Using virtual networking devices and routing information to associate network addresses with computing nodes
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-012/751
H04L-012/715
H04L-012/24
출원번호
US-0632718
(2009-12-07)
등록번호
US-9036504
(2015-05-19)
발명자
/ 주소
Miller, Kevin Christopher
Brandwine, Eric Jason
Doane, Andrew J.
출원인 / 주소
Amazon Technologies, Inc.
대리인 / 주소
Seed IP Law Group PLLC
인용정보
피인용 횟수 :
7인용 특허 :
49
초록▼
Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between mult
Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.
대표청구항▼
1. A computer-implemented method comprising: providing, by one or more configured computing systems of a configurable network service, a first virtual computer network for a first client in accordance with specified configuration information, wherein the configuration information indicates one or mo
1. A computer-implemented method comprising: providing, by one or more configured computing systems of a configurable network service, a first virtual computer network for a first client in accordance with specified configuration information, wherein the configuration information indicates one or more specified virtual router devices that are part of the first virtual computer network and that are indicated to interconnect multiple computing nodes of the first virtual computer network and further indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, the providing of the first virtual computer network including: forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, the forwarding of the one or more communications including emulating functionality of the one or more specified virtual router devices related to modifying the one or more communications as part of the forwarding;intercepting a routing communication that is directed to at least one of the specified virtual router devices and that includes specified network routing information indicating that the specified computing node is newly associated with the first virtual network address, the specified computing node being distinct from the first computing node;updating the configuration information for the first virtual computer network based on the specified network routing information included in the received routing communication, the updating of the configuration information including associating the first virtual network address with the specified computing node; andafter the updating of the configuration information, forwarding one or more additional communications directed to the first virtual network address to the specified computing node based on the updated configuration information. 2. The method of claim 1 wherein the network routing information included in the received routing communication is specified in accordance with one or more predefined network routing protocols. 3. The method of claim 1 wherein the providing of the first virtual computer network further includes overlaying the first virtual computer network on a distinct substrate network without physically providing the one or more specified virtual router devices, and wherein the intercepting of the routing communication is performed before the routing communication is forwarded over the substrate network and includes inhibiting forwarding of the intercepted routing communication to the at least one specified virtual router device to which the intercepted routing communication is directed. 4. The method of claim 1 wherein the configurable network service provides a plurality of computing nodes for use in provided virtual computer networks, and further provides multiple other virtual computer networks distinct from the first virtual computer network to multiple other clients. 5. The method of claim 1 wherein the multiple computing nodes are each a virtual machine hosted on one of multiple physical computing systems of the configurable network service, and wherein the providing of the first virtual computer network includes configuring one or more virtual machine communication manager modules that execute on one or more of the physical computing systems to manage communications for the hosted virtual machines. 6. A computer-implemented method comprising: providing, by one or more configured computing systems of a configurable network service, a first virtual computer network for a first client in accordance with specified configuration information, wherein the configuration information indicates one or more specified virtual router devices of the first virtual computer network that interconnect multiple computing nodes of the first virtual computer network and further indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, the providing of the first virtual computer network including: forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, wherein the forwarding of the one or more communications includes emulating functionality of the one or more specified virtual router devices related to modifying the one or more communications as part of the forwarding, and wherein the first virtual network address is specified in the configuration information to be an anycast address for the first virtual computer network that may be associated with a group of one or more of the multiple computing nodes that includes the first computing node;receiving a routing communication directed to at least one of the specified virtual router devices that includes specified network routing information indicating that the specified computing node is newly associated with the first virtual network address, the specified computing node being distinct from the first computing node; andupdating the configuration information for the first virtual computer network based on the specified network routing information included in the received routing communication, wherein the updating of the configuration information for the first virtual computer network includes associating the first virtual network address with the specified computing node by designating that the specified computing node is one of the group of computing nodes. 7. The method of claim 6 wherein the specified configuration information is received from the first client and includes indications of multiple virtual network addresses to be used with the first virtual computer network, the first virtual network address being one of the multiple virtual network addresses and being designated by the first client as an anycast address, and wherein the updating of the configuration information is performed based at least in part on the specified configuration information received from the first client. 8. A computer-implemented method comprising: providing, by one or more configured computing systems of a configurable network service, a first virtual computer network for a first client in accordance with specified configuration information, wherein the configuration information indicates one or more specified virtual router devices of the first virtual computer network that interconnect multiple computing nodes of the first virtual computer network and further indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, the providing of the first virtual computer network including: forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, wherein the forwarding of the one or more communications includes emulating functionality of the one or more specified virtual router devices related to modifying the one or more communications as part of the forwarding, and wherein the first virtual network address is specified in the configuration information to be associated with the first computing node and to be a target address for the first virtual computer network that is enabled to be migrated between and serially associated with two or more of the multiple computing nodes;receiving a routing communication directed to at least one of the specified virtual router devices that includes specified network routing information indicating that a specified computing node is newly associated with the first virtual network address, the specified computing node being distinct from the first computing node; andupdating the configuration information for the first virtual computer network based on the specified network routing information included in the received routing communication, wherein the updating of the configuration information for the first virtual computer network includes associating the first virtual network address with the specified computing node by designating to transfer an association of the first virtual network address from the first computing node to the specified computing node. 9. A non-transitory computer-readable storage medium having stored contents that configure a computing system to: provide, by the configured computing system, a first virtual computer network for a first client in accordance with configuration information, wherein the configuration information specifies interconnections between multiple computing nodes of the first virtual computer network that include one or more virtual router devices of the first virtual computer network and indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, wherein the configured computing system is part of a configurable network service that provides multiple virtual computer networks to multiple remote clients and that provides a plurality of co-located computing nodes for use with the multiple virtual computer networks, wherein the multiple computing nodes of the first virtual computer network are a subset of the plurality of computing nodes, and wherein the providing of the first virtual computer network includes: forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, the forwarding of the one or more communications including emulating functionality of the one or more virtual router devices related to modifying the one or more communications as part of the forwarding;receiving a routing communication that is directed to at least one of the one or more virtual router devices and that includes specified routing information indicating an external public network address for use by computer systems external to the first virtual computer network in directing communications to a specified computing node of the first virtual computer network;initiating one or more routing announcements external to the first virtual computer network that indicate that the external public network address is associated with the first virtual computer network; andreceiving one or more external communications that are from one or more remote computer systems external to the first virtual computer network and that are directed to the external public network address based at least in part on the one or more routing announcements, and forwarding the received one or more external communications to the specified computing node. 10. The non-transitory computer-readable storage medium of claim 9 wherein the received routing communication is sent by the first computing node, and wherein specified computing node to which the received one or more external communications are forwarded is the first computing node. 11. The non-transitory computer-readable storage medium of claim 9 wherein the stored contents further configure the computing system to update the configuration information for the first virtual computer network based on the specified routing information. 12. The non-transitory computer-readable storage medium of claim 9 wherein the configuration information specifies the one or more virtual router devices, and wherein the emulating of the functionality of the one or more virtual router devices is performed without physically providing the one or more virtual router devices as part of the first virtual computer network. 13. The non-transitory computer-readable storage medium of claim 9 wherein the stored contents are instructions that, when executed, program the configured computing system to perform the providing of the first virtual computer network, and wherein the providing of the first virtual computer network further includes: after the forwarding of the one or more communications, intercepting an additional routing communication that is directed to at least one of the one or more virtual router devices and that includes additional routing information for the first virtual computer network, the additional routing information indicating that the specified computing node is newly associated with the first virtual network address; andupdating the configuration information based on the additional routing communication, and for one or more additional communications that are directed to the first virtual network address, forwarding the one or more additional communications to the specified computing node in accordance with the updated configuration information. 14. The non-transitory computer-readable storage medium of claim 9 wherein the initiated one or more routing announcements external to the first virtual computer network are provided to at least the one or more remote computer systems and further indicate that the external public network address is associated with the configurable network service, and wherein the one or more remote computer systems are further external to the configurable network service. 15. The non-transitory computer-readable storage medium of claim 9 wherein the providing of the first virtual computer network further includes overlaying the first virtual computer network on a distinct substrate network without physically providing the one or more virtual router devices, and wherein the receiving of the routing communication includes intercepting the routing communication before the routing communication is forwarded over the substrate network. 16. A non-transitory computer-readable storage medium having stored contents that configure a computing system to: provide, by the configured computing system, a first virtual computer network for a first client in accordance with configuration information, wherein the configured computing system is part of a configurable network service that provides the first virtual computer network, wherein the configuration information specifies interconnections between multiple computing nodes of the first virtual computer network that include one or more virtual router devices of the first virtual computer network and indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, and wherein the providing of the first virtual computer network includes: forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, the forwarding of the one or more communications including emulating functionality of the one or more virtual router devices related to modifying the one or more communications as part of the forwarding without physically providing the one or more virtual router devices;receiving a routing communication that is directed to at least one of the one or more virtual router devices and that includes specified routing information indicating an external public network address for use by computer systems external to the first virtual computer network in directing communications to a specified computing node of the first virtual computer network, wherein the external public network address is assigned to the first client by an entity external to the configurable network service;initiating one or more routing announcements external to the first virtual computer network that indicate that the external public network address is associated with the first virtual computer network; andreceiving one or more external communications that are from one or more remote computer systems external to the first virtual computer network and that are directed to the external public network address, and forwarding the received one or more external communications to the specified computing node; andbefore the initiating of the one or more routing announcements external to the first virtual computer network, verify that the first client is authorized to use the external public network address outside the configurable network service based at least in part on information provided by the first client to the configurable network service. 17. A non-transitory computer-readable storage medium having stored contents that configure a computing system to: provide, by the configured computing system, a first virtual computer network for a first client in accordance with configuration information, wherein the configuration information specifies interconnections between multiple computing nodes of the first virtual computer network that include one or more virtual router devices and indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, the providing of the first virtual computer network including: forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, the forwarding of the one or more communications including emulating functionality of the one or more virtual router devices related to modifying the one or more communications as part of the forwarding without physically providing the one or more virtual router devices;receiving a routing communication that is directed to at least one of the one or more virtual router devices and that includes specified routing information indicating an external public network address for use by computer systems external to the first virtual computer network in directing communications to a specified computing node of the first virtual computer network, wherein the specified routing information in the received routing communication further indicates an additional external public network address for use with the first virtual computer network;initiating one or more routing announcements external to the first virtual computer network that indicate that the external public network address is associated with the first virtual computer network; andreceiving one or more external communications that are from one or more remote computer systems external to the first virtual computer network and that are directed to the external public network address, and forwarding the received one or more external communications to the specified computing node; anddetermine to prevent initiation of any additional routing announcements external to the first virtual computer network that indicate that the additional external public network address is associated with the first virtual computer network. 18. The non-transitory computer-readable storage medium of claim 17 wherein the configuration information is received from the first client and includes an indication of one or more computing nodes authorized to announce one or more external public network addresses that do not include the first computing node, wherein the received routing communication is sent by the first computing node, and wherein the determining to prevent the initiation of the additional routing announcements is based on the first computing node not being one of the indicated one or more computing nodes that are authorized. 19. The non-transitory computer-readable storage medium of claim 17 wherein the configuration information is received from the first client and includes an indication of one or more external public network addresses that are authorized to be used with the first virtual computer network, wherein the additional external public network address is not one of the indicated one or more external public network addresses that are authorized, and wherein the determining to prevent the initiation of the additional routing announcements is based on the additional external public network address not being one of the indicated one or more external public network addresses that are authorized. 20. A computing system, comprising: one or more processors; anda manager module that is part of a configurable network service and is configured to, when executed by at least one of the processors, provide computer networks to one or more remote clients by, for each of the one or more remote clients: configuring a first computer network provided for the client in accordance with configuration information from the client, wherein the configuration information indicates interconnections between multiple computing nodes of the provided computer network that include one or more virtual router devices of the provided first computer network and further indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a network address while the first computer network is in use;forwarding multiple communications between the multiple computing nodes over the substrate computer network while emulating functionality of the one or more virtual router devices related to modifying the one or more communications as part of the forwarding without physically providing the one or more virtual router devices, the forwarding of the multiple communications including forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first network address, one or more communications that are directed to the first network address;receiving one or more routing communications that are each directed to at least one of the one or more virtual router devices and include routing information for the first computer network, the routing information indicating that the specified computing node is associated with the first network address, the specified computing node being distinct from the first computing node;determining whether the specified computing node is authorized to be associated with the first network address; andafter the receiving of the one or more routing communications, and if the specified computing node is determined to be authorized to be associated with the first network address, forwarding one or more additional communications that are each directed to the first network address to the specified computing node based at least in part on the routing information included in the received one or more routing communications. 21. The computing system of claim 20 wherein the manager module includes software instructions for execution by the at least one processor. 22. The computing system of claim 20 wherein the one or more clients include multiple remote clients, wherein the configurable network service provides an interface for use by the multiple remote clients to configure the computer networks provided for use by the clients, and wherein the configuration information for each of the multiple remote clients is received via the provided interface. 23. The computing system of claim 20 wherein the multiple computing nodes of each of the provided computer networks are a subset of a plurality of computing nodes provided by the configurable network service for use with the provided computer networks, wherein the second computer network is a substrate network, wherein the provided computer networks are each virtual computer networks overlaid on the substrate network, and wherein the first network address for each of the provided computer networks is one of multiple virtual network addresses associated with that provided computer network. 24. The computing system of claim 20 wherein the providing of the computer networks further includes overlaying each of the provided first computer networks on a distinct substrate network without physically providing the one or more virtual router devices of each of the provided first computer networks, and the receiving of the one or more routing communications for each of the provided first computer networks includes intercepting the one or more routing communications before the one or more routing communications are forwarded over the substrate network.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (49)
Dugan Andrew J. ; McDysan David E., ATM virtual private networks.
Gelvin, David C.; Girod, Lewis D.; Kaiser, William J.; Merrill, William M.; Newberg, Fredric; Pottie, Gregory J.; Sipos, Anton I.; Vardhan, Sandeep, Apparatus for internetworked hybrid wireless integrated network sensors (WINS).
Sullivan Mark K., Computer system having virtual circuit address altered by local computer to switch to different physical data link to increase data transmission bandwidth.
Waters, Christopher; de Haaff, Brian; Lockhart, Andrew, Hosted searching of private local area network information with support for add-on applications.
Mukherjee,Sarit; Paul,Sanjoy; Rangarajan,Sampath; Takkallapalli,Anil, Method and apparatus for providing adaptive VPN to enable different security levels in virtual private networks (VPNs).
Bhavanam, Kotilingareddy; Suriyanarayanan, Muthukumar; Mandavilli, Swamy Jagannadha, Method and system for determining network topology of a virtual private network in multi protocol label switching (MPLS) based virtual private networks (VPNs).
Mandavilli, Swamy J.; Horner, Damian; Kuriakose, Anil A.; Menon, Sunil; Lamb, Richard David; Walding, Andrew; Odenwald, Joseph M., Method and system for managing network nodes which communicate via connectivity services of a service provider.
Larson, Victor; Short, III, Robert Dunham; Munger, Edmund Colby; Williamson, Michael, Method for establishing secure communication link between computers of virtual private network.
Guichard, James N.; Wainner, W. Scott; Weis, Brian E.; Khalid, Mohamed, Methods and apparatus for providing multiple policies for a virtual private network.
Khalid, Mohamed; Asati, Rajiv; Patil, Shashidhar P.; Akhter, Aamer, Methods and systems for dynamically updating a routing table in a virtual private network.
Ould Brahim,Hamid; Fedyk,Donald, Resource allocation using an auto-discovery mechanism for provider-provisioned layer-2 and layer-3 virtual private networks.
Miller, Kevin Christopher; Brandwine, Eric Jason; Doane, Andrew J., Using virtual networking devices to manage routing communications between connected computer networks.
Patel, Keyur; Bayraktar, Serpil; Bhardwaj, Manish; Ward, David Delano; Pithawala, Burjiz, Automatic optimal route reflector root address assignment to route reflector clients and fast failover in a network environment.
Brandwine, Eric Jason; Searle, Ian R.; Thompson, Aaron C.; Miller, Kevin Christopher, Managing use of intermediate destination computing nodes for provided computer networks.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.