Emulating virtual router device functionality in virtual computer networks
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-012/28
H04L-012/24
H04L-012/715
H04L-012/713
H04L-012/751
G06F-009/455
H04L-029/08
H04J-001/16
출원번호
US-0952519
(2015-11-25)
등록번호
US-9998335
(2018-06-12)
발명자
/ 주소
Brandwine, Eric Jason
Miller, Kevin Christopher
Doane, Andrew J.
출원인 / 주소
Amazon Technologies, Inc.
대리인 / 주소
Kowert, Robert C.
인용정보
피인용 횟수 :
0인용 특허 :
62
초록▼
Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking de
Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network.
대표청구항▼
1. A non-transitory computer-readable storage medium having stored contents that cause one or more computing systems to at least: receive, by the one or more computing systems, information from a client that is for use in configuring a virtual computer network and that specifies interconnections bet
1. A non-transitory computer-readable storage medium having stored contents that cause one or more computing systems to at least: receive, by the one or more computing systems, information from a client that is for use in configuring a virtual computer network and that specifies interconnections between multiple computing nodes of the virtual computer network, the specified interconnections including a router device specified for the virtual computer network;provide, by the one or more computing systems, the configured virtual computer network for the client;emulate, by the one or more computing systems, functionality of the specified router device as a virtual router device for the virtual computer network, including obtaining one or more routing communications directed to a virtual network address of the virtual computer network that is associated with the virtual router device and including network routing information for the virtual computer network; andupdate, by the one or more computing systems and based on the network routing information included in the one or more routing communications, the specified interconnections of the provided virtual computer network to enable one or more additional communications to be forwarded between the multiple computing nodes in accordance with the updated specified interconnections. 2. The non-transitory computer-readable storage medium of claim 1 wherein the information received from the client is configuration information specifying a network topology for the virtual computer network that includes the specified router device, wherein the updating of the specified interconnections includes updating the specified network topology, and wherein the stored contents include software instructions that, when executed, further cause the one or more computing systems to emulate the updated network topology as part of forwarding the one or more additional communications between the multiple computing nodes. 3. The non-transitory computer-readable storage medium of claim 1 wherein the one or more routing communications are received from one or more remote computing nodes controlled by the client and use a defined network routing protocol, and wherein the obtaining of the one or more routing communications includes obtaining the one or more routing communications before they are forwarded over an underlying computer network on which the virtual computer network is overlaid. 4. The non-transitory computer-readable storage medium of claim 3 wherein the providing of the configured virtual computer network includes determining multiple virtual network addresses for use with the configured virtual computer network and assigning one of the multiple virtual network addresses to represent the virtual router device, wherein the one or more obtained routing communications are directed to the assigned one virtual network address, and wherein the stored contents include software instructions that, when executed, further cause the one or more computing systems to identify the one or more routing communications to obtain based at least in part on the one or more routing communications being directed to the assigned one virtual network address. 5. The non-transitory computer-readable storage medium of claim 3 wherein the updating of the specified interconnections includes modifying one or more routing paths used for forwarding communications between the multiple computing nodes, and wherein the stored contents include software instructions that, when executed, further cause the one or more computing systems to forward the one or more additional communications between the multiple computing nodes via an intermediate computing node that is added to one of the routing paths during the modifying. 6. The non-transitory computer-readable storage medium of claim 1 wherein the one or more computing systems are part of a configurable network service that provides multiple virtual computer networks to multiple remote clients using a plurality of computing nodes provided by the configurable network service, and wherein the providing of the configured virtual computer network for the client includes selecting the multiple computing nodes from the plurality of computing nodes and configuring the selected multiple computing nodes for use in the configured virtual computer network. 7. A computer-implemented method comprising: receiving, by one or more computing systems of a configurable network service, configuration information from a client that is for use in configuring a virtual computer network for the client and that specifies interconnections between multiple computing nodes of the virtual computer network, the configuration information indicating a router device of the virtual computer network;providing, by the one or more computing systems, the configured virtual computer network for the client;associating, by the one or more computing systems, a virtual IP (Internet Protocol) network address for the virtual computer network with a virtual router device that is provided by the configurable network service to represent the router device;emulating, by the one or more computing systems and during operation of the virtual computer network, functionality of the virtual router device, including obtaining one or more routing communications that are directed to the virtual IP network address for the virtual router device and that include network routing information for the virtual computer network; andupdating, by the one or more computing systems during operation of the virtual computer network, the configuration information for the provided virtual computer network based on the network routing information to enable one or more additional communications to be forwarded between the multiple computing nodes in accordance with the updated configuration information. 8. The computer-implemented method of claim 7 wherein the one or more computing systems are part of a configurable network service that provides multiple virtual computer networks to multiple remote clients and that further provides one or more programmatic interfaces for use by the multiple remote clients in providing configuration information for the multiple virtual computer networks, and wherein the receiving of the configuration information for the virtual computer network includes receiving one or more invocations of the one or more programmatic interfaces by an executing program of the client. 9. The computer-implemented method of claim 8 wherein the configurable network service further provides a plurality of computing nodes for use in providing the multiple virtual computer networks, and wherein the providing of the configured virtual computer network for the client includes selecting the multiple computing nodes from the plurality of computing nodes and configuring the selected multiple computing nodes for use in the configured virtual computer network, at least some of the selected multiple computing nodes each being a virtual machine hosted on one of multiple physical computing systems of the configurable network service. 10. The computer-implemented method of claim 7 wherein the one or more routing communications are received from one or more computing nodes external to the virtual computer network, and wherein the obtaining of the one or more routing communications includes obtaining the one or more routing communications before they are forwarded over an underlying computer network on which the virtual computer network is overlaid based at least in part on the one or more routing communications being directed to the virtual IP network address associated with the virtual router device for the virtual computer network. 11. The computer-implemented method of claim 7 wherein the configuration information specifies a network topology for the virtual computer network that includes the indicated router device, and wherein the updating of the configuration information includes updating the specified network topology. 12. The computer-implemented method of claim 11 wherein the specified network topology includes two logical sub-networks each having a subset of the multiple computing nodes, and wherein the method further comprises forwarding one of the additional communications between the two logical sub-networks, the forwarding including modifying the one additional communication to emulate changes to the one additional communication that would be made by the virtual router device if the virtual router device was physically provided and had forwarded the one additional communication. 13. The computer-implemented method of claim 12 wherein the network routing information included in the one or more routing communications identifies a third computing node as being located between the two logical sub-networks in the network topology of the virtual computer network, and wherein the forwarding of the one additional communication includes directing the one additional communication to a network location of the third computing node to enable the third computing node to further manage the one additional communication in a defined manner. 14. The computer-implemented method of claim 13 wherein the third computing node is configured to act as a firewall between the two logical sub-networks by preventing one or more indicated types of communications from traveling between the two logical sub-networks, and wherein the method further comprises initiating managing, by the third computing node, of the one additional communication in the defined manner by determining to prevent the one additional communication from being forwarded to the second computing node. 15. The computer-implemented method of claim 13 wherein the third computing node is configured to provide intrusion detection system functionality between the two logical sub-networks by preventing communications having one or more indicated types of contents from traveling between the two logical sub-networks, and wherein the method further comprises initiating managing, by the third computing node, of the one additional communication in the defined manner by preventing the one additional communication from being forwarded to the second computing node. 16. The computer-implemented method of claim 12 further comprising forwarding another of the additional communications between two computing nodes that are both in a single one of the two logical sub-networks without modifying the another additional communication to emulate changes that would be made by the virtual router device. 17. The computer-implemented method of claim 12 wherein the forwarding of the one additional communication includes emulating the updated network topology during the forwarding, and wherein the method further comprises forwarding, before the updating of the specified network topology, a further communication by emulating the network topology prior to the updating. 18. A system, comprising: one or more processors of one or more computing systems; andone or more memories with stored instructions that, when executed by at least one of the processors, cause the system to at least: receive configuration information that is for use in configuring a virtual computer network for a client and that specifies a virtual router device interconnecting multiple computing nodes of the virtual computer network;provide the configured virtual computer network for the client;emulate functionality of the virtual router device for the virtual computer network, and obtain one or more routing communications that are directed to a network address associated with the virtual router device and include network routing information for the virtual computer network; andupdate, in response to the network routing information included in the one or more routing communications, the configuration information for the provided virtual computer network to enable one or more additional communications to be forwarded between the multiple computing nodes via the virtual router device in accordance with the updated configuration information. 19. The system of claim 18 wherein the one or more routing communications are received from one or more computing nodes external to the virtual computer network, and wherein the obtaining of the one or more routing communications includes intercepting the one or more routing communications before they are forwarded to the virtual router device. 20. The system of claim 18 wherein the configuration information specifies a network topology for the virtual computer network that includes the virtual router device and at least two groups of the multiple computing nodes separated by the virtual router device, wherein the updating of the configuration information includes updating the specified network topology by changing a group to which one or more computing nodes belong, and wherein the stored instructions further cause the system to: forward, before the updating of the configuration information and as part of the emulating of the functionality of the virtual router device, one or more initial communications between the at least two groups by modifying the one or more initial communications in a manner that a physically provided router device would perform; andforward, after the updating of the configuration information and as part of the emulating of the functionality of the virtual router device, one or more of the additional communications in a manner based on the updated specified network topology.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (62)
Dugan Andrew J. ; McDysan David E., ATM virtual private networks.
Gelvin, David C.; Girod, Lewis D.; Kaiser, William J.; Merrill, William M.; Newberg, Fredric; Pottie, Gregory J.; Sipos, Anton I.; Vardhan, Sandeep, Apparatus for internetworked hybrid wireless integrated network sensors (WINS).
Ebrom, Matthew P.; Feldbruegge, Robert J.; Glotzbach, Mark E.; McCoy, Richard A.; Moes, Christopher S.; Whipple, Andrew D., Client for an appliance network.
Sullivan Mark K., Computer system having virtual circuit address altered by local computer to switch to different physical data link to increase data transmission bandwidth.
Garcia, Kelley K.; Hamilton, II, Rick A.; Newhook, Richard J.; Ramsey, Martin S.; Rangel, Raull; Seaman, James W., Creating and using secure communications channels for virtual universes.
Waters, Christopher; de Haaff, Brian; Lockhart, Andrew, Hosted searching of private local area network information with support for add-on applications.
Mukherjee,Sarit; Paul,Sanjoy; Rangarajan,Sampath; Takkallapalli,Anil, Method and apparatus for providing adaptive VPN to enable different security levels in virtual private networks (VPNs).
Bhavanam, Kotilingareddy; Suriyanarayanan, Muthukumar; Mandavilli, Swamy Jagannadha, Method and system for determining network topology of a virtual private network in multi protocol label switching (MPLS) based virtual private networks (VPNs).
Mandavilli, Swamy J.; Horner, Damian; Kuriakose, Anil A.; Menon, Sunil; Lamb, Richard David; Walding, Andrew; Odenwald, Joseph M., Method and system for managing network nodes which communicate via connectivity services of a service provider.
Larson, Victor; Short, III, Robert Dunham; Munger, Edmund Colby; Williamson, Michael, Method for establishing secure communication link between computers of virtual private network.
Guichard, James N.; Wainner, W. Scott; Weis, Brian E.; Khalid, Mohamed, Methods and apparatus for providing multiple policies for a virtual private network.
Chu, Thomas P.; Magee, Francis R.; Richman, Steven H., Methods and devices for converting routing data from one protocol to another in a virtual private network.
Khalid, Mohamed; Asati, Rajiv; Patil, Shashidhar P.; Akhter, Aamer, Methods and systems for dynamically updating a routing table in a virtual private network.
Ould Brahim,Hamid; Fedyk,Donald, Resource allocation using an auto-discovery mechanism for provider-provisioned layer-2 and layer-3 virtual private networks.
Mazarick, Michael E, System and method for initializing and maintaining a series of virtual local area networks contained in a clustered computer system.
Miller, Kevin Christopher; Brandwine, Eric Jason; Doane, Andrew J., Using virtual networking devices to manage routing communications between connected computer networks.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.