SYSTEM AND METHOD FOR DISTRIBUTED LOAD BALANCING WITH DISTRIBUTED DIRECT SERVER RETURN

US 20140359698A1
Filed: 08/18/2014
Published: 12/04/2014
Est. Priority Date: 06/23/2011
Status: Active Grant

First Claim

Patent Images

1. A system for distributed load balancing, comprising:

a plurality of host computers coupled through a network, the host computers including an ingress host, an egress host, and a plurality of server hosts;

a configuration data store accessible through said network, wherein the configuration data store stores configuration information that specifies one-to-one relationships between communication ports of the plurality of host computers and network addresses serviced by the ingress host;

wherein the ingress host is configured to receive a request packet sent by a remote client to an original destination address serviced by the ingress host;

select according to a load balancing protocol, a server host for processing the request packet;

evaluate the configuration information to identify a port of the selected server host that corresponds to the original destination address; and

send the request packet to the identified port of the selected server host, wherein the request packet specifies the remote client'"'"'s network address as a source;

wherein the selected server host is configured to receive the request packet on the port identified by the ingress host;

identify the original destination address in response to comparing the port on which request packet was received to said configuration information;

evaluate the remote client'"'"'s network address from the request packet against an access control policy;

generate a response packet that includes the remote client'"'"'s network address as a source and the network address of the egress host as a destination;

evaluate the configuration information to determine a port of the egress host that corresponds to the original destination address of the request packet, and send the response packet to the identified port of the egress host;

wherein the egress host is configured to receive the response packet on the port identified by the selected server host, identify the original destination address of the request packet by comparing the port one which the response packet is received to the configuration information, modify the response packet such that the original destination address is specified as the source of the response packet, and send the response packet to the remote client.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments may include a load balancer that receives a request packet sent by a remote client to an original destination address of multiple network addresses serviced by the load balancer, and selects according to a load balancing protocol, a host computer of a plurality of host computers to process the request. The load balancer may, from among a plurality of ports on the selected host computer, select a particular port having a one-to-one association with the original destination address, the association specified by mapping information accessible to the load balancer, and send the request packet to the selected port on the selected host computer. The mapping information accessible to the selected host computer specifies a one-to-one association between the selected port and the original destination address. Sending the request packet to the selected port conveys that address to the selected server without that address being included in that packet.

Citations

19 Claims

1. A system for distributed load balancing, comprising:
- a plurality of host computers coupled through a network, the host computers including an ingress host, an egress host, and a plurality of server hosts;
  
  a configuration data store accessible through said network, wherein the configuration data store stores configuration information that specifies one-to-one relationships between communication ports of the plurality of host computers and network addresses serviced by the ingress host;
  
  wherein the ingress host is configured to receive a request packet sent by a remote client to an original destination address serviced by the ingress host;
  
  select according to a load balancing protocol, a server host for processing the request packet;
  
  evaluate the configuration information to identify a port of the selected server host that corresponds to the original destination address; and
  
  send the request packet to the identified port of the selected server host, wherein the request packet specifies the remote client'"'"'s network address as a source;
  
  wherein the selected server host is configured to receive the request packet on the port identified by the ingress host;
  
  identify the original destination address in response to comparing the port on which request packet was received to said configuration information;
  
  evaluate the remote client'"'"'s network address from the request packet against an access control policy;
  
  generate a response packet that includes the remote client'"'"'s network address as a source and the network address of the egress host as a destination;
  
  evaluate the configuration information to determine a port of the egress host that corresponds to the original destination address of the request packet, and send the response packet to the identified port of the egress host;
  
  wherein the egress host is configured to receive the response packet on the port identified by the selected server host, identify the original destination address of the request packet by comparing the port one which the response packet is received to the configuration information, modify the response packet such that the original destination address is specified as the source of the response packet, and send the response packet to the remote client.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the request and response packets are part of handshake protocol for establishing a connection between the remote client and the selected server host.
  - 3. The system of claim 2, wherein the connection is a cryptographically-protected connection that adheres to a security protocol.
  - 4. The system of claim 3, wherein the selected host server is a server-side endpoint for the cryptographically-protected connection.

5. A system, comprising:
- a memory; and
  
  one or more processors coupled to the memory, wherein the memory comprises program instructions executable by the one or more processors to implement a load balancer configured to;
  
  receive a request packet sent by a remote client to an original destination address of multiple network addresses serviced by the load balancer;
  
  select according to a load balancing protocol, a host computer of a plurality of host computers to process the request;
  
  from among a plurality of ports on the selected host computer, select a particular port having a one-to-one association with the original destination address, the association specified by mapping information accessible to the load balancer; and
  
  send the request packet to the selected port on the selected host computer, wherein mapping information accessible to the selected host computer specifies a one-to-one association between the selected port and the original destination address, wherein sending the request packet to the selected port conveys the original destination address to the selected server without the original destination address being included in information of that request packet.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 15)
- - 6. The system of claim 5, wherein the system further comprises the selected host computer, wherein the selected host computer is a server host configured to:
    - receive the request packet sent by the load balancer on the selected port;
      
      evaluate mapping information to identify a one-to-one association between the port on which the server host receives the request packet and the original destination address; and
      
      send a response packet to the remote client from the server host, the response packet specifying the original destination address as the source of the response packet, wherein the original destination address is not a network address of the server host.
  - 7. The system of claim 6, wherein the request packet includes the remote client'"'"'s network address when received by the server host, wherein processing of the request packet by the server host is dependent upon the server host validating the remote client'"'"'s network address against an access control policy.
  - 8. The system of claim 6, wherein the request and response packets are part of handshake protocol for establishing a cryptographically-protected connection between the remote client and the server host, wherein the server host is a server-side endpoint for the cryptographically-protected connection.
  - 9. The system of claim 5, wherein the system further comprises the selected host computer, wherein the selected host computer is a server host configured to:
    - receive the request packet sent by the load balancer on the selected port;
      
      evaluate mapping information to identify a one-to-one association between the port on which the server host receives the request packet and the original destination address;
      
      evaluate mapping information to identify a one-to-one association between the original destination address and a specific port of an egress host;
      
      send a response packet to the egress host on the specific port of the egress host.
  - 10. The system of claim 9, wherein the system further comprises the egress host, wherein the egress host is configured to:
    - receive the response packet from the server host on the specific port;
      
      evaluate mapping information to identify a one-to-one association between the port on which the egress host receives the response packet and the original destination address;
      
      send the response packet to the remote client from the egress host, the response packet specifying the original destination address as the source of the response packet, wherein the original destination address is not a network address of the egress host.
  - 11. The system of claim 5, wherein said mapping information is stored within a network-accessible configuration data store, wherein the plurality of host computers evaluated by the load balancer with the load balancing protocol each provide respective mapping information within the configuration data store, wherein the mapping information for a given host computer specifies one-to-one relationships between communication ports of that host computer and the multiple network addresses serviced by the load balancer.
  - 12. The system of claim 5, wherein the request packet is associated with the remote client establishing a connection with the selected host computer;
    - wherein the load balancer is configured to, subsequent to selecting that host computer according to the load balancing protocol, create an entry within a forwarding table that indicates packets received from that particular remote client are to be forwarded to the selected host computer.
  - 13. The system of claim 12, wherein the load balancer is configured to receive an additional packet from the remote client, and forward the additional packet to the selected host computer in accordance with the forwarding table and without applying the load balancing protocol to the additional packet.
  - 15. The system of claim 5, wherein the request packet traverses a network path from the load balancer to the selected host computer, the network path including at least one Internet Protocol (IP) router.

14. The system of 5, wherein the request packet is a packet for establishing a connection according to a transport layer protocol.

16. A computer-implemented method, comprising;
- receiving a request packet into a network region comprising multiple host computers, the request packet sent from a remote client to a first network address of multiple network addresses that route to the network region;
  
  selecting according to a load balancing protocol, one of the host computers for processing the request packet;
  
  sending the request packet to the selected host computer on a specific port of the selected host computer, the specific port having a one-to-one association with the first network address;
  
  said association specified by mapping information that indicates one-to-one relationships between communication ports of the selected host computer and the multiple network addresses that route to the network region;
  
  receiving the request packet on the selected host computer, wherein information of the request packet does not specify the first network address to which the request packet was sent by the remote client; and
  
  subsequent to determining the first network address by comparing the port on which the selected host computer receives the request packet to the mapping information, sending a response packet to the remote client, the response packet indicating the first network address as the source of the response packet.
- View Dependent Claims (17, 18)
- - 17. The computer-implemented method of claim 16, wherein the request packet and the response packet establish a connection between the remote client and the selected host computer;
    - wherein the method comprises, within a forwarding table stored in data store accessible to the load balancer, generating an entry that specifies that an active connection exists between the remote client and the selected host computer.
  - 18. The computer-implemented method of claim 17, wherein the method comprises:
    - subsequent to receiving an additional packet from the remote client, evaluating the forwarding table to determine whether an active connection exists between the remote client and one of the host computers; and
      
      in response to identifying the entry that specifies the active connection between the remote client and the selected host computer, forward the additional packet to the selected host computer without applying the load balancing protocol to the additional packet.

19-24. -24. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
SORENSON, JAMES CHRISTOPHER III, Salyers, David Carl

Granted Patent

US 10,027,712 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 12/28   characterised by path confi...

H04L 12/66   Arrangements for connecting...

H04L 45/00   Routing or path finding of ...

H04L 47/00   Traffic control in data swi...

H04L 47/70   Admission control; Resource...

H04L 47/726   Reserving resources in mult...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/20   for managing network securi...

H04L 67/1008   based on parameters of serv...

H04L 67/1017   based on a round robin mech...

SYSTEM AND METHOD FOR DISTRIBUTED LOAD BALANCING WITH DISTRIBUTED DIRECT SERVER RETURN

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR DISTRIBUTED LOAD BALANCING WITH DISTRIBUTED DIRECT SERVER RETURN

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links