Using virtual networking devices to manage external connections

US 7,937,438 B1
Filed: 12/07/2009
Issued: 05/03/2011
Est. Priority Date: 12/07/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

under control of one or more computing systems of a configurable network service that provides virtual computer networks to remote customers, and for each of multiple remote customers,receiving configuration information from the customer for a virtual computer network provided for the customer by the configurable network service, the provided virtual computer network including multiple of a plurality of computing nodes provided by the configurable network service, the configuration information being received via a programmatic interface of the configurable network service and indicating network topology information for the provided virtual computer network and indicating multiple network addresses to use for the provided virtual computer network, the indicated network topology information specifying one or more network routers that each are indicated to be connected to one or more of the multiple computing nodes of the provided virtual computer network;

assigning one of the multiple network addresses to each of the specified network routers to enable communications to be directed over the virtual computer network to the specified network router; and

automatically providing the virtual computer network for the customer in accordance with the indicated network topology information by overlaying the virtual computer network on a distinct substrate network without physically providing the one or more specified network routers, the providing of the virtual computer network including;

forwarding multiple communications between the multiple computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more specified network routers if the one or more specified network routers were physically provided;

establishing a virtual private network (“

VPN”

) connection between the provided virtual computer network and a remote computer network of the customer, the remote computer network including multiple computing systems and including one or more physical network router devices and being located at one or more geographical locations distinct from a geographical location of the substrate network;

after the forwarding of the multiple communications, receiving one or more routing communications via the established VPN connection that are each directed to at least one of the specified network routers and include network routing information for the remote computer network of the customer that is specified in accordance with a predefined network routing protocol, the one or more routing communications being sent by at least one of the one or more physical network router devices of the remote computer network;

updating the network topology information for the virtual computer network based on the established VPN connection and on the specified network routing information included in the received one or more routing communications; and

after the updating of the network topology information, forwarding one or more additional communications from the multiple computing nodes of the provided virtual computer network over the established VPN connection to the remote computer network of the customer in accordance with the updated network topology information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing managed virtual computer networks that may have a configured logical network topology with one or more virtual networking devices, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. In some situations, the emulating of networking device functionality includes receiving routing communications directed to the networking devices and using included routing information to update the configured network topology for the managed computer network. In addition, the techniques may further include supporting interactions with devices that are external to the virtual computer network, including remote physical networking devices that are part of a remote computer network configured to interoperate with the virtual computer network, and/or specialized network devices that are accessible via a substrate network on which the virtual computer network is overlaid.

528 Citations

25 Claims

1. A computer-implemented method comprising:
- under control of one or more computing systems of a configurable network service that provides virtual computer networks to remote customers, and for each of multiple remote customers,receiving configuration information from the customer for a virtual computer network provided for the customer by the configurable network service, the provided virtual computer network including multiple of a plurality of computing nodes provided by the configurable network service, the configuration information being received via a programmatic interface of the configurable network service and indicating network topology information for the provided virtual computer network and indicating multiple network addresses to use for the provided virtual computer network, the indicated network topology information specifying one or more network routers that each are indicated to be connected to one or more of the multiple computing nodes of the provided virtual computer network;
  
  assigning one of the multiple network addresses to each of the specified network routers to enable communications to be directed over the virtual computer network to the specified network router; and
  
  automatically providing the virtual computer network for the customer in accordance with the indicated network topology information by overlaying the virtual computer network on a distinct substrate network without physically providing the one or more specified network routers, the providing of the virtual computer network including;
  
  forwarding multiple communications between the multiple computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more specified network routers if the one or more specified network routers were physically provided;
  
  establishing a virtual private network (“
  
  VPN”
  
  ) connection between the provided virtual computer network and a remote computer network of the customer, the remote computer network including multiple computing systems and including one or more physical network router devices and being located at one or more geographical locations distinct from a geographical location of the substrate network;
  
  after the forwarding of the multiple communications, receiving one or more routing communications via the established VPN connection that are each directed to at least one of the specified network routers and include network routing information for the remote computer network of the customer that is specified in accordance with a predefined network routing protocol, the one or more routing communications being sent by at least one of the one or more physical network router devices of the remote computer network;
  
  updating the network topology information for the virtual computer network based on the established VPN connection and on the specified network routing information included in the received one or more routing communications; and
  
  after the updating of the network topology information, forwarding one or more additional communications from the multiple computing nodes of the provided virtual computer network over the established VPN connection to the remote computer network of the customer in accordance with the updated network topology information.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 wherein the virtual computer networks provided to the multiple remote customers are overlaid on a single common substrate network, wherein the common substrate network includes one or more network devices that are each configured to provide a particular type of functionality for handling network communications, wherein one of the virtual computer networks provided to one of the remote customers is configured to use an indicated type of functionality to handle at least some network communications for the one virtual computer network, and wherein the forwarding of the multiple communications between the multiple computing nodes of the one virtual computer network over the substrate network includes forwarding one or more of the multiple communications to one of the network devices included in the common substrate network that provides the indicated type of functionality.
  - 3. The method of claim 2 wherein the configurable network service is a fee-based service that is accessible to the remote customers via public networks and that provides the virtual computer networks using cloud computing techniques, and wherein the multiple remote customers provide payment to the configurable network service for the virtual computer networks provided by the configurable network service.

4. A computer-implemented method comprising:
- under control of one or more computing systems of a configurable network service provided by a first entity and that provides virtual computer networks to clients,receiving one or more requests to provide a first virtual computer network for a first client in accordance with specified configuration information, the configuration information indicating one or more specified networking devices of the first virtual computer network that interconnect multiple computing nodes of the first virtual computer network; and
  
  automatically providing the first virtual computer network in accordance with the configuration information by overlaying the first virtual computer network on a distinct substrate network without physically providing the one or more specified networking devices, the multiple computing nodes being connected to the substrate network, the providing of the first virtual computer network including;
  
  forwarding multiple communications between the multiple computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more specified networking devices if the one or more specified networking devices were physically provided;
  
  establishing a connection between the first virtual computer network and multiple computing systems of the first client that are external to the first virtual computer network and under control of a second entity distinct from the first entity;
  
  after the forwarding of the multiple communications, receiving one or more routing communications via the established connection that are each directed to at least one of the specified networking devices and include network routing information that is specified in accordance with a predefined network routing protocol, the one or more routing communications being sent by at least one device associated with the multiple computing systems and including information related to the multiple computing systems;
  
  updating the configuration information for the first virtual computer network based on the established connection and the specified network routing information included in the received one or more routing communications; and
  
  after the updating of the configuration information, forwarding one or more additional communications from one or more of the multiple computing nodes over the established connection to one or more of the multiple computing systems in accordance with the updated configuration information.
- View Dependent Claims (5, 6, 7, 8, 9, 10)
- - 5. The method of claim 4 wherein the multiple computing systems are part of a remote computer network of the first client, wherein the at least one device that sends the one or more routing communications includes one or more physical networking devices that are part of the remote computer network, and wherein the network routing information included in the one or more routing communications is routing information for the remote computer network.
  - 6. The method of claim 5 wherein the established connection is a virtual private network (“
    - VPN”
      
      ) connection, wherein the multiple computing systems of the remote computer network are located at one or more geographical locations that are distinct from one or more other geographical locations at which the multiple computing nodes of the first virtual computer network are located, and wherein the second entity is the first client.
  - 7. The method of claim 4 wherein the specified configuration information includes indications of some of the multiple computing systems, wherein the network routing information included in the one or more routing communications indicates information about other of the multiple computing systems that are distinct from the some computing systems, and wherein the one or more computing systems to which the additional communications are forwarded are the other computing systems.
  - 8. The method of claim 4 wherein the receiving of the one or more routing communications includes intercepting the one or more routing communications before the one or more routing communications are forwarded over the substrate network, and inhibiting forwarding of the intercepted routing communications to the at least one specified networking device to which the intercepted routing communications are directed.
  - 9. The method of claim 4 wherein the configurable network service provides a plurality of computing nodes for use in provided virtual computer networks, wherein the configurable network service further provides multiple other virtual computer networks distinct from the first virtual computer network to multiple other clients, wherein each of the multiple other virtual computer networks include a distinct subset of multiple of the plurality of computing nodes, wherein communications sent between the plurality of computing nodes for the multiple other virtual computer networks and for the first virtual computer network are transmitted on the substrate network and are encoded to use information specific to the substrate network during transmission, and wherein the configurable network service provides multiple modules that manage communications between the plurality of computing nodes by modifying outgoing communications from the plurality of computing nodes to be encoded with the information specific to the substrate network before transmission over the substrate network and by modifying incoming communications to the plurality of computing nodes to remove the encoded information specific to the substrate network after the transmission over the substrate network.
  - 10. The method of claim 4 wherein the multiple computing nodes are each a virtual machine hosted on one of multiple physical computing systems of the configurable network service, wherein the providing of the first virtual computer network includes configuring one or more virtual machine communication manager modules that execute on one or more of the physical computing systems to manage communications for the hosted virtual machines, and wherein the updating of the configuration information for the first virtual computer network and the forwarding of the one or more additional communications are performed dynamically while the first virtual computer network is operational and without stopping use of the first virtual computer network based at least in part on management of communications by the virtual machine communication manager modules.

11. A non-transitory computer-readable storage medium whose stored contents configure a computing system of a configurable network service to perform a method, the method comprising:
- under control of the configured computing system of the configurable network service, the configurable network service being operated by a first entity and providing virtual computer networks to clients,receiving one or more requests to provide a first virtual computer network for a first client in accordance with specified configuration information, the configuration information indicating one or more specified networking devices of the first virtual computer network that interconnect multiple computing nodes of the first virtual computer network; and
  
  automatically providing the first virtual computer network in accordance with the configuration information by overlaying the first virtual computer network on a distinct substrate network without physically providing the one or more specified networking devices, the multiple computing nodes being connected to the substrate network, the providing of the first virtual computer network including;
  
  forwarding multiple communications between the multiple computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more specified networking devices if the one or more specified networking devices were physically provided;
  
  establishing a connection between the first virtual computer network and multiple computing systems of the first client that are external to the first virtual computer network and under control of a second entity distinct from the first entity;
  
  after the forwarding of the multiple communications, receiving one or more routing communications via the established connection that are each directed to at least one of the specified networking devices and include network routing information that is specified in accordance with a predefined network routing protocol, the one or more routing communications being sent by at least one device associated with the multiple computing systems and including information related to the multiple computing systems;
  
  updating the configuration information for the first virtual computer network based on the established connection and the specified network routing information included in the received one or more routing communications; and
  
  after the updating of the configuration information, forwarding one or more additional communications from one or more of the multiple computing nodes over the established connection to one or more of the multiple computing systems in accordance with the updated configuration information.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The non-transitory computer-readable storage medium of claim 11 wherein the multiple computing systems are part of a remote computer network of the first client, wherein the at least one device that sends the one or more routing communications includes one or more physical networking devices that are part of the remote computer network, and wherein the network routing information included in the one or more routing communications is routing information for the remote computer network.
  - 13. The non-transitory computer-readable storage medium of claim 12 wherein the established connection is a virtual private network (“
    - VPN”
      
      ) connection, wherein the multiple computing systems of the remote computer network are located at one or more geographical locations that are distinct from one or more other geographical locations at which the multiple computing nodes of the first virtual computer network are located, and wherein the second entity is the first client.
  - 14. The non-transitory computer-readable storage medium of claim 11 wherein the specified configuration information includes indications of some of the multiple computing systems, wherein the network routing information included in the one or more routing communications indicates information about other of the multiple computing systems that are distinct from the some computing systems, and wherein the one or more computing systems to which the additional communications are forwarded are the other computing systems.
  - 15. The non-transitory computer-readable storage medium of claim 11 wherein the receiving of the one or more routing communications includes intercepting the one or more routing communications before the one or more routing communications are forwarded over the substrate network, and inhibiting forwarding of the intercepted routing communications to the at least one specified networking device to which the intercepted routing communications are directed.
  - 16. The non-transitory computer-readable storage medium of claim 11 wherein the configurable network service provides a plurality of computing nodes for use in provided virtual computer networks, wherein the configurable network service further provides multiple other virtual computer networks distinct from the first virtual computer network to multiple other clients, wherein each of the multiple other virtual computer networks include a distinct subset of multiple of the plurality of computing nodes, wherein communications sent between the plurality of computing nodes for the multiple other virtual computer networks and for the first virtual computer network are transmitted on the substrate network and are encoded to use information specific to the substrate network during transmission, and wherein the configurable network service provides multiple modules that manage communications between the plurality of computing nodes by modifying outgoing communications from the plurality of computing nodes to be encoded with the information specific to the substrate network before transmission over the substrate network and by modifying incoming communications to the plurality of computing nodes to remove the encoded information specific to the substrate network after the transmission over the substrate network.
  - 17. The non-transitory computer-readable storage medium of claim 11 wherein the multiple computing nodes are each a virtual machine hosted on one of multiple physical computing systems of the configurable network service, wherein the providing of the first virtual computer network includes configuring one or more virtual machine communication manager modules that execute on one or more of the physical computing systems to manage communications for the hosted virtual machines, and wherein the updating of the configuration information for the first virtual computer network and the forwarding of the one or more additional communications are performed dynamically while the first virtual computer network is operational and without stopping use of the first virtual computer network based at least in part on management of communications by the virtual machine communication manager modules.
  - 18. The non-transitory computer-readable storage medium of claim 11 wherein the computer-readable medium is a memory of the configured computing system, and wherein the contents are instructions that when executed program the configured computing system to perform the method.

19. A computing system, comprising:
- one or more processors; and
  
  a manager module of a configurable network service being provided by a first entity, the configurable network service providing virtual computer networks to clients, the manager module being configured to, when executed by at least one of the processors;
  
  receive one or more requests to provide a first virtual computer network for a first client in accordance with specified configuration information, the configuration information indicating one or more specified networking devices of the first virtual computer network that interconnect multiple computing nodes of the first virtual computer network; and
  
  automatically provide the first virtual computer network in accordance with the configuration information by overlaying the first virtual computer network on a distinct substrate network without physically providing the one or more specified networking devices, the multiple computing nodes being connected to the substrate network, the providing of the first virtual computer network including;
  
  forwarding multiple communications between the multiple computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more specified networking devices if the one or more specified networking devices were physically provided;
  
  establishing a connection between the first virtual computer network and multiple computing systems of the first client that are external to the first virtual computer network and under control of a second entity distinct from the first entity;
  
  after the forwarding of the multiple communications, receiving one or more routing communications via the established connection that are each directed to at least one of the specified networking devices and include network routing information that is specified in accordance with a predefined network routing protocol, the one or more routing communications being sent by at least one device associated with the multiple computing systems and including information related to the multiple computing systems;
  
  updating the configuration information for the first virtual computer network based on the established connection and the specified network routing information included in the received one or more routing communications; and
  
  after the updating of the configuration information, forwarding one or more additional communications from one or more of the multiple computing nodes over the established connection to one or more of the multiple computing systems in accordance with the updated configuration information.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The computing system of claim 19 wherein the multiple computing systems are part of a remote computer network of the first client, wherein the at least one device that sends the one or more routing communications includes one or more physical networking devices that are part of the remote computer network, and wherein the network routing information included in the one or more routing communications is routing information for the remote computer network.
  - 21. The computing system of claim 20 wherein the established connection is a virtual private network (“
    - VPN”
      
      ) connection, wherein the multiple computing systems of the remote computer network are located at one or more geographical locations that are distinct from one or more other geographical locations at which the multiple computing nodes of the first virtual computer network are located, and wherein the second entity is the first client.
  - 22. The computing system of claim 19 wherein the specified configuration information includes indications of some of the multiple computing systems, wherein the network routing information included in the one or more routing communications indicates information about other of the multiple computing systems that are distinct from the some computing systems, and wherein the one or more computing systems to which the additional communications are forwarded are the other computing systems.
  - 23. The computing system of claim 19 wherein the receiving of the one or more routing communications includes intercepting the one or more routing communications before the one or more routing communications are forwarded over the substrate network, and inhibiting forwarding of the intercepted routing communications to the at least one specified networking device to which the intercepted routing communications are directed.
  - 24. The computing system of claim 19 wherein the configurable network service provides a plurality of computing nodes for use in provided virtual computer networks, wherein the configurable network service further provides multiple other virtual computer networks distinct from the first virtual computer network to multiple other clients, wherein each of the multiple other virtual computer networks include a distinct subset of multiple of the plurality of computing nodes, wherein communications sent between the plurality of computing nodes for the multiple other virtual computer networks and for the first virtual computer network are transmitted on the substrate network and are encoded to use information specific to the substrate network during transmission, wherein the configurable network service provides multiple modules other than the manager module that manage communications between the plurality of computing nodes by modifying outgoing communications from the plurality of computing nodes to be encoded with the information specific to the substrate network before transmission over the substrate network and by modifying incoming communications to the plurality of computing nodes to remove the encoded information specific to the substrate network after the transmission over the substrate network, and wherein the manager module and the multiple other modules each includes software instructions for execution by the one or more processors.
  - 25. The computing system of claim 19 wherein the multiple computing nodes are each a virtual machine hosted on one of multiple physical computing systems of the configurable network service, wherein the providing of the first virtual computer network includes configuring one or more virtual machine communication manager modules that execute on one or more of the physical computing systems to manage communications for the hosted virtual machines, and wherein the updating of the configuration information for the first virtual computer network and the forwarding of the one or more additional communications are performed dynamically while the first virtual computer network is operational and without stopping use of the first virtual computer network based at least in part on management of communications by the virtual machine communication manager modules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Brandwine, Eric Jason, Miller, Kevin Christopher, Doane, Andrew J.
Primary Examiner(s)
NGUYEN, THANH T

Application Number

US12/632,696
Time in Patent Office

512 Days
Field of Search

709/203, 709/224, 709/200, 709/253, 340/539, 370/95.3
US Class Current

709/203
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/0813   characterised by the condit...

H04L 41/12   Discovery or management of ...

H04L 41/122   of virtualised topologies, ...

H04L 41/40   using virtualisation of net...

H04L 45/00   Routing or path finding of ...

H04L 45/02   Topology update or discovery

Using virtual networking devices to manage external connections

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

528 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Using virtual networking devices to manage external connections

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

528 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links