公开(公告)号：US11936558B1

公开(公告)日：2024-03-19

申请号：US17643774

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Bashuman Deb ,  Justin Lin Hsieh ,  Daniel William Dacosta ,  Nick Matthews ,  Anoop Dawani ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Viktor Heorhiadi

IPC: H04L45/42 ,  H04L12/46 ,  H04L45/00 ,  H04L45/12 ,  H04L45/745

CPC classification number: H04L45/42 ,  H04L12/4641 ,  H04L45/123 ,  H04L45/22 ,  H04L45/745

Abstract: Systems and methods are provided for evaluation of networks and changes thereto using automated analysis of network models. The automated analysis can be used to determine how to implement and mutate networks efficiently and effectively, to determine whether and why network resources are unable to communicate with each other, and the like. Automated analysis can allow users (e.g., network administrators) to define networks and pose changes to networks using high-level policies (e.g., written in a declarative language), have those polices automatically translated to lower-level implementation operations for analysis, and in some cases have results of the analysis presented back to the users in an easy-to-understand form.

公开(公告)号：US11824773B2

公开(公告)日：2023-11-21

申请号：US17218031

申请日：2021-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Bashuman Deb ,  Shridhar Kulkarni ,  Paul John Tillotson ,  Indira Radhika Pulla ,  Ramin Ali Dousti ,  Nicholas Ryan Lombardi ,  Steve Ge ,  Nick Matthews ,  Anoop Dawani

IPC: H04L45/586 ,  H04L45/24 ,  H04L12/46 ,  H04L45/00 ,  H04L45/02

CPC classification number: H04L45/586 ,  H04L12/4641 ,  H04L45/02 ,  H04L45/20 ,  H04L45/24

Abstract: A pair of virtual routers is configured. In response to programmatic requests, dynamic transfer of routing information between the routers in accordance with configuration settings indicated by a client is enabled. The routing information is associated with a set of isolated networks to which the virtual routers are attached. A network packet originating at an address in a first isolated network is transmitted to an address in a second isolated network using a route determined from routing information transmitted between the virtual routers according to the configuration settings.

公开(公告)号：US20230164059A1

公开(公告)日：2023-05-25

申请号：US17456549

申请日：2021-11-24

Applicant: Amazon Technologies, Inc.

Inventor： Anoop Dawani ,  Bashuman Deb ,  Baihu Qian ,  Omer Hashmi ,  Nick Matthews ,  Shridhar Kulkarni ,  Thomas Nguyen Spendley ,  Indira Radhika Pulla ,  David Jonathan Adams ,  Nicholas Ryan Lombardi ,  Brandon Michael LaRue ,  Aaron Scott DeBruin ,  Ramin Ali Dousti

IPC: H04L45/00 ,  H04L45/30 ,  H04L45/44 ,  H04L45/02

CPC classification number: H04L45/04 ,  H04L45/306 ,  H04L45/566 ,  H04L45/44 ,  H04L45/02 ,  H04L63/0272

Abstract: Systems and methods are provided for management of network segments that cross geographic regions and/or other types of network divisions in a cloud-based network environment. Gateway may manage traffic across regions using routing metadata that includes a segment identifier. The gateways may also signal their routes across regions based on segment data, and implement the signaled routes using segment-based routing policies. Route selection may be performed using optimization data.

公开(公告)号：US11570244B2

公开(公告)日：2023-01-31

申请号：US16215943

申请日：2018-12-11

Applicant: Amazon Technologies, Inc.

Inventor： Anoop Dawani ,  Nishant Mehta ,  Richard H. Galliher ,  Lee Spencer Dillard ,  Joseph Elmar Magerramov

IPC: H04L67/1095 ,  H04L43/028

Abstract: Techniques are described that enable users to configure the mirroring of network traffic sent to or received by computing resources associated with a virtual network of computing resources at a service provider network. The mirrored network traffic can be used for many different purposes including, for example, network traffic content inspection, forensic and threat analysis, network troubleshooting, data loss prevention, and the like. Users can configure such network traffic mirroring without the need to manually install and manage network capture agents or other such processes on each computing resource for which network traffic mirroring is desired. Users can cause mirrored network traffic to be stored at a storage service in the form of packet capture (or “pcap”) files, which can be used by any number of available out-of-band security and monitoring appliances including other user-specific monitoring tools and/or other services of the service provider network.

公开(公告)号：US11516050B2

公开(公告)日：2022-11-29

申请号：US16579743

申请日：2019-09-23

Applicant: Amazon Technologies, Inc.

Inventor： Anoop Dawani ,  Joseph Elmar Magerramov ,  Zachary Brandes ,  Apoorv Mittal ,  Bharadwaj Avva ,  Ryan James Schaefer ,  Kiran Venkat Sayeeram Karpurapu ,  Ajay Jha ,  Steven Bruce Richards ,  Richard H Galliher

IPC: H04L12/46 ,  H04L43/10

Abstract: Technologies are disclosed for monitoring network traffic using traffic mirroring. According to some examples, traffic mirroring allows customers to monitor traffic at different sources within a VPC. For example, a source may be any Elastic Network Interface (ENI) in their VPC, including elastic network interfaces (ENIs) on virtual machine instances, Network Address Translation (NAT) Gateways, Load Balancers, VPC endpoints, Internal Gateways, Transit Gateways, and more. Filters can be utilized to determine the network traffic to mirror. A customer may also configure to monitor real-time traffic with a monitoring appliance of their choice. With traffic mirroring, data traffic may be identified and sent to one or more target devices. Customers may monitor traffic within a VPC for content inspection, forensic analysis, troubleshooting, record keeping, and the like. Using traffic mirroring, customers can replicate VPC traffic, along with full payload data, without installing and managing agents on virtual machine instances.

公开(公告)号：US12273415B2

公开(公告)日：2025-04-08

申请号：US18161755

申请日：2023-01-30

Applicant: Amazon Technologies, Inc.

Inventor： Anoop Dawani ,  Nishant Mehta ,  Richard H. Galliher ,  Lee Spencer Dillard ,  Joseph Elmar Magerramov

IPC: H04L67/1095 ,  H04L43/028

Abstract: Techniques are described that enable users to configure the mirroring of network traffic sent to or received by computing resources associated with a virtual network of computing resources at a service provider network. The mirrored network traffic can be used for many different purposes including, for example, network traffic content inspection, forensic and threat analysis, network troubleshooting, data loss prevention, and the like. Users can configure such network traffic mirroring without the need to manually install and manage network capture agents or other such processes on each computing resource for which network traffic mirroring is desired. Users can cause mirrored network traffic to be stored at a storage service in the form of packet capture (or “pcap”) files, which can be used by any number of available out-of-band security and monitoring appliances including other user-specific monitoring tools and/or other services of the service provider network.

公开(公告)号：US11792116B1

公开(公告)日：2023-10-17

申请号：US17394090

申请日：2021-08-04

Applicant: Amazon Technologies, Inc.

Inventor： Andrew Bruce Dickinson ,  Anoop Dawani ,  Joseph Elmar Magerramov ,  Nishant Mehta ,  Lee Spencer Dillard

IPC: H04L45/00 ,  H04L43/0817 ,  H04L47/2483 ,  H04L47/783 ,  H04L45/02 ,  H04L9/40 ,  H04L45/302 ,  H04L45/7453

CPC classification number: H04L45/38 ,  H04L43/0817 ,  H04L45/04 ,  H04L45/306 ,  H04L45/7453 ,  H04L47/2483 ,  H04L47/783 ,  H04L63/0272

Abstract: Disclosed are various embodiments of a stateful network router. In one embodiment, a network data connection is intercepted between a first host and a second host on a network. First data packets from the network data connection sent by the first host to the second host are routed to a target network appliance. Second data packets from the network data connection sent by the second host to the first host are also to the target network appliance.

公开(公告)号：US11601365B2

公开(公告)日：2023-03-07

申请号：US17218036

申请日：2021-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Bashuman Deb ,  Shridhar Kulkarni ,  Paul John Tillotson ,  Ramin Ali Dousti ,  Indira Radhika Pulla ,  Steve Ge ,  Nicholas Ryan Lombardi ,  Nick Matthews ,  Anoop Dawani

IPC: H04L45/586 ,  H04L45/02 ,  H04L45/16

Abstract: An indication of a set of premises between which network traffic is to be routed via a private fiber backbone of a provider network is obtained. Respective virtual routers are configured for a first premise and a second premise, and connectivity is established between the virtual routers and routing information sources at the premises. Contents of at least one network packet originating at the first premise are transmitted to the second premise via the private fiber backbone using routing information obtained at the virtual routers from the routing information source at the second premise.

公开(公告)号：US20220321471A1

公开(公告)日：2022-10-06

申请号：US17218039

申请日：2021-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Bashuman Deb ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Baihu Qian ,  Guru Kannan ,  Shridhar Kulkarni ,  Paul John Tillotson ,  Ramin Ali Dousti ,  Indira Radhika Pulla ,  Yuxin Ren ,  Fahed Hijazi ,  Xiyuan Gou ,  Steve Ge ,  Nicholas Ryan Lombardi ,  Brandon Michael LaRue ,  Jaywant U. Kapadnis ,  Anoop Dawani

IPC: H04L12/713 ,  H04L12/741 ,  H04L29/06 ,  H04L29/08

Abstract: A message indicating an auxiliary task associated with traffic transmitted via a virtual router between a pair of isolated networks is received at an offloading device. A stack multiplexer at the offloading device selects a protocol stack instance to process the message. A result of the auxiliary task is obtained by the multiplexer from the selected protocol stack instance and transmitted to the virtual router, where it is used to transmit a packet between the isolated networks.

公开(公告)号：US20220321470A1

公开(公告)日：2022-10-06

申请号：US17218036

申请日：2021-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Baihu Qian ,  Omer Hashmi ,  Thomas Nguyen Spendley ,  Bashuman Deb ,  Shridhar Kulkarni ,  Paul John Tillotson ,  Ramin Ali Dousti ,  Indira Radhika Pulla ,  Steve Ge ,  Nicholas Ryan Lombardi ,  Nick Matthews ,  Anoop Dawani

IPC: H04L12/713 ,  H04L12/715 ,  H04L12/761

Abstract: An indication of a set of premises between which network traffic is to be routed via a private fiber backbone of a provider network is obtained. Respective virtual routers are configured for a first premise and a second premise, and connectivity is established between the virtual routers and routing information sources at the premises. Contents of at least one network packet originating at the first premise are transmitted to the second premise via the private fiber backbone using routing information obtained at the virtual routers from the routing information source at the second premise.