Using virtual networking devices to connect managed computer networks
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/16
H04L-029/06
H04L-029/08
출원번호
US-0620809
(2012-09-15)
등록번호
US-9094421
(2015-07-28)
발명자
/ 주소
Miller, Kevin Christopher
Brandwine, Eric Jason
Doane, Andrew J.
출원인 / 주소
Amazon Technologies, Inc.
대리인 / 주소
Seed IP Law Group
인용정보
피인용 횟수 :
7인용 특허 :
51
초록▼
Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications be
Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage data communications between computing nodes of the inter-connected managed computer networks in accordance with client-specified configuration information.
대표청구항▼
1. A computer-implemented method comprising: receiving, by one or more configured computing systems of a configurable network service, configuration information from a first client via an API (application programming interface) provided by the configurable network service, wherein the configuration
1. A computer-implemented method comprising: receiving, by one or more configured computing systems of a configurable network service, configuration information from a first client via an API (application programming interface) provided by the configurable network service, wherein the configuration information is sent by an executing program of the first client and specifies one or more virtual networking devices of a first virtual computer network and further includes first peering configuration information for use by a virtual peering router in blocking or allowing communications of one or more specified types, wherein the virtual peering router is configurable to interconnect multiple virtual computer networks;providing, by the one or more configured computing systems, the first virtual computer network to the first client in accordance with the configuration information by overlaying the first virtual computer network on a substrate network and emulating functionality of the one or more virtual networking devices;providing, by the one or more configured computing systems, functionality of the virtual peering router in accordance with the first peering configuration information;establishing, by the one or more configured computing systems, a logical first connection between the provided first virtual computer network and the virtual peering router; andforwarding, by the one or more configured computing systems, one or more communications between the first virtual computer network and one or more second virtual computer networks having one or more logical second connections to the virtual peering router. 2. The method of claim 1 further comprising, before the forwarding of the one or more communications, determining, by the one or more configured computing systems, to perform the forwarding of the one or more communications based at least in part on specified configuration information for the virtual peering router that includes the first peering configuration information. 3. The method of claim 1 wherein the emulating of the functionality of the one or more virtual networking devices includes, without physically providing the one or more virtual networking devices, modifying additional communications being forwarded for the first virtual computer network to reflect operations that would be performed by the one or more virtual networking devices if the one or more virtual networking devices were physically provided. 4. The method of claim 3 further comprising, before the determining to perform the forwarding of the one or more communications, receiving some of the specified configuration information for the virtual peering router from one or more second clients associated with the one or more second virtual computer networks. 5. The method of claim 1 further comprising determining, by the one or more configured computing systems, not to forward one or more additional communications between the first virtual computer network and the one or more second virtual computer networks based at least in part on specified configuration information for the virtual peering router that includes the first peering configuration information. 6. The method of claim 1 wherein the one or more communications are routing communications that include routing information for the first virtual computer network corresponding to one or more computing nodes of the first virtual computer network, and wherein the forwarding of the one or more communications includes forwarding the one or more communications to the one or more second virtual computer networks to enable subsequent communications from the one or more second virtual computer networks to be sent to the one or more computing nodes of the first virtual computer network. 7. The method of claim 1 wherein the one or more communications are routing communications that include routing information corresponding to one or more computing nodes of at least one of the one or more second virtual computer networks, and wherein the forwarding of the one or more communications includes forwarding the one or more communications to the first virtual computer network to enable subsequent communications from the first virtual computer network to be sent to the one or more computing nodes of the at least one second virtual computer network. 8. The method of claim 1 wherein the one or more communications are routing communications that include routing information for the first virtual computer network, and wherein the forwarding of the one or more communications includes forwarding the one or more communications to one or more second computing nodes of the one or more second virtual computer networks that participate in a routing protocol. 9. The method of claim 8 wherein the one or more communications are specified in accordance with a first routing protocol, wherein the routing protocol that the one or more second computing nodes participate in is a distinct second routing protocol, and wherein the forwarding of the one or more communications to the one or more second computing nodes includes modifying the forwarded one or more communications to be specified in accordance with the second routing protocol. 10. The method of claim 1 wherein the one or more communications are data communications that are sent between one or more first computing nodes of the first virtual computer network and one or more second computing nodes of the one or more second virtual computer networks. 11. The method of claim 1 further comprising creating the virtual peering router for use with the first virtual computer network in response to a request from the first client. 12. The method of claim 1 further comprising providing, by the one or more configured computing systems, the one or more second virtual computer networks to one or more second clients distinct from the first client, the providing of the one or more second virtual computer networks including overlaying the one or more second virtual computer network on the substrate network. 13. The method of claim 12 wherein the forwarding of each of the one or more communications is performed over the substrate network to a location in the substrate network of a determined destination of the communication. 14. The method of claim 1 wherein the virtual peering router is configured to allow communications to pass in only one direction between the first virtual computer network and the one or more second virtual computer networks, and wherein the providing of the functionality of the virtual peering router includes emulating, by the one or more configured computing systems, the functionality of the virtual peering router. 15. The method of claim 1 further comprising, before the forwarding of the one or more communications, determining, by the one or more configured computing systems, to perform the forwarding of the one or more communications based at least in part on one or more filters specified in the received configuration information. 16. The method of claim 1 further comprising intercepting the one or more communications before the one or more communications are forwarded over the substrate network. 17. The method of claim 1 wherein the one or more second virtual computer networks are provided to the first client by the configurable network service. 18. A non-transitory computer-readable medium having stored contents that configure a computing system to: receive configuration information, from a first client via a programmatic interface provided for use by clients, that specifies one or more virtual networking devices of a first virtual computer network and that further includes first peering configuration information for use by a virtual peering router in blocking or allowing communications of one or more specified types, wherein the virtual peering router is configurable to interconnect multiple virtual computer networks;provide the first virtual computer network to the first client in accordance with the configuration information by overlaying the first virtual computer network on a substrate network and emulating functionality of the one or more virtual networking devices;provide functionality of the virtual peering router in accordance with the first peering configuration information;establish a logical first connection between the provided first virtual computer network and the virtual peering router; andforward one or more communications between the first virtual computer network and one or more second virtual computer networks having one or more logical second connections to the virtual peering router. 19. The non-transitory computer-readable medium of claim 18 wherein the stored contents further configure the computing system to: before the forwarding of the one or more communications, determine to perform the forwarding of the one or more communications based at least in part on the first peering configuration information. 20. The non-transitory computer-readable medium of claim 19 wherein the configured computing system is part of a configurable network service that provides multiple virtual computer networks to multiple clients by overlaying the multiple virtual computer networks on one or more substrate computer networks, wherein the programmatic interface is an API (application programming interface) provided by the configurable network service, wherein the received configuration information is sent by an executing program of the first client, and wherein the stored contents include executable software instructions. 21. A system comprising: one or more processors of one or more computing systems; andone or more modules of a configurable network service that, when executed by at least one of the one or more processors, configure the at least one processor to:receive information from a first client via an API (application programming interface) provided by the configurable network service, the received information including configuration information for a first virtual computer network that specifies one or more networking devices of the first virtual computer network, and further including peering configuration information for use by a virtual peering router in blocking or allowing communications of one or more specified types exchanged with other computer networks;provide, in accordance with the configuration information, the first virtual computer network to the first client by overlaying the first virtual computer network on a substrate network and emulating functionality of the one or more networking devices;provide in accordance with the peering configuration information, functionality of the virtual peering router, including establishing a logical inter-connection between the provided first virtual computer network and one or more second virtual computer networks provided by the configurable network service; andforward one or more communications between the first virtual computer network and the one or more second virtual computer networks based on the established logical inter-connection. 22. The system of claim 21 wherein functionality of the virtual peering router is emulated by the configurable network service, and wherein the one or more modules are further configured to, before the forwarding of the one or more communications, determine to perform the forwarding of the one or more communications based at least in part on the peering configuration information. 23. The system of claim 22 wherein the establishing of the logical inter-connection includes establishing a first logical connection from the first virtual computer network to the provided virtual peering router, and wherein the one or more modules include executable software instructions.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (51)
Dugan Andrew J. ; McDysan David E., ATM virtual private networks.
Gelvin, David C.; Girod, Lewis D.; Kaiser, William J.; Merrill, William M.; Newberg, Fredric; Pottie, Gregory J.; Sipos, Anton I.; Vardhan, Sandeep, Apparatus for internetworked hybrid wireless integrated network sensors (WINS).
Sullivan Mark K., Computer system having virtual circuit address altered by local computer to switch to different physical data link to increase data transmission bandwidth.
Garcia, Kelley K.; Hamilton, II, Rick A.; Newhook, Richard J.; Ramsey, Martin S.; Rangel, Raull; Seaman, James W., Creating and using secure communications channels for virtual universes.
Waters, Christopher; de Haaff, Brian; Lockhart, Andrew, Hosted searching of private local area network information with support for add-on applications.
Mukherjee,Sarit; Paul,Sanjoy; Rangarajan,Sampath; Takkallapalli,Anil, Method and apparatus for providing adaptive VPN to enable different security levels in virtual private networks (VPNs).
Bhavanam, Kotilingareddy; Suriyanarayanan, Muthukumar; Mandavilli, Swamy Jagannadha, Method and system for determining network topology of a virtual private network in multi protocol label switching (MPLS) based virtual private networks (VPNs).
Mandavilli, Swamy J.; Horner, Damian; Kuriakose, Anil A.; Menon, Sunil; Lamb, Richard David; Walding, Andrew; Odenwald, Joseph M., Method and system for managing network nodes which communicate via connectivity services of a service provider.
Larson, Victor; Short, III, Robert Dunham; Munger, Edmund Colby; Williamson, Michael, Method for establishing secure communication link between computers of virtual private network.
Guichard, James N.; Wainner, W. Scott; Weis, Brian E.; Khalid, Mohamed, Methods and apparatus for providing multiple policies for a virtual private network.
Khalid, Mohamed; Asati, Rajiv; Patil, Shashidhar P.; Akhter, Aamer, Methods and systems for dynamically updating a routing table in a virtual private network.
Ould Brahim,Hamid; Fedyk,Donald, Resource allocation using an auto-discovery mechanism for provider-provisioned layer-2 and layer-3 virtual private networks.
Miller, Kevin Christopher; Brandwine, Eric Jason; Doane, Andrew J., Using virtual networking devices to manage routing communications between connected computer networks.
Miller, Kevin Christopher; Brandwine, Eric Jason; Doane, Andrew J., Using virtual networking devices and routing information to associate network addresses with computing nodes.
Miller, Kevin Christopher; Brandwine, Eric Jason; Doane, Andrew J., Using virtual networking devices and routing information to initiate external actions.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.