公开(公告)号：US12177123B1

公开(公告)日：2024-12-24

申请号：US17810290

申请日：2022-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Young Ha Jung ,  Upendra Bhalchandra Shevade ,  Mathew Lehwess ,  Matthew B Barr ,  Akshay Choudhry ,  Shuai Ye ,  Ethan Joseph Torretta ,  Kirk Arlo Petersen

IPC: H04L45/745

Abstract: Route tables may be associated with ingress traffic for logically isolated networks. A routing device at the edge of a logically isolated network may receive a route to include in a route table that is associated with ingress traffic to the logically isolated network, where the ingress traffic is destined for a block of public or private IP addresses. The route instructs the edge routing device to forward such ingress traffic to a network interface of a network appliance hosted in the logically isolated network. Network packets received at the edge routing device may have a destination of one or more public or private IP addresses in the block of public/private IP addresses. The edge routing device may identify the route in the route table that forwards the ingress network traffic destined for the block of public or private IP addresses to the network interface for the network appliance.

公开(公告)号：US09667656B2

公开(公告)日：2017-05-30

申请号：US14673516

申请日：2015-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Rajat Banerjee ,  Nathan Andrew Miller ,  Aniket Deepak Divecha ,  John Robert Kerl ,  Mingxue Zhao ,  Shuai Ye ,  Kevin Christopher Miller

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/20 ,  H04L43/067 ,  H04L43/0876 ,  H04L63/0227 ,  H04L63/0245 ,  H04L63/1408

Abstract: Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log information such that it is accessible to the customer. Additionally, the log information may be provided to other services such as a metrics service or intrusion detection service.

公开(公告)号：US10728085B1

公开(公告)日：2020-07-28

申请号：US15927690

申请日：2018-03-21

Applicant: Amazon Technologies, Inc.

Inventor： Po-Chun Chen ,  Shuai Ye

IPC: H04L12/24 ,  H04L12/58

Abstract: In a provider network, data indicative of an operational state of the computing devices of the provider network is processed by an inference engine. The inference engine is configured to model operational characteristics of the computing devices of the provider network. The inference engine determines a potential fault condition for one of the computing devices of the provider network. A remedial action is invoked.

公开(公告)号：US10680945B1

公开(公告)日：2020-06-09

申请号：US16145102

申请日：2018-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Shuai Ye ,  Joseph Elmar Magerramov ,  Mohamed Nader Farahat Hassan ,  Aarthi Raju ,  Haider Witwit

IPC: H04L12/715 ,  H04L12/741 ,  G06F9/455 ,  H04L12/46

Abstract: An overlay network can be extended to edge routers for a substrate network. A request to make an overlay network available may be received at a network manager for a substrate network. The network manager may update an edge router to add an overlay network route to the edge router. The edge router can then indicate that the network route is available for handling network traffic. When network traffic directed to the overlay network is received at the network route, the edge router can forward the network traffic to the overlay network according to the added network route.

公开(公告)号：US20190188763A1

公开(公告)日：2019-06-20

申请号：US16283477

申请日：2019-02-22

Applicant: Amazon Technologies, Inc.

Inventor： Shuai Ye ,  Mark Edward Stalzer ,  Patrick Brigham Cullen

IPC: G06Q30/04 ,  H04L12/26

CPC classification number: G06Q30/04 ,  H04L43/0876 ,  H04L43/0894 ,  H04L43/16

Abstract: Methods and apparatus for partitioned private interconnects to provider networks are described. At least a portion of available bandwidth of a private physical interconnect between a provider network and a connectivity intermediary's network is designated as the bandwidth limit of an interconnect partition set up on behalf of a customer at the request of the intermediary. The intermediary's network comprises one or more devices to which at least one of the customer's devices is connected. Access to one or more resources of the provider network via the interconnect is enabled. Traffic monitoring results associated with the interconnect are used to enforce the designated bandwidth limit of the partition.

公开(公告)号：US20160294870A1

公开(公告)日：2016-10-06

申请号：US14673516

申请日：2015-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Rajat Banerjee ,  Nathan Andrew Miller ,  Aniket Deepak Divecha ,  John Robert Kerl ,  Mingxue Zhao ,  Shuai Ye ,  Kevin Christopher Miller

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/20 ,  H04L43/067 ,  H04L43/0876 ,  H04L63/0227 ,  H04L63/0245 ,  H04L63/1408

Abstract: Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log information such that it is accessible to the customer. Additionally, the log information may be provided to other services such as a metrics service or intrusion detection service.

Abstract translation: 计算资源服务提供商可以在多租户环境中向客户提供计算资源。 这些计算资源可能在防火墙或其他安全设备之后，使得某些信息不会到达提供给客户的计算资源。 记录实体可以在由计算资源服务提供商操作的计算机服务器上实现。 记录实体可以从防火墙或其他安全设备获取日志信息，并存储日志信息，以便客户可以访问日志信息。 此外，日志信息可以被提供给诸如度量服务或入侵检测服务的其他服务。

公开(公告)号：US10764165B1

公开(公告)日：2020-09-01

申请号：US15982831

申请日：2018-05-17

Applicant: Amazon Technologies, Inc.

Inventor： Shuai Ye

IPC: G06F15/173 ,  H04L12/26

Abstract: Time-based groupings of network traffic flow data for virtualized computing resources are stored. Notifications that the time-based groupings are stored are sent, and in response to the notifications, the groupings are processed in accordance with the notifications. Network traffic flow data that is associated with users who have requested publication is published for associated virtualized computing resources.

公开(公告)号：US10187427B2

公开(公告)日：2019-01-22

申请号：US15605194

申请日：2017-05-25

Applicant: Amazon Technologies, Inc.

Inventor： Rajat Banerjee ,  Nathan Andrew Miller ,  Aniket Deepak Divecha ,  John Robert Kerl ,  Mingxue Zhao ,  Shuai Ye ,  Kevin Christopher Miller

IPC: H04L29/06 ,  H04L12/26

Abstract: Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log information such that it is accessible to the customer. Additionally, the log information may be provided to other services such as a metrics service or intrusion detection service.

公开(公告)号：US20170359384A1

公开(公告)日：2017-12-14

申请号：US15605194

申请日：2017-05-25

Applicant: Amazon Technologies, Inc.

Inventor： Rajat Banerjee ,  Nathan Andrew Miller ,  Aniket Deepak Divecha ,  John Robert Kerl ,  Mingxue Zhao ,  Shuai Ye ,  Kevin Christopher Miller

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/20 ,  H04L43/067 ,  H04L43/0876 ,  H04L63/0227 ,  H04L63/0245 ,  H04L63/1408

Abstract: Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log information such that it is accessible to the customer. Additionally, the log information may be provided to other services such as a metrics service or intrusion detection service.

公开(公告)号：US20210142374A1

公开(公告)日：2021-05-13

申请号：US17156363

申请日：2021-01-22

Applicant: Amazon Technologies, Inc.

Inventor： Shuai Ye ,  Mark Edward Stalzer ,  Patrick Brigham Cullen

IPC: G06Q30/04 ,  H04L12/26

Abstract: Methods and apparatus for partitioned private interconnects to provider networks are described. At least a portion of available bandwidth of a private physical interconnect between a provider network and a connectivity intermediary's network is designated as the bandwidth limit of an interconnect partition set up on behalf of a customer at the request of the intermediary. The intermediary's network comprises one or more devices to which at least one of the customer's devices is connected. Access to one or more resources of the provider network via the interconnect is enabled. Traffic monitoring results associated with the interconnect are used to enforce the designated bandwidth limit of the partition.