公开(公告)号：US11528201B1

公开(公告)日：2022-12-13

申请号：US16904415

申请日：2020-06-17

Applicant: Amazon Technologies, Inc.

Inventor： Steven Bruce Richards ,  David James Goodell ,  Nandita Mathews

IPC: H04L43/062 ,  H04L47/34 ,  H04L43/50

Abstract: Features are disclosed for enriching a packet of network traffic between a first computing environment and a second computing environment with telemetry information. Each computing environment can include a network device for enriching packets with telemetry information and parsing enriched packets. A source network device can select a packet of the network traffic for enrichment based on enrichment parameters and generate an enriched packet including payload information and telemetry information. A destination network device can receive the enriched packet and parse the enriched packet to separate the payload information and telemetry information. The destination network device can transmit transmission information to the source network device based on the enriched packet.

公开(公告)号：US11206175B1

公开(公告)日：2021-12-21

申请号：US17117930

申请日：2020-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Samuel Bayless ,  John David Backes ,  Daniel William Dacosta ,  Benjamin F Jones ,  Patrick Trentin ,  Nathan Launchbury ,  Sagar Chintamani Joshi ,  Nandita Mathews

IPC: G06F15/177 ,  H04L12/24 ,  H04L12/26

Abstract: This disclosure describes techniques for identifying blocked paths and network configuration settings that block paths in networks, such as network paths in a virtual private cloud (VPC). The configuration of virtual networks depends on the correct configuration of many networking resources, such as firewalls, security groups, routing lists, access control lists (ACLs), and the like. In some cases, an analysis that uses formal methods can be performed to determine a network configuration of a virtual network. Using the network configuration information, network paths that are blocked and network configuration settings that may be blocking one or more of the network paths can be determined. The PAS can provide an explanation of what is blocking the network paths. For example, the PAS may identify that a configuration setting of a firewall, router, network gateway, an access control list (ACL), and the like may be blocking a network path.