公开(公告)号：US11595307B1

公开(公告)日：2023-02-28

申请号：US17033273

申请日：2020-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Dheerendra Talur ,  Milind Madhukar Kulkarni

IPC: H04L45/7453

Abstract: Systems and methods are provided to use a custom tuple definition to route packets of network traffic. Each packet can correspond to a different custom tuple definition based on the custom tuple definitions provided. Each custom tuple definition may be applied to a subset of network traffic based on certain parameters. A stateful network routing service may intercept packets and determine a tuple value for the packet based on a corresponding tuple definition and information from the packet. The stateful network routing service may route the packet based on the tuple value of the packet to a network appliance. Further, subsequent packets associated with the same tuple value may be routed to the same network appliance. In some embodiments, the custom tuple definition may be used to determine multiple tuple values for a subset of network traffic.

公开(公告)号：US11310149B1

公开(公告)日：2022-04-19

申请号：US17033221

申请日：2020-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Dheerendra Talur ,  Milind Madhukar Kulkarni ,  Justin Davies

IPC: H04L12/715 ,  H04L12/46 ,  H04L45/00 ,  H04L45/74

Abstract: Systems and methods are provided to enable packets of network traffic to be routed to a network appliance. Bidirectional flows of network traffic can be routed to the same network appliance based on flow information of the corresponding packets. A network device may intercept the packet corresponding to a first flow and route the packet to a specific network appliance based on the first flow information. The network device may generate a direction agnostic tuple value based on data groups of the first flow information. The network device may propagate the direction agnostic tuple value across availability zones to a second network device in a different availability zone to store the direction agnostic tuple value for use for subsequent packets. The second network device can receive a second packet and transmit the second packet to the same network appliance based on the direction agnostic tuple value.

公开(公告)号：US20210409336A1

公开(公告)日：2021-12-30

申请号：US16917804

申请日：2020-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Dheerendra Talur ,  Milind Madhukar Kulkarni ,  Lee Spencer Dillard

IPC: H04L12/851 ,  H04L12/721 ,  H04L12/823

Abstract: Systems and methods are provided to add flow validation information to packets of network traffic. Each packet can have flow validation information added corresponding to the source and destination of the packet. A stateful network routing service may intercept packets and obtain or generate flow validation information based on the source and destination of the packet. The stateful network routing service may add the information to the packet and transmit the enriched packet to a network appliance. The stateful network routing service may receive a second enriched packet from the network appliance. The stateful network routing service can compare the enriched packet with the second enriched packet. Based on the comparison of the enriched packets, the stateful network routing service can determine whether the packet should be transmitted to the destination or dropped.

公开(公告)号：US11652736B2

公开(公告)日：2023-05-16

申请号：US16917788

申请日：2020-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Dheerendra Talur ,  Milind Madhukar Kulkarni ,  Bashuman Deb ,  Jose De Jesus Camacho Ruiz

IPC: H04L45/00 ,  H04L45/42 ,  H04L43/0817 ,  H04L12/46 ,  H04L41/0604 ,  H04L43/0823 ,  H04L45/586 ,  G06F9/455

CPC classification number: H04L45/20 ,  H04L12/4641 ,  H04L41/0627 ,  H04L43/0817 ,  H04L43/0823 ,  H04L45/42 ,  H04L45/54 ,  H04L45/586 ,  G06F2009/45595

Abstract: Systems and methods are provided to enable packets of network traffic to be hashed to available network gateway. Each packet can include a route table with a pool of network gateways as a next-hop of the packet. A network device may intercept the packet and hash the packet to a network gateway of the pool of network gateways. The network gateway can correspond to a stateful network router and the stateful network router can transmit the packet to a network appliance. The network device can monitor and perform health-checks on the network gateways, the stateful network routers, and the network appliances. The network device can remove components that are no longer healthy or available and can add components that subsequently become healthy.

公开(公告)号：US20230045247A1

公开(公告)日：2023-02-09

申请号：US16917788

申请日：2020-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Dheerendra Talur ,  Milind Madhukar Kulkarni ,  Bashuman Deb ,  Jose De Jesus Camacho Ruiz

IPC: H04L12/733 ,  H04L12/741 ,  H04L12/717 ,  H04L12/713 ,  H04L12/46 ,  H04L12/24 ,  H04L12/26

Abstract: Systems and methods are provided to enable packets of network traffic to be hashed to available network gateway. Each packet can include a route table with a pool of network gateways as a next-hop of the packet. A network device may intercept the packet and hash the packet to a network gateway of the pool of network gateways. The network gateway can correspond to a stateful network router and the stateful network router can transmit the packet to a network appliance. The network device can monitor and perform health-checks on the network gateways, the stateful network routers, and the network appliances. The network device can remove components that are no longer healthy or available and can add components that subsequently become healthy.

公开(公告)号：US20230171194A1

公开(公告)日：2023-06-01

申请号：US18160823

申请日：2023-01-27

Applicant: Amazon Technologies, Inc.

Inventor： Dheerendra Talur ,  Milind Madhukar Kulkarni

IPC: H04L45/7453

CPC classification number: H04L45/7453

Abstract: Systems and methods are provided to use a custom tuple definition to route packets of network traffic. Each packet can correspond to a different custom tuple definition based on the custom tuple definitions provided. Each custom tuple definition may be applied to a subset of network traffic based on certain parameters. A stateful network routing service may intercept packets and determine a tuple value for the packet based on a corresponding tuple definition and information from the packet. The stateful network routing service may route the packet based on the tuple value of the packet to a network appliance. Further, subsequent packets associated with the same tuple value may be routed to the same network appliance. In some embodiments, the custom tuple definition may be used to determine multiple tuple values for a subset of network traffic.

公开(公告)号：US11088948B1

公开(公告)日：2021-08-10

申请号：US17033274

申请日：2020-09-25

Applicant: Amazon Technologies, Inc.

Inventor： Dheerendra Talur ,  Milind Madhukar Kulkarni ,  Narayan Subramaniam

IPC: G06F15/16 ,  H04L12/721 ,  H04L29/06 ,  H04L29/08 ,  H04L12/741

Abstract: Systems and methods are provided to add flow identification information to packets of network traffic. Each packet can have flow identification information added based on the packet being sent to a full-proxy mode appliance. A stateful network routing service may intercept packets and determine the packets are to be sent to a full-proxy mode appliance. Based on this determination, the stateful network routing service may obtain or generate flow identification information to identify the packet. The stateful network routing service may add the information to the packet and transmit the enriched packet to a full-proxy mode network appliance. The stateful network routing service may receive a second enriched packet from the network appliance. The stateful network routing service can parse the second enriched packet for flow identification information and identify the second enriched packet based on the flow identification information.