公开(公告)号：US12095666B1

公开(公告)日：2024-09-17

申请号：US17491263

申请日：2021-09-30

Applicant: Amazon Technologies, Inc.

Inventor： David James Goodell ,  Ethan Joseph Torretta ,  Bharadwaj Avva ,  Joseph Elmar Magerramov ,  Shovan Kumar Das

IPC: H04L45/741 ,  H04L12/46 ,  H04L45/02 ,  H04L45/745

CPC classification number: H04L45/741 ,  H04L12/4641 ,  H04L45/04 ,  H04L45/745

Abstract: A first set of network addresses of a first address family, and a second set of network addresses of a second address family, are assigned to a virtual machine. At a routing device, respective routing information entries for the two sets of network addresses are stored, without storing routing information entries for individual addresses of the sets. A first packet with a destination address within the first set, routed using the routing information entry for the first set, is obtained at the virtual machine. A second packet with a destination address within the second set, routed using the routing information entry for the second set, is obtained at the virtual machine.

公开(公告)号：US11784967B1

公开(公告)日：2023-10-10

申请号：US17953980

申请日：2022-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Eric Andrew Rubin-Smith ,  Leonid Nikolayev ,  Shovan Kumar Das

IPC: H04L29/12 ,  H04L29/06 ,  H04L29/08 ,  H04L61/5007

CPC classification number: H04L61/5007

Abstract: Techniques implemented by an IP address management (IPAM) system for monitoring the usage of IP addresses in networks of computing resources and automatically notifying networking devices when IP address usage has changed. The IPAM system may create pools of IP addresses (e.g., address groups), and map those pools to prefix lists that are distributed to the networking devices. The IPAM system may monitor changes in IP address usage by resources in the networks (e.g., allocations and releases of IP addresses), update the pools that are affected by the changes, carry those changes through to the appropriate prefix lists, and propagate updated prefix lists to the networking devices (e.g., firewall devices, routing devices, etc.). In this way, the IPAM system may automatically identify and apply IP address changes to prefix lists that are used for networking operations in the networks.

公开(公告)号：US12184647B2

公开(公告)日：2024-12-31

申请号：US18058198

申请日：2022-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Sujan Bolisetti ,  Shovan Kumar Das ,  Jessica Kira Szmajda ,  Harshit Kumar Tiwari ,  Bashuman Deb ,  Stephen A. Saville

IPC: H04L9/40

Abstract: Systems and methods are provided for creating and running an instance of a dynamic access control system (DACS). Trust providers may be defined in a trust broker of the DACS such that trust information associated with the trust providers can be used to create a custom data structure. Resources and resource groups may be defined in the DACS. Policies may be configured or coded in the DACS to map the custom data structure to recourses or resources groups. Additionally, policies may be configured or coded in the DACS to route the data structure and request to network segments or shared with other parties.

公开(公告)号：US20240171583A1

公开(公告)日：2024-05-23

申请号：US18058168

申请日：2022-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Shovan Kumar Das ,  Jessica Kira Szmajda ,  Bashuman Deb ,  Sujan Bolisetti ,  Shridhar Kulkarni ,  Baihu Qian ,  Brandon Michael LaRue ,  Stephen A. Saville

IPC: H04L9/40

CPC classification number: H04L63/102 ,  H04L63/0236 ,  H04L63/101

Abstract: Systems and methods are provided for creating and running an instance of a dynamic access control system (DACS). Trust providers may be defined in a trust broker of the DACS such that trust information associated with the trust providers can be used to create a custom data structure. Resources and resource groups may be defined in the DACS. Policies may be configured or coded in the DACS to map the custom data structure to recourses or resources groups. Additionally, policies may be configured or coded in the DACS to route the data structure and request to network segments or shared with other parties.

公开(公告)号：US20240171573A1

公开(公告)日：2024-05-23

申请号：US18058198

申请日：2022-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Sujan Bolisetti ,  Shovan Kumar Das ,  Jessica Kira Szmajda ,  Harshit Kumar Tiwari ,  Bashuman Deb ,  Stephen A. Saville

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/101 ,  H04L63/105

Abstract: Systems and methods are provided for creating and running an instance of a dynamic access control system (DACS). Trust providers may be defined in a trust broker of the DACS such that trust information associated with the trust providers can be used to create a custom data structure. Resources and resource groups may be defined in the DACS. Policies may be configured or coded in the DACS to map the custom data structure to recourses or resources groups. Additionally, policies may be configured or coded in the DACS to route the data structure and request to network segments or shared with other parties.

公开(公告)号：US11799826B1

公开(公告)日：2023-10-24

申请号：US17535489

申请日：2021-11-24

Applicant: Amazon Technologies, Inc.

Inventor： Samuel Lough ,  John Jeffrey Schlachtenhaufen ,  Masood Karimi ,  Eric Andrew Rubin-Smith ,  Shovan Kumar Das ,  Joshua D Leaverton ,  Jonathan Paul Kramer

IPC: G06F15/16 ,  H04L61/5069 ,  H04L41/0686 ,  H04L61/5007

CPC classification number: H04L61/5069 ,  H04L41/0686 ,  H04L61/5007

Abstract: Techniques and technologies for an IP address management (IPAM) system to monitor the usage of IP addresses across regions in one or more networks of resources. The IPAM system may be used to allocate IP addresses to resources in networks and track what IP addresses are being used by resources or available for allocation. The IPAM system may periodically obtain usage information that indicates actual, current IP address usage by the resources in the networks, identify differences between the current IP address usage and an inventory maintained by the IPAM service, and reconcile the differences. Additionally, the IPAM system may further respond to network administrator queries about their resource and IP address usage. Further, the IPAM system may emit various utilization metrics to the network administrators which may be tied to alarms or alerts around non-compliant resources or IP addresses.

公开(公告)号：US11909719B1

公开(公告)日：2024-02-20

申请号：US17535498

申请日：2021-11-24

Applicant: Amazon Technologies, Inc.

Inventor： Jonathan Paul Kramer ,  Michael Erik Untereiner ,  Samuel Lough ,  John Jeffrey Schlachtenhaufen ,  Masood Karimi ,  Eric Andrew Rubin-Smith ,  Joshua D Leaverton ,  Shovan Kumar Das

IPC: H04L61/5053 ,  H04L61/5007 ,  H04L61/5061 ,  H04L41/0686

CPC classification number: H04L61/5053 ,  H04L41/0686 ,  H04L61/5007 ,  H04L61/5061

Abstract: Techniques and technologies for an Internet Protocol (IP) address management (IPAM) system to track and manage IP address workflows in a network. The IPAM system can be used to define and enforce management policies or rules regarding IP address management, such as allocation policies, refill policies, and so forth. For instance, the IPAM system can enforce allocation policies that define rules to allow or deny allocation of IP addresses based on types of resources for which the IP addresses are requested, registered user accounts that are requesting the IP addresses, the purpose of the resources receiving the IP addresses, and so forth. Additionally, the IPAM system can enforce refill policies that define rules for replenishing inventories of IP addresses that have been allocated for different domains in the network. The IPAM system can improve the management of IP address workflows by enforcing policy and tracking IP address workflows in networks.

公开(公告)号：US11575647B1

公开(公告)日：2023-02-07

申请号：US17535023

申请日：2021-11-24

Applicant: Amazon Technologies, Inc.

Inventor： Eric Andrew Rubin-Smith ,  Shovan Kumar Das ,  Jonathan Paul Kramer ,  Michael Erik Untereiner ,  Masood Karimi ,  John Jeffrey Schlachtenhaufen ,  Arushi Gupta ,  Samuel Lough

IPC: G06F15/177 ,  H04L12/24 ,  H04L29/12 ,  H04L12/911 ,  H04L61/5007 ,  H04L61/2514 ,  H04L61/5046 ,  H04L61/5061

Abstract: Disclosed are various embodiments for distributed network address allocation management. In one embodiment, a first instance of a plurality of instances of an allocation management service assigns a first portion of a network address space to the first instance and a second portion of the network address space to a second instance of the plurality of instances. The second instance receives a request to allocate a particular network address block. The second instance allocates the particular network address block from the second portion of the network address space by updating an allocation data structure. An allocation of the particular network address block is returned in response to the request. A copy of the allocation data structure maintained by the first instance is updated asynchronously based at least in part on the allocation of the particular network address block.

公开(公告)号：US11483282B1

公开(公告)日：2022-10-25

申请号：US17547652

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Eric Andrew Rubin-Smith ,  Leonid Nikolayev ,  Shovan Kumar Das

IPC: H04L29/12 ,  H04L29/06 ,  H04L29/08 ,  H04L61/5007

Abstract: Techniques implemented by an IP address management (IPAM) system for monitoring the usage of IP addresses in networks of computing resources and automatically notifying networking devices when IP address usage has changed. The IPAM system may create pools of IP addresses (e.g., address groups), and map those pools to prefix lists that are distributed to the networking devices. The IPAM system may monitor changes in IP address usage by resources in the networks (e.g., allocations and releases of IP addresses), update the pools that are affected by the changes, carry those changes through to the appropriate prefix lists, and propagate updated prefix lists to the networking devices (e.g., firewall devices, routing devices, etc.). In this way, the IPAM system may automatically identify and apply IP address changes to prefix lists that are used for networking operations in the networks.