish Narayan ,  Harvo Reyzell Jones

IPC: H04L29/12 ,  H04L61/4511 ,  H04L61/5007 ,  H04L67/01

Abstract: A hybrid content request routing system is described herein. The hybrid content request routing system may use aspects of the anycast routing technique and aspects of the domain name server (DNS) resolver-based routing technique to identify the appropriate network address to provide to a user device in response to receiving a DNS query. For example, the hybrid content request routing system may include one or more points of presence (POPs), with some or all of the POPs forming one or more virtual POPs. Individual POPs may be assigned unique network addresses and POPs that form a virtual POP may be assigned the same anycast network address. The hybrid content request routing system can measure latencies from user devices to the individual POP network addresses and to the anycast network addresses and use the measured latencies to identify the network address that may result in the lowest latency.

公开(公告)号：US20180097831A1

公开(公告)日：2018-04-05

申请号：US15389276

申请日：2016-12-22

Applicant: Amazon Technologies, Inc.

Inventor： Hardeep Singh Uppal ,  Jorge Vasquez ,  Craig Wesley Howard ,  Anton Stephen Radlein

IPC: H04L29/06 ,  H04L12/743 ,  H04L29/12 ,  H04L9/32

CPC classification number: H04L63/1425 ,  H04L9/0643 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3236 ,  H04L9/3247 ,  H04L45/20 ,  H04L45/7453 ,  H04L61/1511 ,  H04L61/6004 ,  H04L61/6059 ,  H04L63/0428 ,  H04L63/1458

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

公开(公告)号：US20180097634A1

公开(公告)日：2018-04-05

申请号：US15389314

申请日：2016-12-22

Applicant: Amazon Technologies, Inc.

Inventor： Hardeep Singh Uppal ,  Jorge Vasquez ,  Craig Wesley Howard ,  Anton Stephen Radlein

IPC: H04L9/32 ,  H04L12/743 ,  H04L29/12 ,  H04L12/733 ,  H04L9/06 ,  H04L9/14 ,  H04L9/30

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

公开(公告)号：US20180367498A1

公开(公告)日：2018-12-20

申请号：US15627132

申请日：2017-06-19

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Bliss ,  Harvo Reyzell Jones ,  Fan Mo ,  Anton Stephen Radlein ,  Hardeep Singh Uppal ,  Jorge Vasquez ,  Axel David Velazquez

IPC: H04L29/12 ,  H04L12/741

CPC classification number: H04L61/103 ,  H04L45/74 ,  H04L61/1511 ,  H04L67/101

Abstract: Systems and methods are described to enable routing of network communications in a content delivery system in a manner expected not to exceed the capacity of individual communication links of points of presence (POPs) within the content delivery system. Specifically, a route mapping service is disclosed that can determine the effect of potential DNS records on volumes of traffic expected to reach a POP through individual communication links, and that can alter DNS records such that the expected traffic does not exceed a capacity of those individual communication links. Illustratively, the DNS records may be altered at a level of individual DNS resolvers interacting with the content delivery system, and the volumes of traffic expected to reach a POP through individual communication links can be determined based on a volume of traffic of client computing devices associated with an individual DNS resolver.

公开(公告)号：US10447648B2

公开(公告)日：2019-10-15

申请号：US15627132

申请日：2017-06-19

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Bliss ,  Harvo Reyzell Jones ,  Fan Mo ,  Anton Stephen Radlein ,  Hardeep Singh Uppal ,  Jorge Vasquez ,  Axel David Velazquez

IPC: H04L29/12 ,  H04L12/741 ,  H04L29/08

Abstract: Systems and methods are described to enable routing of network communications in a content delivery system in a manner expected not to exceed the capacity of individual communication links of points of presence (POPs) within the content delivery system. Specifically, a route mapping service is disclosed that can determine the effect of potential DNS records on volumes of traffic expected to reach a POP through individual communication links, and that can alter DNS records such that the expected traffic does not exceed a capacity of those individual communication links. Illustratively, the DNS records may be altered at a level of individual DNS resolvers interacting with the content delivery system, and the volumes of traffic expected to reach a POP through individual communication links can be determined based on a volume of traffic of client computing devices associated with an individual DNS resolver.