Using virtual networking devices to manage routing communications between connected computer networks

US 7,953,865 B1
Filed: 12/28/2009
Issued: 05/31/2011
Est. Priority Date: 12/28/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

under control of one or more computing systems of a configurable network service that provides virtual computer networks to remote customers,receiving first configuration information from a first customer for a first virtual computer network provided for the first customer by the configurable network service, the provided first virtual computer network including multiple first computing nodes from a plurality of computing nodes provided by the configurable network service, the first configuration information being received via a programmatic interface of the configurable network service and indicating first network topology information for the provided first virtual computer network that specifies one or more first network routers that each are indicated to be connected to one or more of the multiple first computing nodes of the provided first virtual computer network;

receiving second configuration information from a second customer for a second virtual computer network provided for the second customer by the configurable network service, the provided second virtual computer network including multiple distinct second computing nodes from the plurality of computing nodes provided by the configurable network service, the second configuration information being received via the programmatic interface of the configurable network service and indicating second network topology information for the provided second virtual computer network that specifies one or more second network routers that each are indicated to be connected to one or more of the multiple second computing nodes of the provided second virtual computer network; and

automatically providing the first virtual computer network for the first customer in accordance with the indicated first network topology information and automatically providing the second virtual computer network for the second customer in accordance with the indicated second network topology information, the automatic providing of the first and second virtual computer networks including overlaying the first and second virtual computer networks on a distinct substrate network without physically providing the one or more first network routers and without physically providing the one or more second network routers, the automatic providing of the first and second virtual computer networks including;

forwarding multiple communications between the multiple first computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more first network routers if the one or more first network routers were physically provided, and forwarding multiple other communications between the multiple second computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more second network routers if the one or more second network routers were physically provided;

in response to one or more requests from the first client, creating a virtual peering router that enables interactions with one or more other computer networks in accordance with peering configuration information specified by the first client, the created virtual peering router being emulated without physically providing the virtual peering router, and establishing a first logical connection between at least one of the first network routers of the first virtual computer network and the virtual peering router;

in response to a request from the second client, establishing a second logical connection between at least one of the second network routers of the second virtual computer network and the virtual peering router; and

after the establishing of the second logical connection,receiving one or more routing communications via the established second logical connection that are each directed to the virtual peering router and include network routing information for the second virtual computer network that is specified in accordance with a predefined network routing protocol;

automatically determining that the received one or more routing communications are authorized to be forwarded to the first virtual computer network based at least in part on the peering configuration information specified by the first client;

in response to the automatic determining that the received one or more routing communications are authorized to be forwarded, forwarding the received one or more routing communications over the substrate network to one or more of the first computing nodes of the first virtual computer network that participate in the predefined network routing protocol; and

forwarding one or more additional communications over the substrate network that are sent from the one or more first computing nodes to one or more of the multiple second computing nodes via the virtual peering router, the forwarding of the one or more additional communications including emulating functionality that would be provided by the virtual peering router if the virtual peering router was physically provided, the one or more additional communications being specified by the one or more first computing nodes in accordance with the network routing information for the second virtual computer network that is included in the forwarded one or more routing communications.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and one or more other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage routing communications between the inter-connected managed computer networks in accordance with client-specified configuration information.

Citations

26 Claims

1. A computer-implemented method comprising:
- under control of one or more computing systems of a configurable network service that provides virtual computer networks to remote customers,receiving first configuration information from a first customer for a first virtual computer network provided for the first customer by the configurable network service, the provided first virtual computer network including multiple first computing nodes from a plurality of computing nodes provided by the configurable network service, the first configuration information being received via a programmatic interface of the configurable network service and indicating first network topology information for the provided first virtual computer network that specifies one or more first network routers that each are indicated to be connected to one or more of the multiple first computing nodes of the provided first virtual computer network;
  
  receiving second configuration information from a second customer for a second virtual computer network provided for the second customer by the configurable network service, the provided second virtual computer network including multiple distinct second computing nodes from the plurality of computing nodes provided by the configurable network service, the second configuration information being received via the programmatic interface of the configurable network service and indicating second network topology information for the provided second virtual computer network that specifies one or more second network routers that each are indicated to be connected to one or more of the multiple second computing nodes of the provided second virtual computer network; and
  
  automatically providing the first virtual computer network for the first customer in accordance with the indicated first network topology information and automatically providing the second virtual computer network for the second customer in accordance with the indicated second network topology information, the automatic providing of the first and second virtual computer networks including overlaying the first and second virtual computer networks on a distinct substrate network without physically providing the one or more first network routers and without physically providing the one or more second network routers, the automatic providing of the first and second virtual computer networks including;
  
  forwarding multiple communications between the multiple first computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more first network routers if the one or more first network routers were physically provided, and forwarding multiple other communications between the multiple second computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more second network routers if the one or more second network routers were physically provided;
  
  in response to one or more requests from the first client, creating a virtual peering router that enables interactions with one or more other computer networks in accordance with peering configuration information specified by the first client, the created virtual peering router being emulated without physically providing the virtual peering router, and establishing a first logical connection between at least one of the first network routers of the first virtual computer network and the virtual peering router;
  
  in response to a request from the second client, establishing a second logical connection between at least one of the second network routers of the second virtual computer network and the virtual peering router; and
  
  after the establishing of the second logical connection,receiving one or more routing communications via the established second logical connection that are each directed to the virtual peering router and include network routing information for the second virtual computer network that is specified in accordance with a predefined network routing protocol;
  
  automatically determining that the received one or more routing communications are authorized to be forwarded to the first virtual computer network based at least in part on the peering configuration information specified by the first client;
  
  in response to the automatic determining that the received one or more routing communications are authorized to be forwarded, forwarding the received one or more routing communications over the substrate network to one or more of the first computing nodes of the first virtual computer network that participate in the predefined network routing protocol; and
  
  forwarding one or more additional communications over the substrate network that are sent from the one or more first computing nodes to one or more of the multiple second computing nodes via the virtual peering router, the forwarding of the one or more additional communications including emulating functionality that would be provided by the virtual peering router if the virtual peering router was physically provided, the one or more additional communications being specified by the one or more first computing nodes in accordance with the network routing information for the second virtual computer network that is included in the forwarded one or more routing communications.
- View Dependent Claims (2)
- - 2. The method of claim 1 wherein the configurable network service is a fee-based service that is accessible to the remote customers via public networks and that provides the virtual computer networks using cloud computing techniques, and wherein the multiple remote customers provide payment to the configurable network service for the virtual computer networks provided by the configurable network service, the provided payment for the first virtual computer network being based at least in part on use of the created virtual peering router.

3. A computer-implemented method comprising:
- under control of one or more computing systems of a configurable network service that provides virtual computer networks to clients,receiving one or more first requests to provide a first virtual computer network for a first client in accordance with specified first configuration information, the first configuration information indicating one or more specified first networking devices of the first virtual computer network that interconnect multiple first computing nodes of the first virtual computer network;
  
  receiving one or more second requests to provide a second virtual computer network for a second client in accordance with specified second configuration information, the second configuration information indicating one or more specified second networking devices of the second virtual computer network that interconnect multiple second computing nodes of the second virtual computer network; and
  
  automatically providing the first virtual computer network in accordance with the first configuration information and automatically providing the second virtual computer network in accordance with the second configuration information, the providing of the first and second virtual computer networks including overlaying the first and second virtual computer networks on a distinct substrate network without physically providing the one or more first networking devices and without physically providing the one or more second networking devices, the automatic providing of the first and second virtual computer networks further including;
  
  in response to an instruction from the first client, establishing a first logical connection between at least one of the first networking devices of the first virtual computer network and a peering router that enables interactions with one or more other computer networks, the establishing of the first logical connection being performed without physically providing the peering router;
  
  in response to an instruction from the second client, establishing a second logical connection between at least one of the second networking devices of the second virtual computer network and the peering router, the establishing of the second logical connection being performed without physically providing the peering router;
  
  receiving one or more routing communications that are directed to the peering router via the established second logical connection from the second virtual computer network, the receiving of the one or more routing communications being performed without physically providing the peering router;
  
  automatically determining whether to forward the received one or more routing communications to the first virtual computer network based at least in part on configuration information associated with the peering router; and
  
  if it is automatically determined to forward the received one or more routing communications to the first virtual computer network, sending the received one or more routing communications over the substrate network to at least one of the first computing nodes of the first virtual computer network.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 4. The method of claim 3 wherein the receiving of the one or more routing communications includes intercepting the one or more routing communications before the one or more routing communications are forwarded over the substrate network, wherein the automatic determining of whether to forward the received one or more routing communications to the first virtual computer network includes determining to not forward the received one or more routing communications to the first virtual computer network, and wherein the method further comprises preventing the received one or more routing communications from being sent over the substrate network.
  - 5. The method of claim 4 further comprising receiving one or more additional routing communications that are sent to the peering router via the established second logical connection from the second virtual computer network, and sending the received one or more additional routing communications to one or more of the first computing nodes of the first virtual computer network over the substrate network in accordance with the configuration information associated with the peering router.
  - 6. The method of claim 3 further comprising receiving one or more additional routing communications that are sent to the peering router via the established first logical connection from the first virtual computer network, and sending the received one or more additional routing communications to one or more of the second computing nodes of the second virtual computer network in accordance with the configuration information associated with the peering router.
  - 7. The method of claim 3 wherein the peering router is a virtual peering router, and wherein the establishing of the first and second logical connections includes enabling the multiple first computing nodes of the first virtual computer network to direct communications to the multiple second computing nodes of the second virtual computer network.
  - 8. The method of claim 7 further comprising forwarding a plurality of communications over the substrate network, the forwarded plurality of communications including multiple first communications for the first virtual computer network that are forwarded between the multiple first computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more first networking devices if the one or more first networking devices were physically provided, the forwarded plurality of communications including multiple second communications for the second virtual computer network that are forwarded between the multiple second computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more second networking devices if the one or more second networking devices were physically provided, and the forwarded plurality of communications including multiple third communications that are forwarded between the first and second virtual computer networks via the established first and second logical connections to the virtual peering router in a manner that emulates functionality that would be provided by the virtual peering router if the virtual peering router was physically provided.
  - 9. The method of claim 3 wherein the automatic determining of whether to forward the received one or more routing communications to the first virtual computer network includes determining to forward the received one or more routing communications to the first virtual computer network, wherein the sending of the received one or more routing communications to the at least one first computing nodes of the first virtual computer network includes selecting the at least one first computing nodes based at least in part on the at least one first computing nodes participating in a first routing protocol used by the first virtual computer network, wherein the received one or more routing communications are specified in accordance with a second routing protocol that is used by the second virtual computer network and that is distinct from the first routing protocol, and wherein the method further comprises modifying the sent one or more routing communications to be specified in accordance with the first routing protocol.
  - 10. The method of claim 3 wherein the configuration information associated with the peering router includes first peering configuration information supplied by the first client for the peering router, and wherein the automatic determining of whether to forward the received one or more routing communications to the first virtual computer network is based on the first peering configuration information.
  - 11. The method of claim 10 wherein the first peering configuration information prevents routing communications from any virtual computer networks to be sent to the first computing nodes of the first virtual computer network via the peering router, and wherein the automatic determining of whether to forward the received one or more routing communications to the first virtual computer network includes determining to not forward the received one or more routing communications to the first virtual computer network.
  - 12. The method of claim 10 wherein the first peering configuration information indicates one or more filters to limit routing communications that are allowed to be sent to the first computing nodes of the first virtual computer network via the peering router from other virtual computer networks.
  - 13. The method of claim 10 wherein the first peering configuration information indicates one or more filters to limit routing communications that are allowed to be sent to the first computing nodes of the first virtual computer network via the peering router from another virtual computer network based at least in part on information about a client for whom the another virtual computer network is provided, and wherein the automatic determining of whether to forward the received one or more routing communications from the second virtual computer network to the first virtual computer network includes retrieving information about the second client and performing the determining based at least in part on the retrieved information.
  - 14. The method of claim 10 wherein the first peering configuration information indicates one or more filters to limit routing communications that are allowed to be sent to the first computing nodes of the first virtual computer network via the peering router from another virtual computer network based at least in part on information about the another virtual computer network, and wherein the automatic determining of whether to forward the received one or more routing communications from the second virtual computer network to the first virtual computer network includes retrieving information about the second virtual computer network and performing the determining based at least in part on the retrieved information.
  - 15. The method of claim 10 wherein the first peering configuration information is policy information that is supplied as part of the received one or more first requests and includes an instruction from the first client to create the peering router on behalf of the first client, and wherein the providing of the first and second virtual computer networks further includes providing functionality to emulate functionality of the peering router.
  - 16. The method of claim 10 wherein the configuration information associated with the peering router further includes second peering configuration information supplied by the second client for the peering router, wherein the second virtual computer network is connected via a private connection to one or more external computer systems of the second client, wherein the second peering configuration information includes restrictions on sending routing information corresponding to the external computer systems outside of the second virtual computer network, wherein the received one or more routing communications include routing information corresponding to at least one of the one or more external computer systems, and wherein the automatic determining of whether to forward the received one or more routing communications to the first virtual computer network includes determining to not forward the received one or more routing communications to the first virtual computer network based at least in part on the second peering configuration information.
  - 17. The method of claim 10 wherein the first peering configuration information includes one or more restrictions about which virtual computer networks are allowed to connect to the peering router, and wherein the establishing of the second logical connection between the at least one second networking devices of the second virtual computer network and the peering router includes automatically determining that the second logical connection is authorized by the first peering configuration information.
  - 18. The method of claim 10 wherein the automatic determining of whether to forward the received one or more routing communications to the first virtual computer network includes determining to forward the received one or more routing communications to the first virtual computer network based at least in part on the first peering configuration information, and wherein the method further comprises:
    - before the receiving of the one or more routing communications,automatically providing a third virtual computer network for a third client in accordance with third configuration information specified by the third client, the third configuration information including third peering configuration information supplied by the third client for the peering router; and
      
      establishing a third logical connection from one or more third networking devices of the third virtual computer network to one or more virtual peering routers that include the peering router; and
      
      after the receiving of the one or more routing communications, automatically determining to not forward the received one or more routing communications to the third virtual computer network based at least in part on the third peering configuration information.
  - 19. The method of claim 18 wherein the peering router to which the first and second logical connections are established is a first virtual peering router, wherein the third logical connection is to a second virtual peering router distinct from the first virtual peering router, and wherein the first and second virtual peering routers are part of a group of two or more inter-connected virtual peering routers.
  - 20. The method of claim 3 wherein the configurable network service provides a plurality of computing nodes for use in provided virtual computer networks, wherein the multiple first computing nodes and the multiple second computing nodes are each a distinct subset of the plurality of computing nodes, and wherein the configurable network service provides multiple modules that manage the multiple first and second communications by modifying outgoing communications from sending computing nodes to be encoded with information specific to the substrate network before transmission over the substrate network and by modifying incoming communications to destination computing nodes to remove the encoded information specific to the substrate network after the transmission over the substrate network.
  - 21. The method of claim 3 wherein the multiple first computing nodes are each a virtual machine hosted on one of multiple physical computing systems of the configurable network service, wherein the providing of the first virtual computer network includes configuring one or more virtual machine communication manager modules that execute on one or more of the physical computing systems to manage communications for the hosted virtual machines, and wherein the establishing of the first logical connection and the forwarding of the multiple communications are performed dynamically while the first virtual computer network is operational and without stopping use of the first virtual computer network based at least in part on management of communications by the virtual machine communication manager modules.

22. A non-transitory computer-readable storage medium whose contents configure a computing system to perform a method, the method comprising:
- under control of the configured computing system, the configured computing system being part of a configurable network service that provides multiple virtual computer networks to multiple remote clients,receiving information from a first client for use in configuring a first virtual computer network for the first client, the configuring including specifying inter-connections between multiple first computing nodes of the first virtual computer network, the configuring further including specifying a first connection between the multiple first computing nodes and a virtual peering router that enables interactions with one or more other second virtual computer networks that have multiple second computing nodes, the information received from the first client being configuration information for the first virtual computer network that specifies one or more first networking devices that are part of the specified inter-connections for the first virtual computer network, and the first virtual computer network and the one or more second virtual computer networks being part of the multiple virtual computer networks provided by the configurable network service; and
  
  automatically providing the first virtual computer network in accordance with the configuring by overlaying the first virtual computer network on a distinct substrate network without physically providing the one or more first networking devices, the providing of the first virtual computer network including;
  
  establishing the first connection between the first virtual computer network and the virtual peering router, the establishing of the first connection including establishing a logical connection between at least one of the specified first networking devices of the first virtual computer network and the virtual peering router; and
  
  after the one or more second virtual computer networks have established one or more second connections to the virtual peering router, and after one or more routing communications are received from at least one of the second virtual computer networks that are directed to the virtual peering router via at least one of the established second connections, forwarding the received one or more routing communications to the first virtual computer network based at least in part on configuration information associated with the virtual peering router that includes first peering configuration information specified by the first client, the forwarding being performed without physically providing the virtual peering router and including automatically determining that the received one or more routing communications are authorized to be forwarded to the first virtual computer network based at least in part on the first peering configuration information.
- View Dependent Claims (23)
- - 23. The non-transitory computer-readable storage medium of claim 22 wherein the one or more second virtual computer networks are provided to the first client, wherein the method further comprises automatically providing the one or more second virtual computer networks in accordance with information received from the first client by overlaying the one or more second virtual computer networks on the substrate network, wherein the computer-readable medium is a memory of the configured computing system that stores the contents, and wherein the contents are instructions that when executed program the computing system to perform the method.

24. A computing system, comprising:
- one or more processors; and
  
  a manager module that is configured to, when executed by at least one of the processors;
  
  receive first configuration information from a first client to configure a first computer network provided for use by the first client, the first configuration information indicating inter-connections between multiple first computing nodes of the provided first computer network that include one or more first networking devices;
  
  receive second configuration information from a second client to configure a second computer network provided for use by the second client, the second configuration information indicating inter-connections between multiple second computing nodes of the provided second computer network that include one or more second networking devices;
  
  automatically configure the provided first computer network for the first client in accordance with the received first configuration information and automatically configure the provided second computer network for the second client in accordance with the received second configuration information, the configuring of the provided first and second computer networks including overlaying each of the provided first and second computer networks on a distinct third computer network without physically providing the one or more first networking devices and without physically providing the one or more second networking devices, the multiple first and second computing nodes being connected to the third computer network;
  
  forward multiple communications between the multiple first computing nodes over the third computer network without physically providing the one or more first networking devices, and forward multiple other communications between the multiple second computing nodes over the third computer network without physically providing the one or more second networking devices;
  
  in response to one or more requests from at least one of the first and second clients, establish a logical inter-connection between the provided first and second computer networks to enable communications between the multiple first computing nodes and the multiple second computing nodes in accordance with specified third configuration information for the logical inter-connection; and
  
  after one or more routing communications are received from the second computer network that are sent using the logical inter-connection, automatically determine to forward the received one or more routing communications to the first computer network based at least in part on the third configuration information, and forward the received one or more routing communications over the third computer network to one or more of the first computing nodes of the first computer network.
- View Dependent Claims (25, 26)
- - 25. The computing system of claim 24 wherein the third computer network is a substrate network, wherein the provided first and second computer networks are each virtual computer networks overlaid on the substrate network, wherein the manager module is part of a configurable network service and provides an interface for use by the first and second clients to configure the provided first and second virtual computer networks, wherein the multiple computing nodes of each of the provided first and second computer networks are a subset of a plurality of computing nodes provided by the configurable network service for use with the provided first and second computer networks, wherein the establishing of the logical inter-connection between the provided first and second computer networks includes establishing a first logical connection from at least one of the first networking devices to at least one of one or more virtual peering routers and includes establishing a second logical connection from at least one of the second networking devices to at least one of the one or more virtual peering routers, the one or more virtual peering routers not being physically provided, wherein the third configuration information associated with the logical inter-connection is peering configuration information associated with the one or more virtual peering routers that is specified by at least one of the first and second clients, and wherein the manager module includes software instructions for execution by the at least one processor.
  - 26. The computing system of claim 24 wherein the manager module consists of a means for:
    - receiving first configuration information from a first client to configure a first computer network provided for use by the first client, the first configuration information indicating inter-connections between multiple first computing nodes of the provided first computer network that include one or more first networking devices;
      
      receiving second configuration information from a second client to configure a second computer network provided for use by the second client, the second configuration information indicating inter-connections between multiple second computing nodes of the provided second computer network that include one or more second networking devices;
      
      automatically configuring the provided first computer network for the first client in accordance with the received first configuration information and automatically configure the provided second computer network for the second client in accordance with the received second configuration information, the configuring of the provided first and second computer networks including overlaying each of the provided first and second computer networks on a distinct third computer network without physically providing the one or more first networking devices and without physically providing the one or more second networking devices, the multiple first and second computing nodes being connected to the third computer network;
      
      forwarding multiple communications between the multiple first computing nodes over the third computer network without physically providing the one or more first networking devices, and forward multiple other communications between the multiple second computing nodes over the third computer network without physically providing the one or more second networking devices;
      
      in response to one or more requests from at least one of the first and second clients, establishing a logical inter-connection between the provided first and second computer networks to enable communications between the multiple first computing nodes and the multiple second computing nodes in accordance with specified third configuration information for the logical inter-connection; and
      
      after one or more routing communications are received from the second computer network that are sent using the logical inter-connection, automatically determining to forward the received one or more routing communications to the first computer network based at least in part on the third configuration information, and forwarding the received one or more routing communications over the third computer network to one or more of the first computing nodes of the first computer network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Miller, Kevin Christopher, Doane, Andrew J., Brandwine, Eric Jason
Primary Examiner(s)
Dinh; Khanh Q

Application Number

US12/648,217
Time in Patent Office

519 Days
Field of Search

709/227, 709/223, 709/228, 709/238, 455/461, 370/254
US Class Current

709/227
CPC Class Codes

H04L 12/6418   Hybrid transport

H04L 41/0803   Configuration setting

H04L 41/122   of virtualised topologies, ...

H04L 41/40   using virtualisation of net...

H04L 41/5054   Automatic deployment of ser...

H04L 67/141   Setup of application sessio...

H04L 67/51   Discovery or management the...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Using virtual networking devices to manage routing communications between connected computer networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Using virtual networking devices to manage routing communications between connected computer networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links