Using virtual networking devices to connect managed computer networks

US 8,312,129 B1
Filed: 07/29/2011
Issued: 11/13/2012
Est. Priority Date: 12/28/2009
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium comprising stored instructions that, upon execution, cause a computing system to:

provide a first virtual computer network to a first client by overlaying the first virtual computer network on a distinct substrate network, the first virtual computer network being configured in accordance with received information that specifies inter-connections between first computing nodes of the first virtual computer network;

establish, by the computing system, a first connection between the first virtual computer network and a virtual peering router that enables interactions with one or more other second virtual computer networks that have second computing nodes;

after the one or more second virtual computer networks have established one or more second connections to the virtual peering router, receive, by the computing system, one or more routing communications via the established one or more second connections that are directed to the virtual peering router and include network routing information for the second virtual computer networks, the one or more routing communications being specified in accordance with one or more defined network routing protocols; and

forward, by the computing system, one or more communications between the first virtual computer network and the one or more second virtual computer networks by using the network routing information included in the received one or more routing communications to direct one of the forwarded communications from one of the first computing nodes of the first virtual computer network to one or more of the second computing nodes of the second virtual computer networks.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage data communications between computing nodes of the inter-connected managed computer networks in accordance with client-specified configuration information.

418 Citations

25 Claims

1. A non-transitory computer-readable storage medium comprising stored instructions that, upon execution, cause a computing system to:
- provide a first virtual computer network to a first client by overlaying the first virtual computer network on a distinct substrate network, the first virtual computer network being configured in accordance with received information that specifies inter-connections between first computing nodes of the first virtual computer network;
  
  establish, by the computing system, a first connection between the first virtual computer network and a virtual peering router that enables interactions with one or more other second virtual computer networks that have second computing nodes;
  
  after the one or more second virtual computer networks have established one or more second connections to the virtual peering router, receive, by the computing system, one or more routing communications via the established one or more second connections that are directed to the virtual peering router and include network routing information for the second virtual computer networks, the one or more routing communications being specified in accordance with one or more defined network routing protocols; and
  
  forward, by the computing system, one or more communications between the first virtual computer network and the one or more second virtual computer networks by using the network routing information included in the received one or more routing communications to direct one of the forwarded communications from one of the first computing nodes of the first virtual computer network to one or more of the second computing nodes of the second virtual computer networks.
- View Dependent Claims (2, 3, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The non-transitory computer-readable storage medium of claim 1 wherein the one or more second virtual computer networks are provided to the first client, and wherein the stored instructions include instructions that upon execution cause the computing system to provide the one or more second virtual computer networks in accordance with information received from the first client.
  - 3. The non-transitory computer-readable storage medium of claim 1 wherein the computer-readable medium is a memory of the computing system, and wherein the stored instructions include instructions that upon execution further cause the computing system to modify configuration of a computer system associated with the one first computing node to enable the one first computing node to direct the communication to the one or more second computing nodes.
  - 11. The non-transitory computer-readable storage medium of claim 1 wherein the establishing of the first connection includes performing one or more configurations that enable multiple first computing nodes of the first virtual computer network to direct communications to multiple second computing nodes of the second virtual computer networks, and wherein the forwarded one or more communications are each forwarded from one of the multiple first computing nodes to at least one of the multiple second computing nodes.
  - 12. The non-transitory computer-readable storage medium of claim 11 wherein the one or more configurations are performed in accordance with peering configuration information supplied by the first client for the virtual peering router and include configuring one or more modules of a configurable network service that is provided at least in part by the computing system.
  - 13. The non-transitory computer-readable storage medium of claim 12 wherein the peering configuration information prevents communications from any virtual computer networks to be sent to the first computing nodes of the first virtual computer network via the virtual peering router.
  - 14. The non-transitory computer-readable storage medium of claim 12 wherein the peering configuration information indicates one or more filters to limit communications that are allowed to be sent to the first computing nodes of the first virtual computer network via the virtual peering router from other virtual computer networks.
  - 15. The non-transitory computer-readable storage medium of claim 1 wherein the received information is from the first client and includes an instruction from the first client to create the virtual peering router on behalf of the first client, and wherein the stored instructions include instructions that upon execution further cause the computing system to emulate functionality that would be provided by the virtual peering router if the virtual peering router was physically provided.
  - 16. The non-transitory computer-readable storage medium of claim 1 wherein the stored instructions include instructions that upon execution further cause the computing system to establish one or more additional logical connections from one or more third virtual computer networks to the virtual peering router and to forward multiple additional communications that are each between at least two of the first, second and third virtual computer networks, the establishing of the one or more additional logical connections including performing configurations to enable the first computing nodes of the first virtual computer network to direct communications to third computing nodes of the one or more third virtual computer networks and to enable the third computing nodes of the one or more third virtual computer networks to direct communications to the first computing nodes of the first virtual computer network but not to the second computing nodes of the second virtual computer networks.
  - 17. The non-transitory computer-readable storage medium of claim 1 wherein the one or more second virtual computer networks are provided for a second client of the configurable network service that is distinct from the first client, and wherein the stored instructions include instructions that upon execution further cause the computing system to perform additional configurations in accordance with additional peering configuration information supplied by the second client for the virtual peering router, the additional peering configuration information indicating one or more filters to limit communications that are allowed to be sent from the first virtual computer network to the second computing nodes of the second virtual computer networks via the virtual peering router.
  - 18. The non-transitory computer-readable storage medium of claim 1 wherein the network routing information included in the received one or more routing communications indicates at least some of the second computing nodes, and wherein the receiving of the one or more routing communications includes intercepting the one or more routing communications before the one or more routing communications are forwarded over the substrate network, and inhibiting forwarding of the intercepted routing communications to the virtual peering router.
  - 19. The non-transitory computer-readable storage medium of claim 1 wherein the received information is configuration information from the first client that specifies one or more first networking devices that are part of the specified inter-connections for the first virtual computer network, and wherein the stored instructions include instructions that upon execution further cause the computing system to forward multiple first communications for the first virtual computer network between the first computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more specified first networking devices if the specified first networking devices were physically provided.
  - 20. The non-transitory computer-readable storage medium of claim 19 wherein the computing system is part of a configurable network service that provides a plurality of computing nodes for use in provided virtual computer networks, wherein the first computing nodes and the second computing nodes are each a distinct subset of the plurality of computing nodes, and wherein the configurable network service provides multiple modules that manage the multiple first communications by modifying outgoing communications from sending computing nodes to be encoded with information specific to the substrate network before transmission over the substrate network and by modifying incoming communications to destination computing nodes to remove the encoded information specific to the substrate network after the transmission over the substrate network.
  - 21. The non-transitory computer-readable storage medium of claim 1 wherein the first computing nodes are each a virtual machine hosted on one of multiple physical computing systems, wherein the providing of the first virtual computer network includes configuring one or more virtual machine communication manager modules that execute on one or more of the physical computing systems to manage communications for the hosted virtual machines, and wherein the establishing of the first connection and the forwarding of the one or more communications are performed dynamically while the first virtual computer network is operational and without stopping use of the first virtual computer network based at least in part on management of communications by the virtual machine communication manager modules.

4. A computing system, comprising:
- one or more processors; and
  
  a memory including stored instructions that, when executed by at least one of the processors, cause the computing system to;
  
  configure a provided first computer network for a first client in accordance with received first configuration information that indicates first inter-connections between first computing nodes of the provided first computer network, the indicated first inter-connections including one or more first networking devices;
  
  configure a provided second computer network for a second client in accordance with received second configuration information that indicates second inter-connections between second computing nodes of the provided second computer network, the indicated second inter-connections including one or more second networking devices, and wherein the configuring of the provided first and second computer networks includes overlaying each of the provided first and second computer networks on a distinct third computer network;
  
  in response to a request from at least one of the first and second clients, establish a logical inter-connection between the provided first and second computer networks to enable communications between the first computing nodes and the second computing nodes in accordance with specified configuration information for the logical inter-connection;
  
  receive one or more routing communications via the established logical inter-connection that include network routing information for the second computer network, the one or more routing communications being specified in accordance with one or more defined network routing protocols; and
  
  forward one or more communications over the third computer network between the first and second computer networks in accordance with the specified configuration information and by using the network routing information included in the received one or more routing communications, the forwarding of the one or more communications including directing a communication from one of the first computing nodes of the first computer network to one or more of the second computing nodes of the second computer network.
- View Dependent Claims (5, 6, 7, 8, 9, 10)
- - 5. The computing system of claim 4 wherein the third computer network is a substrate network, and wherein the provided first and second computer networks are each virtual computer networks overlaid on the substrate network.
  - 6. The computing system of claim 4 wherein the establishing of the logical inter-connection between the provided first and second computer networks includes establishing a first logical connection from at least one of the first networking devices to a first virtual peering router and includes establishing a second logical connection from at least one of the second networking devices to a second virtual peering router, the first and second virtual peering routers being logically connected to each other.
  - 7. The computing system of claim 4 wherein the stored instructions include instructions that upon execution further cause the computing system to analyze the network routing information included in the received one or more routing communications to determine network topology information for the provided second computer network that affects one or more routing paths for communications between the provided first and second computer networks.
  - 8. The computing system of claim 4 wherein the establishing of the logical inter-connection between the provided first and second computer networks includes establishing a first logical connection from at least one of the first networking devices to a virtual peering router and includes establishing a second logical connection from at least one of the second networking devices to the virtual peering router.
  - 9. The computing system of claim 4 wherein the computing system is part of a configurable network service that provides an interface for use by the first and second clients to configure the provided first and second virtual computer networks, and wherein the first and second computing nodes are a subset of a plurality of computing nodes provided by the configurable network service for use with the provided first and second computer networks.
  - 10. The computing system of claim 4 wherein the stored instructions include instructions that upon execution further cause the computing system to configure one or more first computer systems associated with the first computing nodes to forward multiple additional communications between the first computing nodes over the third computer network, and to configure one or more second computer systems associated with the second computing nodes to forward multiple other additional communications between the second computing nodes over the third computer network.

22. A computer-implemented method, comprising:
- providing, by one or more computing systems of a network service, a first virtual computer network for a first client by overlaying the first virtual computer network on a distinct substrate network, the first virtual computer network being configured in accordance with received information that specifies inter-connections between first computing nodes of the first virtual computer network;
  
  establishing, by the one or more computing systems, a first connection between the first virtual computer network and a virtual peering router that enables interactions with one or more other second virtual computer networks that have second computing nodes;
  
  receiving, by the one or more computing systems, one or more routing communications via an established second connection between the virtual peering router and at least one of the one or more other second virtual computer networks, the one or more routing communications including network routing information for the at least one second virtual computer networks and being specified in accordance with one or more defined network routing protocols; and
  
  forwarding, by the one or more computing systems, one or more communications between the first virtual computer network and the one or more second virtual computer networks by using the network routing information included in the received one or more routing communications to direct a communication from one of the first computing nodes of the first virtual computer network to one or more of the second computing nodes of the second virtual computer networks.
- View Dependent Claims (23, 24, 25)
- - 23. The method of claim 22 wherein the one or more second virtual computer networks are provided to a second client, and wherein the method further comprises automatically providing the one or more second virtual computer networks in accordance with information received from the second client by overlaying the one or more second virtual computer networks on the substrate network.
  - 24. The method of claim 22 further comprising performing one or more configurations for the first virtual computer network in accordance with peering configuration information supplied by the first client for the virtual peering router, the peering configuration information limiting communications that are allowed to be sent to the first computing nodes of the first virtual computer network via the virtual peering router from other virtual computer networks.
  - 25. The method of claim 22 further comprising performing one or more configurations for the first virtual computer network in accordance with peering configuration information supplied by the first client for the virtual peering router, the peering configuration information limiting communications that are allowed to be sent from the first computing nodes of the first virtual computer network via the virtual peering router to other virtual computer networks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Miller, Kevin Christopher, Brandwine, Eric Jason, Doane, Andrew J.
Primary Examiner(s)
Dinh, Khanh

Application Number

US13/194,840
Time in Patent Office

473 Days
Field of Search

709/223, 709/227, 709/228, 709/232, 370/254
US Class Current

709/223
CPC Class Codes

H04L 41/0803   Configuration setting

H04L 41/0895   Configuration of virtualise...

H04L 41/12   Discovery or management of ...

H04L 41/122   of virtualised topologies, ...

H04L 41/40   using virtualisation of net...

H04L 45/02   Topology update or discovery

H04L 49/15   Interconnection of switchin...

H04L 49/252   Store and forward routing

H04L 49/70   Virtual switches

H04L 65/1069   Session establishment or de...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Using virtual networking devices to connect managed computer networks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

418 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Using virtual networking devices to connect managed computer networks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

418 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links