公开(公告)号：US20200092252A1

公开(公告)日：2020-03-19

申请号：US16136131

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L29/12 ,  H04L12/24 ,  H04L12/46 ,  H04L12/851 ,  G06F9/455

Abstract: Connectivity is enabled between a first and second isolated network using a virtual traffic hub that includes a decision master node responsible for determining a routing action for a packet received at the hub. At the hub, a determination is made that a particular domain name system (DNS) message being directed to a first resource in the first isolated network is to include an indication of a second resource in the second isolated network. The second resource is assigned a network address within a private address range of the second isolated network, which overlaps with a private address range being used in the first isolated network. The hub causes a transformed version of the network address to be included in the DNS message delivered to the first resource.

公开(公告)号：US20200092194A1

公开(公告)日：2020-03-19

申请号：US16136138

申请日：2018-09-19

Applicant: Amazon Technologies, Inc.

Inventor： Paul John Tillotson ,  Bashuman Deb ,  Thomas Spendley ,  Omer Hashmi ,  Baihu Qian ,  Alexander Justin Penney

IPC: H04L12/715 ,  H04L12/46 ,  H04L12/725 ,  H04L12/851

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.

公开(公告)号：US10397189B1

公开(公告)日：2019-08-27

申请号：US15277962

申请日：2016-09-27

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Omer Hashmi

IPC: H04L29/06 ,  H04L12/26 ,  H04L9/08

Abstract: A provider network includes a service that creates virtual private network (VPN) endpoint nodes. Application programming interfaces are available that the creation of VPN endpoint nodes, peer them together, and attach them to respective virtual private networks to thereby establish communication tunnels between pairs of virtual private networks. Each VPN endpoint node may be implemented as a fault tolerant endpoint node in which the node is created as a plurality of virtual machines. Each of the virtual machines is configured from a common machine image that includes software capable of causing the respective virtual machine to configure a tunnel such as an IPSec tunnel. One of the virtual machines, however, is operated in an active mode, while another virtual machine is configured to operate in a standby mode.