公开(公告)号：US10785146B2

公开(公告)日：2020-09-22

申请号：US16136142

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/725 ,  H04L12/741 ,  H04L12/747 ,  H04L12/859 ,  H04L12/931 ,  H04L12/46 ,  G06F9/455 ,  H04L12/26

Abstract: An isolated packet processing cell of a packet processing service, comprising an action implementation node and a decision master node, is assigned to an application. An indication of processing rules of the application is transmitted to the decision master node. In response to receiving a particular packet, the action implementation node obtains a representation of an action (which is based on the processing rules) from the decision master node and executes the action.

公开(公告)号：US20200092193A1

公开(公告)日：2020-03-19

申请号：US16136137

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/715 ,  G06F17/30 ,  H04L12/713 ,  H04L12/851 ,  H04L12/751 ,  H04L29/12

Abstract: Metadata indicating that an action implementation node and a routing decision master node have been assigned to a virtual traffic hub programmatically associated with one or more isolated networks is stored. The routing decision master node determines a first action to be implemented for packets of a network flow using state information of the isolated networks, and provides a representation of a first action to the first action implementation node. Based on performing the first action at the action implementation node, contents of a data packet received from one isolated network are transmitted to another isolated network.

公开(公告)号：US20200092138A1

公开(公告)日：2020-03-19

申请号：US16136133

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/46 ,  H04L29/12 ,  H04L12/851 ,  H04L12/931 ,  G06F9/455

Abstract: Configuration operations to enable connectivity, using a virtual traffic hub, between a plurality of isolated networks including a first isolated network with a first private address range, are initiated. The hub includes a plurality of nodes including a decision master node responsible for determining routing actions for packets received at the hub. At the decision master node, a translation mapping is obtained for a second private address range of a second isolated network, which overlaps with the first private address range. At a particular node of the hub, using the mapping, a header of a network packet received from the second isolated network and directed to a destination outside the second isolated network is modified.

公开(公告)号：US20240113998A1

公开(公告)日：2024-04-04

申请号：US18481966

申请日：2023-10-05

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L61/4511 ,  G06F9/455 ,  H04L12/46 ,  H04L41/12 ,  H04L47/2483 ,  H04L61/3015

CPC classification number: H04L61/4511 ,  G06F9/45558 ,  H04L12/4645 ,  H04L41/12 ,  H04L47/2483 ,  H04L61/3025 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Connectivity is enabled between a first and second isolated network using a virtual traffic hub that includes a decision master node responsible for determining a routing action for a packet received at the hub. At the hub, a determination is made that a particular domain name system (DNS) message being directed to a first resource in the first isolated network is to include an indication of a second resource in the second isolated network. The second resource is assigned a network address within a private address range of the second isolated network, which overlaps with a private address range being used in the first isolated network. The hub causes a transformed version of the network address to be included in the DNS message delivered to the first resource.

公开(公告)号：US11882017B2

公开(公告)日：2024-01-23

申请号：US17929649

申请日：2022-09-02

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/00 ,  H04L45/02 ,  H04L12/46 ,  H04L47/2483 ,  H04L45/302

CPC classification number: H04L45/04 ,  H04L12/4633 ,  H04L45/306 ,  H04L47/2483 ,  H04L2212/00

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.

公开(公告)号：US20200092201A1

公开(公告)日：2020-03-19

申请号：US16136142

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/725 ,  H04L12/741 ,  H04L12/747 ,  H04L12/859 ,  H04L12/931 ,  H04L12/46 ,  G06F9/455

Abstract: An isolated packet processing cell of a packet processing service, comprising an action implementation node and a decision master node, is assigned to an application. An indication of processing rules of the application is transmitted to the decision master node. In response to receiving a particular packet, the action implementation node obtains a representation of an action (which is based on the processing rules) from the decision master node and executes the action.

公开(公告)号：US11438255B2

公开(公告)日：2022-09-06

申请号：US17151014

申请日：2021-01-15

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/00 ,  H04L45/02 ,  H04L12/46 ,  H04L47/2483 ,  H04L45/302

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.

公开(公告)号：US10797989B2

公开(公告)日：2020-10-06

申请号：US16136137

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/715 ,  H04L12/713 ,  H04L12/751 ,  H04L29/12 ,  H04L12/851 ,  G06F16/2457 ,  H04L12/46

Abstract: Metadata indicating that an action implementation node and a routing decision master node have been assigned to a virtual traffic hub programmatically associated with one or more isolated networks is stored. The routing decision master node determines a first action to be implemented for packets of a network flow using state information of the isolated networks, and provides a representation of a first action to the first action implementation node. Based on performing the first action at the action implementation node, contents of a data packet received from one isolated network are transmitted to another isolated network.

公开(公告)号：US10742446B2

公开(公告)日：2020-08-11

申请号：US16136133

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/46 ,  H04L29/12 ,  H04L12/851 ,  H04L12/931 ,  G06F9/455

Abstract: Configuration operations to enable connectivity, using a virtual traffic hub, between a plurality of isolated networks including a first isolated network with a first private address range, are initiated. The hub includes a plurality of nodes including a decision master node responsible for determining routing actions for packets received at the hub. At the decision master node, a translation mapping is obtained for a second private address range of a second isolated network, which overlaps with the first private address range. At a particular node of the hub, using the mapping, a header of a network packet received from the second isolated network and directed to a destination outside the second isolated network is modified.

公开(公告)号：US20240187332A1

公开(公告)日：2024-06-06

申请号：US18537691

申请日：2023-12-12

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L45/02 ,  H04L12/46 ,  H04L45/302 ,  H04L47/2483

CPC classification number: H04L45/04 ,  H04L12/4633 ,  H04L45/306 ,  H04L47/2483 ,  H04L2212/00

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.