External health checking of virtual private cloud network environments

US 10,516,590 B2
Filed: 05/31/2018
Issued: 12/24/2019
Est. Priority Date: 08/23/2016
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more computing devices external to a virtual private cloud network environment (VPC), the VPC including a target computing device and an endpoint arranged within a virtualized local area network generated by a substrate network hosting the VPC, wherein the one or more computing devices external to the VPC are configured with computer-executable instructions to;

generate health check data to transmit to a target computing device within the VPC; and

transmit the health check data on the substrate network to the endpoint of the VPC; and

one or more computing devices implementing the endpoint of the VPC, wherein the one or more computing devices implementing the endpoint of the VPC are configured with computer-executable instructions to;

modify the health check data to designate the endpoint as a source of the health check data;

transmit the health check data to the target computing device within the VPC;

obtain information responsive to transmission of the health check data; and

transmit the information responsive to the health check data to the one or more computing devices external to the VPC.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described to enable health checking of computing devices within a virtual private cloud (VPC) networking environment, without requiring that the devices be accessible via a public network address. An endpoint is placed within the VPC, which enables interaction with an external health checking system via a substrate network. The endpoint handles communications between the heath checking system and the VPC, and can modify data originating from the health checking system such that it appears to originate from the endpoint. From the viewpoint of the VPC, the endpoint itself may appear to be conducting health checking. Thus, external health checking can be used on a VPC without compromising the security of the VPC by requiring that a portion of the VPC be externally addressable.

1510 Citations

20 Claims

1. A system comprising:
- one or more computing devices external to a virtual private cloud network environment (VPC), the VPC including a target computing device and an endpoint arranged within a virtualized local area network generated by a substrate network hosting the VPC, wherein the one or more computing devices external to the VPC are configured with computer-executable instructions to;
  
  generate health check data to transmit to a target computing device within the VPC; and
  
  transmit the health check data on the substrate network to the endpoint of the VPC; and
  
  one or more computing devices implementing the endpoint of the VPC, wherein the one or more computing devices implementing the endpoint of the VPC are configured with computer-executable instructions to;
  
  modify the health check data to designate the endpoint as a source of the health check data;
  
  transmit the health check data to the target computing device within the VPC;
  
  obtain information responsive to transmission of the health check data; and
  
  transmit the information responsive to the health check data to the one or more computing devices external to the VPC.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the VPC is configured to deny requests to communicate with the target computing device that originate external to the VPC.
  - 3. The system of claim 1, wherein the information responsive to the health check data is at least one of a response from the target computing device or an indication that no response has been received from the target virtual computing device.
  - 4. The system of claim 1, wherein the health check data is transmitted on the substrate network to the endpoint of the VPC by addressing the health check data to a network address of the one or more computing device implementing the endpoint on the substrate network, and wherein the health check data is transmitted to the target computing device within the VPC by addressing the target computing device using a private network address of the VPC.
  - 5. The system of claim 1, wherein the one or more computing devices external to the VPC are further configured with computer-executable instructions to:
    - determine, based at least in part on the information responsive to the health check data, that the target computing device is unhealthy; and
      
      transmit to the endpoint a notification to a domain name system (DNS) server associated with the VPC that the target computing device is unhealthy; and
      
      wherein the one or more computing device implementing the endpoint of the VPC are further configured with computer-executable instructions to;
      
      obtain the notification from the one or more computing devices external to the VPC;
      
      transmit the notification to the DNS server.

6. Non-transitory computer-readable media comprising computer instructions executable on an endpoint computing device within a virtual private cloud network environment (VPC), the VPC including the endpoint and a target computing device arranged within a virtualized local area network that is generated by a substrate network hosting the VPC, wherein the computer instructions, when executed on the endpoint computing device, cause the endpoint to:
- obtain health check data generated at a health check system external to the VPC and routed to the endpoint computing device via the substrate network;
  
  modify the health check data to designate the endpoint computing device as a source of the health check data;
  
  transmit, within the VPC, the health check data from the endpoint computing device to the target computing device;
  
  obtain information responsive to the health check data; and
  
  route the information responsive to the health check data, on the substrate network, from the endpoint to the health check system external to the VPC.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The non-transitory computer-readable media of claim 6, wherein the target virtual computing device is identified by a private domain name within the VPC, and wherein the computer instructions further cause the endpoint to:
    - obtain, from the health check system, a request to resolve the private domain name;
      
      transmit the request to a domain name system (DNS) server associated with the VPC;
      
      obtain a response to the request, the response indicating a network address of the target virtual computing device; and
      
      return the network address to the health check system.
  - 8. The non-transitory computer-readable media of claim 6, wherein the computer instructions further cause the endpoint to:
    - obtain, on the substrate network, a notification from the health check system to a domain name system (DNS) server associated with the VPC that the target computing device is unhealthy; and
      
      forward, within the VPC, the notification to the DNS server.
  - 9. The non-transitory computer-readable media of claim 6, wherein the media further comprises computer instructions executable on the health check system to generate the health check data.
  - 10. The non-transitory computer-readable media of claim 6, wherein the health check data is formatted according to at least one of the Hypertext Transport Protocol (HTTP) or Internet Control Message Protocol (ICMP).
  - 11. The non-transitory computer-readable media of claim 6, wherein the computer instructions further cause the endpoint to modify the health check data to designate the endpoint computing device as the source of the health check data at least partly by replacing an address of the health check system within the health check data with an address of the endpoint.
  - 12. The non-transitory computer-readable media of claim 11, wherein the address of the endpoint is an internal address of the VPC.

13. A method implemented on an endpoint computing device within a virtual private cloud network environment (VPC), the VPC including the endpoint computing device and a target computing device arranged within a virtualized local area network that is generated by a substrate network hosting the VPC, wherein the method comprises:
- obtaining health check data generated at a health check system external to the VPC and routed to the endpoint via the substrate network;
  
  modifying the health check data to designate the endpoint computing device as a source of the health check data;
  
  transmitting, within the VPC, the health check data from the endpoint computing device to the target computing device;
  
  obtaining information responsive to the health check data; and
  
  routing the information responsive to the health check data, on the substrate network, from the endpoint computing device to the health check system external to the VPC.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein the target virtual computing device is identified by a private domain name within the VPC, and wherein the method further comprises:
    - obtaining, from the health check system, a request to resolve the private domain name;
      
      transmitting the request to a domain name system (DNS) server associated with the VPC;
      
      obtaining a response to the request, the response indicating a network address of the target virtual computing device; and
      
      returning the network address to the health check system.
  - 15. The method of claim 13 further comprising:
    - obtaining, on the substrate network, a notification from the health check system to a domain name system (DNS) server associated with the VPC that the target computing device is unhealthy; and
      
      forwarding, within the VPC, the notification to the DNS server.
  - 16. The method of claim 13, wherein modifying the health check data to designate the endpoint computing device as the source of the health check data comprises replacing an address of the health check system within the health check data with an address of the endpoint.

17. A system comprising:
- one or more computing devices implementing an endpoint within a virtual private cloud network environment (VPC), the VPC including the endpoint and a target computing device arranged within a virtualized local area network that is generated by a substrate network hosting the VPC, wherein the one or more computing devices are configured with computer-executable instructions to;
  
  obtain health check data generated at a health check system external to the VPC and routed to the endpoint via the substrate network;
  
  modify the health check data to designate the endpoint as a source of the health check data;
  
  transmit, within the VPC, the health check data from the endpoint computing device to the target computing device;
  
  obtain a response from the target computing device; and
  
  route the response, on the substrate network, from the endpoint to the health check system external to the VPC.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the target virtual computing device is identified by a private domain name within the VPC, and wherein the one or more computing devices are further configured with computer-executable instructions to:
    - obtain, from the health check system, a request to resolve the private domain name;
      
      transmit the request to a domain name system (DNS) server associated with the VPC;
      
      obtain a response to the request, the response indicating a network address of the target virtual computing device; and
      
      return the network address to the health check system.
  - 19. The system of claim 17, wherein the one or more computing devices are further configured with computer-executable instructions to:
    - obtain, on the substrate network, a notification from the health check system to a domain name system (DNS) server associated with the VPC that the target computing device is unhealthy; and
      
      forward, within the VPC, the notification to the DNS server.
  - 20. The system of claim 17 further comprising one or more computing devices implementing the health check system, wherein the one or more computing devices implementing the health check system are configured with computer-executable instructions to:
    - generate the health check data; and
      
      transmit the health check data to the endpoint via the substrate network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Mizik, Andrey, Zen, Lee-Ming, Kaplin, Pavlo, Gu, Yu, Lai, Minli
Primary Examiner(s)
Kim, Hee Soo

Application Number

US15/994,631
Publication Number

US 20180287916A1
Time in Patent Office

572 Days
Field of Search

709224-226
US Class Current
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 43/0817   by checking functioning

H04L 43/10   Active monitoring, e.g. hea...

H04L 43/20   the monitoring system or th...

H04L 67/10   in which an application is ...

External health checking of virtual private cloud network environments

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

1510 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

External health checking of virtual private cloud network environments

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1510 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others