Using virtual networking devices to manage routing communications between connected computer networks

US 8,131,852 B1
Filed: 04/26/2011
Issued: 03/06/2012
Est. Priority Date: 12/28/2009
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium whose contents configure a computing system to perform a method, the method comprising:

under control of the configured computing system,receiving information from a first client for use in configuring a first virtual computer network for the first client, the configuring including specifying inter-connections between multiple first computing nodes of the first virtual computer network, the configuring further including specifying a first connection between the multiple first computing nodes and a virtual peering router that enables interactions with one or more other second virtual computer networks that have multiple second computing nodes; and

automatically providing the first virtual computer network in accordance with the configuring by overlaying the first virtual computer network on a distinct substrate network, the providing of the first virtual computer network including;

establishing the first connection between the first virtual computer network and the virtual peering router;

after the one or more second virtual computer networks have established one or more second connections to the virtual peering router, and after one or more routing communications are received from at least one of the second virtual computer networks that are directed to the virtual peering router via at least one of the established second connections, forwarding the received one or more routing communications to the first virtual computer network based at least in part on configuration information associated with the virtual peering router that includes first peering configuration information supplied by the first client for the virtual peering router, the first peering configuration information preventing routing communications from any virtual computer networks other than the one or more second virtual computer networks to be sent to the first computing nodes of the first virtual computer network via the virtual peering router, the forwarding being performed without physically providing the virtual peering router and including automatically determining whether to perform the forwarding based at least in part on the first peering configuration information; and

automatically determining to not forward one or more additional routing communications to the first virtual computer network that are directed to the virtual peering router by one or more third virtual computer networks distinct from the one or more second virtual computer networks.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and one or more other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage routing communications between the inter-connected managed computer networks in accordance with client-specified configuration information.

344 Citations

23 Claims

1. A non-transitory computer-readable storage medium whose contents configure a computing system to perform a method, the method comprising:
- under control of the configured computing system,receiving information from a first client for use in configuring a first virtual computer network for the first client, the configuring including specifying inter-connections between multiple first computing nodes of the first virtual computer network, the configuring further including specifying a first connection between the multiple first computing nodes and a virtual peering router that enables interactions with one or more other second virtual computer networks that have multiple second computing nodes; and
  
  automatically providing the first virtual computer network in accordance with the configuring by overlaying the first virtual computer network on a distinct substrate network, the providing of the first virtual computer network including;
  
  establishing the first connection between the first virtual computer network and the virtual peering router;
  
  after the one or more second virtual computer networks have established one or more second connections to the virtual peering router, and after one or more routing communications are received from at least one of the second virtual computer networks that are directed to the virtual peering router via at least one of the established second connections, forwarding the received one or more routing communications to the first virtual computer network based at least in part on configuration information associated with the virtual peering router that includes first peering configuration information supplied by the first client for the virtual peering router, the first peering configuration information preventing routing communications from any virtual computer networks other than the one or more second virtual computer networks to be sent to the first computing nodes of the first virtual computer network via the virtual peering router, the forwarding being performed without physically providing the virtual peering router and including automatically determining whether to perform the forwarding based at least in part on the first peering configuration information; and
  
  automatically determining to not forward one or more additional routing communications to the first virtual computer network that are directed to the virtual peering router by one or more third virtual computer networks distinct from the one or more second virtual computer networks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The non-transitory computer-readable storage medium of claim 1 wherein the configured computing system is part of a configurable network service that provides multiple virtual computer networks to multiple remote clients, wherein the one or more second virtual computer networks are provided to the first client by the configurable network service, wherein the method further comprises automatically providing the one or more second virtual computer networks in accordance with information received from the first client by overlaying the one or more second virtual computer networks on the substrate network, wherein the computer-readable storage medium is a memory of the configured computing system that stores the contents, and wherein the contents are instructions that when executed program the computing system to perform the method.
  - 3. The non-transitory computer-readable storage medium of claim 1 wherein the one or more second virtual computer networks are each overlaid on the substrate network, wherein the established one or more second connections are logical connections, and wherein the method further comprises receiving the one or more routing communications by intercepting the one or more routing communications before the one or more routing communications are forwarded over the substrate network.
  - 4. The non-transitory computer-readable storage medium of claim 1 wherein the established first connection is a logical connection, and wherein the method further comprises receiving one or more additional routing communications that are directed to the virtual peering router via the established first connection from the first virtual computer network, and sending the received one or more additional routing communications to one or more of the second computing nodes of the one or more second virtual computer networks in accordance with the configuration information associated with the virtual peering router.
  - 5. The non-transitory computer-readable storage medium of claim 1 wherein the specified inter-connections for the first virtual computer network include one or more first networking devices, and wherein the providing of the first virtual computer network is performed without physically providing the one or more first networking devices and further includes forwarding a plurality of communications over the substrate network, the forwarded plurality of communications including multiple communications for the first virtual computer network that are forwarded between the multiple first computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more first networking devices if the one or more first networking devices were physically provided.
  - 6. The non-transitory computer-readable storage medium of claim 1 wherein the establishing of the first and second connections includes enabling the multiple first computing nodes of the first virtual computer network to direct communications to the multiple second computing nodes of the one or more second virtual computer networks, and wherein the method further comprises forwarding a plurality of communications over the substrate network, the forwarded plurality of communications including multiple first communications for the first virtual computer network that are forwarded between the multiple first computing nodes over the substrate network, the forwarded plurality of communications further including multiple second communications that are forwarded from the first virtual computer network to the one or more second virtual computer networks via the established first and second connections in a manner that emulates functionality that would be provided by the virtual peering router if the virtual peering router was physically provided.
  - 7. The non-transitory computer-readable storage medium of claim 1 wherein the forwarding of the received one or more routing communications to the first virtual computer network includes selecting at least one of the multiple first computing nodes to receive the forwarded routing communications based at least in part on the selected at least one first computing nodes participating in a first routing protocol used by the first virtual computer network, wherein the received one or more routing communications are specified in accordance with a second routing protocol that is used by the one or more second virtual computer networks and that is distinct from the first routing protocol, and wherein the method further comprises automatically modifying the forwarded one or more routing communications to be specified in accordance with the first routing protocol.
  - 8. The non-transitory computer-readable storage medium of claim 1 wherein the first peering configuration information indicates one or more filters to limit routing communications that are allowed to be sent to the first computing nodes of the first virtual computer network via the virtual peering router from other virtual computer networks, and wherein the method further comprises automatically limiting additional routing communications that are forwarded to the first virtual computer network via the virtual peering router in accordance with the first peering configuration information.
  - 9. The non-transitory computer-readable storage medium of claim 1 wherein the first peering configuration information indicates one or more filters to limit routing communications that are allowed to be sent to the first computing nodes of the first virtual computer network via the virtual peering router from another virtual computer network based at least in part on information about a client for whom the another virtual computer network is provided, and wherein the automatic determining of whether to perform the forwarding of the received one or more routing communications includes retrieving information about a second client associated with the one or more second virtual computer networks and performing the determining based at least in part on the retrieved information.
  - 10. The non-transitory computer-readable storage medium of claim 1 wherein the first peering configuration information indicates one or more filters to limit routing communications that are allowed to be sent to the first computing nodes of the first virtual computer network via the virtual peering router from another virtual computer network based at least in part on information about the another virtual computer network, and wherein the automatic determining of whether to perform the forwarding of the received one or more routing communications includes retrieving information about the one or more second virtual computer networks and performing the determining based at least in part on the retrieved information.
  - 11. The non-transitory computer-readable storage medium of claim 1 wherein the configured computing system is part of a configurable network service that provides multiple virtual computer networks to multiple remote clients, wherein the first virtual computer network and the one or more second virtual computer networks are part of the provided multiple virtual computer networks, wherein the configuration information associated with the virtual peering router further includes second peering configuration information supplied for the virtual peering router by a second client associated with the one or more second virtual computer networks, wherein the one or more second virtual computer networks are connected via a private connection to one or more external computer systems of the second client, wherein the second peering configuration information includes restrictions on sending routing information corresponding to the external computer systems outside of the second virtual computer network, wherein the received one or more routing communications include routing information corresponding to at least one of the one or more external computer systems, and wherein the forwarding of the received one or more routing communications includes preventing the routing information corresponding to at least one of the one or more external computer systems from being forwarded to the first virtual computer network based at least in part on the second peering configuration information.
  - 12. The non-transitory computer-readable storage medium of claim 1 wherein the first peering configuration information includes one or more restrictions about which virtual computer networks are allowed to connect to the virtual peering router, and wherein the method further comprises automatically determining that the one or more second connections are authorized by the first peering configuration information before establishing the one or more second connections.
  - 13. The non-transitory computer-readable storage medium of claim 1 wherein the method further comprises:
    - before receiving the one or more routing communications,automatically providing a third virtual computer network for a third client in accordance with third configuration information specified by the third client, the third configuration information including third peering configuration information supplied by the third client for the virtual peering router; and
      
      establishing a third connection from one or more third networking devices of the third virtual computer network to the virtual peering router; and
      
      after the receiving of the one or more routing communications, automatically determining to not forward the received one or more routing communications to the third virtual computer network based at least in part on the third peering configuration information.
  - 14. The non-transitory computer-readable storage medium of claim 13 wherein the virtual peering router to which the first and second connections are established is a first virtual peering router, and wherein the third connection is to the first virtual peering router via a distinct second virtual peering router, the first and second virtual peering routers being part of a group of two or more inter-connected virtual peering routers.
  - 15. The non-transitory computer-readable storage medium of claim 1 wherein the information received from the first client includes an instruction from the first client to create the virtual peering router on behalf of the first client, and wherein the providing of the first virtual computer network further includes creating the virtual peering router by providing functionality to emulate functionality of the virtual peering router.
  - 16. The non-transitory computer-readable storage medium of claim 1 wherein the configured computing system is part of a configurable network service that provides multiple virtual computer networks to multiple remote clients, wherein the first virtual computer network and the one or more second virtual computer networks are part of the provided multiple virtual computer networks, wherein the multiple first computing nodes are each a virtual machine hosted on one of multiple physical computing systems of the configurable network service, wherein the providing of the first virtual computer network further includes configuring one or more virtual machine communication manager modules that execute on one or more of the physical computing systems to manage communications for the hosted virtual machines, and wherein the establishing of the first connection and the forwarding of the received one or more routing communications are performed dynamically while the first virtual computer network is operational and without stopping use of the first virtual computer network based at least in part on management of communications by the virtual machine communication manager modules.

17. A computer-implemented method, comprising:
- receiving information from a first client for use in configuring a first virtual computer network for the first client, the configuring including specifying inter-connections between multiple first computing nodes of the first virtual computer network; and
  
  automatically providing the first virtual computer network in accordance with the configuring by overlaying the first virtual computer network on a distinct substrate network, the automatic providing of the first virtual computer network being performed by one or more configured computing systems and including;
  
  establishing a first connection between the multiple first computing nodes of the first virtual computer network and a peering router;
  
  after a second virtual computer network has established a second connection to the peering router, and after one or more routing communications are received from the second virtual computer network that are directed to the peering router via the established second connection, forwarding the received one or more routing communications to the first virtual computer network based at least in part on the established first connection and on first peering configuration information supplied by the first client for the peering router, the first peering configuration information preventing routing communications from virtual computer networks other than the second virtual computer network to be sent to the first virtual computer network via the peering router, the forwarding including automatically determining whether to perform the forwarding based at least in part on the first peering configuration information; and
  
  automatically determining to not forward one or more additional routing communications to the first virtual computer network that are directed to the peering router by one or more third virtual computer networks distinct from the second virtual computer network.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17 wherein the one or more routing communications include information about one or more of multiple second computing nodes of the second virtual computer network, wherein the peering router is a virtual peering router, and wherein the forwarding of the received one or more routing communications to the first virtual computer network is performed without physically providing the virtual peering router and enables the multiple first computing nodes to send additional communications to the one or more second computing nodes.
  - 19. The method of claim 17 wherein the one or more configured computing systems are part of a configurable network service that provides multiple virtual computer networks to multiple remote clients, and wherein the first virtual computer network and the second virtual computer network are part of the provided multiple virtual computer networks.
  - 20. The method of claim 17 further comprising automatically providing the second virtual computer network for the first client in accordance with information received from the first client by overlaying the second virtual computer network on the substrate network.
  - 21. The method of claim 17 wherein the first peering configuration information associated with the peering router by the first client indicates the one or more third virtual computer networks and indicates to block routing communications from the one or more third virtual computer networks.

22. A computing system, comprising:
- one or more processors; and
  
  a manager module that is configured to, when executed by at least one of the processors;
  
  receive information from a first client for use in configuring a first virtual computer network for the first client, the configuring including specifying inter-connections between multiple first computing nodes of the first virtual computer network; and
  
  automatically provide the first virtual computer network in accordance with the configuring by overlaying the first virtual computer network on a distinct substrate network, the automatic providing of the first virtual computer network including;
  
  establishing a first connection between the multiple first computing nodes of the first virtual computer network and a peering router;
  
  after a second virtual computer network has established a second connection to the peering router, and after one or more routing communications are received from the first virtual computer network that are directed to the peering router via the established first connection, forwarding the received one or more routing communications to the second virtual computer network based at least in part on the established second connection and on first peering configuration information supplied by the first client for the peering router, the first peering configuration information preventing routing communications to be sent to virtual computer networks other than the second virtual computer network via the peering router, the forwarding including automatically determining whether to perform the forwarding based at least in part on the first peering configuration information; and
  
  automatically determining to not forward one or more additional routing communications from the first virtual computer network that are directed to the peering router to one or more third virtual computer networks distinct from the second virtual computer network.
- View Dependent Claims (23)
- - 23. The computing system of claim 22 wherein the peering router is a virtual peering router, wherein the forwarding of the received one or more routing communications to the second virtual computer network is performed without physically providing the virtual peering router and includes automatically determining whether to perform the forwarding based at least in part on first peering configuration information associated with the virtual peering router by the first client, and wherein the manager module includes software instructions for execution by the one or more processors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Miller, Kevin Christopher, Brandwine, Eric Jason, Doane, Andrew J.
Primary Examiner(s)
DINH, KHANH Q

Application Number

US13/094,334
Time in Patent Office

315 Days
Field of Search

709/206, 709/220, 709/227, 370/313, 370/401
US Class Current

709/224
CPC Class Codes

H04L 12/6418   Hybrid transport

H04L 41/0803   Configuration setting

H04L 41/122   of virtualised topologies, ...

H04L 41/40   using virtualisation of net...

H04L 41/5054   Automatic deployment of ser...

H04L 67/141   Setup of application sessio...

H04L 67/51   Discovery or management the...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Using virtual networking devices to manage routing communications between connected computer networks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

344 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Using virtual networking devices to manage routing communications between connected computer networks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

344 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links