Managing integration of external nodes into provided computer networks

US 8,396,946 B1
Filed: 03/31/2010
Issued: 03/12/2013
Est. Priority Date: 03/31/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving configuration information indicating a specified network topology for a first virtual computer network and indicating multiple virtual network addresses for use with multiple computing nodes of the first virtual computer network, wherein the multiple virtual network addresses include an indicated range of virtual network addresses that are a subset of the multiple virtual network addresses and that are for use with an external location having a first external device of the first virtual computer network, wherein the multiple computing nodes are connected to a substrate network, and wherein the external location of the first external device is separated from the substrate network via one or more external connections that are not part of the substrate network; and

providing, by one or more programmed computing systems, the first virtual computer network in accordance with the received configuration information by overlaying the first virtual computer network on the substrate network without physically implementing the specified network topology for the first virtual computer network, the providing of the first virtual computer network including;

for a first communication that is sent by one of the multiple computing nodes to a destination that is another of the multiple computing nodes, encoding the first communication in a manner specific to the substrate network, and forwarding the encoded first communication over the substrate network to the destination another computing node;

after receiving an indication of a second communication that a source one of the multiple computing nodes specifies to be sent to a first virtual network address in the indicated range that is associated with the first external device, encoding the second communication in a manner specific to the substrate network, and forwarding the encoded second communication over the substrate network from the source one computing node to a translation manager module associated with the first external device; and

under control of the translation manager module,decoding the forwarded encoded second communication to remove information specific to the substrate network; and

further forwarding the decoded second communication from the substrate network to the first external device over the one or more external connections.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network, including for communications between computing nodes of the managed virtual computer network connected to the substrate network and other network nodes external to the substrate network. The managed virtual computer network may have multiple associated virtual network addresses, with each of the computing nodes being associated with at least one of the virtual network addresses, and with one or more external network nodes being integrated into the managed virtual computer network based at least in part by associating one or more other of the virtual network addresses with the external network nodes. The managing of the communications may further include using one or more translation manager modules that interconnect the substrate network with one or more external networks or other external connections via which the external network nodes are accessible.

Citations

29 Claims

1. A computer-implemented method comprising:
- receiving configuration information indicating a specified network topology for a first virtual computer network and indicating multiple virtual network addresses for use with multiple computing nodes of the first virtual computer network, wherein the multiple virtual network addresses include an indicated range of virtual network addresses that are a subset of the multiple virtual network addresses and that are for use with an external location having a first external device of the first virtual computer network, wherein the multiple computing nodes are connected to a substrate network, and wherein the external location of the first external device is separated from the substrate network via one or more external connections that are not part of the substrate network; and
  
  providing, by one or more programmed computing systems, the first virtual computer network in accordance with the received configuration information by overlaying the first virtual computer network on the substrate network without physically implementing the specified network topology for the first virtual computer network, the providing of the first virtual computer network including;
  
  for a first communication that is sent by one of the multiple computing nodes to a destination that is another of the multiple computing nodes, encoding the first communication in a manner specific to the substrate network, and forwarding the encoded first communication over the substrate network to the destination another computing node;
  
  after receiving an indication of a second communication that a source one of the multiple computing nodes specifies to be sent to a first virtual network address in the indicated range that is associated with the first external device, encoding the second communication in a manner specific to the substrate network, and forwarding the encoded second communication over the substrate network from the source one computing node to a translation manager module associated with the first external device; and
  
  under control of the translation manager module,decoding the forwarded encoded second communication to remove information specific to the substrate network; and
  
  further forwarding the decoded second communication from the substrate network to the first external device over the one or more external connections.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein the encoding of the first communication in the manner specific to the substrate network includes adding information to the encoded first communication that is specific to the substrate network, and wherein the providing of the first virtual computer network further includes:
    - receiving the forwarded encoded first communication after the forwarding over the substrate network to the destination another computing node;
      
      decoding the received encoded first communication to remove the added information specific to the substrate network;
      
      further encoding the decoded first communication to include information specific to the first virtual computer network; and
      
      providing the further encoded first communication to the destination another computing node.
  - 3. The method of claim 1 wherein the overlaying of the first virtual computer network on the substrate network further includes configuring the translation manager module to manage communications between the first external device and the multiple computing nodes, and wherein the translation manager module is configured to, before performing the further forwarding of the decoded second communication, modify the decoded second communication to be directed to the external location and to include information specific to the first virtual computer network, and wherein the decoded second communication that is further forwarded is the modified decoded second communication.
  - 4. The method of claim 3 wherein the information specific to the first virtual computer network that is included in the modified decoded second communication is a virtual local area network (“
    - VLAN”
      
      ) identifier specific to the first virtual computer network.
  - 5. The method of claim 1 wherein the one or more external connections include one or more intervening networks between the substrate network and the first external device, and wherein the translation manager module is part of an edge device that inter-connects the substrate network and at least one of the one or more intervening networks.
  - 6. The method of claim 1 wherein the one or more programmed computing systems are part of a configurable network service that provides virtual computer networks to clients, wherein the multiple computing nodes and the translation manager module are operated under control of the configurable network service, and wherein the first external device is operated under control of an entity distinct from an operator of the configurable network service.
  - 7. The method of claim 6 wherein the first virtual computer network is provided to a first client by the configurable network service, wherein the first external device is operated under control of the first client, and wherein the first external device is part of a private computer network of the first client.
  - 8. The method of claim 6 wherein the multiple computing nodes and the translation manager module and the substrate network are part of a first data center, wherein the first external device is located at a co-location facility for the first data center, and wherein the one or more external connections include one or more connections between the first data center and the co-location facility.
  - 9. The method of claim 1 wherein the specified network topology indicates a group of multiple external network nodes that are part of the first virtual computer network, the first external device being one of the multiple external devices, and wherein the method further comprises, under control of the translation manager module:
    - receiving multiple third additional communications that are sent from the multiple computing nodes to the multiple external network nodes, the multiple third additional communications each being encoded for the substrate network and forwarded to the translation manager module over the substrate network, and for each of the third additional communications, decoding the received encoded third additional communication to remove information specific to the substrate network and further forwarding the decoded third additional communication to an external network address associated with one of the multiple external network nodes to which the third additional communication is directed; and
      
      receiving multiple fourth additional communications that are sent from the multiple external network nodes to the multiple computing nodes, the multiple fourth additional communications each being forwarded to the translation manager module over the one or more external connections, and for each of the fourth additional communications, encoding the received fourth additional communication to include information specific to the substrate network and further forwarding the encoded fourth additional communication to a substrate network address associated with one of the multiple computing nodes to which the fourth additional communication is directed.
  - 10. The method of claim 1 wherein the one or more programmed computing systems are part of a configurable network service that provides virtual computer networks to clients, wherein the first virtual computer network is provided to a first client by the configurable network service, and wherein the first external device is configured to provide a type of functionality that is not available from the configurable network service or a type of functionality specified by the first client for handling communications as an intermediate destination that are sent between two or more of the multiple computing nodes.
  - 11. The method of claim 1 wherein the one or more programmed computing systems are part of a configurable network service that provides the first virtual computer network to a first client and that provides multiple other virtual computer networks to multiple other clients, wherein the multiple computing nodes of the first virtual computer network each has an associated virtual network address for the first virtual computer network and has a distinct substrate network address that indicates a location of the computing node in the substrate network, and wherein communications sent between the multiple computing nodes of the first virtual computer network are transmitted on the substrate network in an encoded form that uses information specific to the substrate network and that uses a specified destination substrate network address for forwarding over the substrate network.

12. A non-transitory computer-readable storage medium whose stored contents configure a computing system to perform a method, the method comprising:
- obtaining configuration information specified by a client for a first virtual computer network having multiple computing nodes within a substrate network and having one or more external network nodes at an external location outside of the substrate network, the configuration information indicating a plurality of virtual network addresses for the first virtual computer network, the plurality of virtual network addresses having an indicated range of one or more virtual network addresses that are a subset of the plurality of virtual network addresses and are associated with the external network nodes at the external location;
  
  under control of the configured computing system, managing a first communication sent to a destination virtual network address that is associated with a destination computing node of the multiple computing nodes, wherein the destination virtual network address is one of the plurality of virtual network addresses that is not in the indicated range, the managing of the first communication including forwarding the first communication over the substrate network to a location in the substrate network of the destination computing node; and
  
  under control of the configured computing system, managing a second communication sent to a destination virtual network address from the indicated range that is associated with one of the external network nodes by;
  
  determining that a translation manager module in the substrate network is configured to manage communications for the one external network node, the translation manager module having an associated substrate network address that corresponds to a location of the translation manager module in the substrate network; and
  
  forwarding the second communication over the substrate network to the location in the substrate network of the translation manager module to enable the translation manager module to further forward the second communication externally to the substrate network to the one external network node, the forwarding of the second communication to the translation manager module including using the substrate network address associated with the translation manager module.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. The computer-readable storage medium of claim 12 wherein the one or more external network nodes are each an external device that is separated from the substrate network via one or more intervening networks, wherein the first communication is encoded in a manner specific to the substrate network before the forwarding of the first communication and is decoded after the forwarding of the first communication before the decoded first communication is provided to the destination computing node, and wherein the forwarded second communication is encoded in a manner specific to the substrate network before the forwarding of the second communication and is decoded by the translation manager module after the forwarding of the second communication before the decoded second communication is further forwarded over the one or more intervening networks to the one external network node.
  - 14. The computer-readable storage medium of claim 12 wherein the method further comprises, under control of the translation manager module, and for the forwarded second communication:
    - receiving the forwarded second communication, the received forwarded second communication being encoded to include information specific to the substrate network;
      
      decoding the received encoded second communication to remove the information specific to the substrate network; and
      
      further forwarding the decoded second communication from the substrate network to the external network node using an external network address that is associated with that external network node.
  - 15. The non-transitory computer-readable storage medium of claim 12 wherein the virtual network addresses of the indicated range are associated with one or more translation manager modules that are configured to forward communications to any of the virtual network addresses of the indicated range to the external location, the one or more translation manager modules including the determined translation manager module.
  - 16. The non-transitory computer-readable storage medium of claim 15 wherein the one or more external network nodes include multiple external network nodes, wherein the one or more virtual network addresses of the indicated range include multiple virtual network addresses, and wherein the multiple external network nodes each have a distinct associated first virtual network address that is one of the virtual network addresses of the indicated range.
  - 17. The non-transitory computer-readable storage medium of claim 15 wherein the one or more external network nodes include a single external network node having an associated virtual network address from the indicated range, wherein one or more other of the virtual network addresses of the indicated range are not associated with any external network nodes at a first time, and wherein the method further comprises managing one or more additional communications that each include a destination network address that is one of the other virtual network addresses of the indicated range, the managing of each of the one or more additional communications including forwarding the additional communication over the substrate network to a location in the substrate network of one of the one or more translation manager modules to enable the one translation manager module to further forward the communication from the substrate network to the external location.
  - 18. The non-transitory computer-readable storage medium of claim 12 wherein the method further comprises, under control of the translation manager module, receiving the forwarded second communication and determining not to perform further forwarding of the received forwarded second communication to the one external network node.
  - 19. The non-transitory computer-readable storage medium of claim 12 wherein the method further comprises metering a quantity of communications that are forwarded to at least one of the external network nodes.
  - 20. The non-transitory computer-readable storage medium of claim 12 wherein the obtained configuration information includes information about a threshold of use of the one external network node, and wherein the method further comprises, under control of the translation manager module, performing further forwarding of the forwarded second communication to the one external network node only if it is determined that the further forwarding satisfies the threshold of use of the one external network node.
  - 21. The non-transitory computer-readable storage medium of claim 12 wherein the one external network node has a threshold of use based at least in part on a capacity of the one external network node for handling forwarded communications, and wherein the method further comprises, under control of the translation manager module, performing further forwarding of the forwarded second communication to the one external network node only if it is determined that the further forwarding satisfies the threshold of use of the one external network node.
  - 22. The non-transitory computer-readable storage medium of claim 12 wherein the managing of the second communication is performed by a communication manager module of a configurable network service, and wherein the method further comprises determining that the one external network node is not currently available and inhibiting future forwarding of communications to the one external network node.
  - 23. The computer-readable storage medium of claim 12 wherein the obtained configuration information includes a specified network topology for the first virtual computer network, wherein the first virtual computer network is overlaid on the substrate network without physically implementing the specified network topology for the first virtual computer network, and wherein the stored contents are instructions that, when executed, program the computing system to perform the method.

24. A computing system, comprising:
- one or more hardware processors and memory; and
  
  a communication manager module associated with one or more of multiple computing nodes of a first virtual computer network that is overlaid on one or more distinct second networks used as a substrate and that has multiple associated virtual network addresses, the one or more second networks interconnecting the multiple computing nodes, the communication manager module being configured to, when executed by at least one of the one or more hardware processors, manage multiple communications sent by the one or more computing nodes, the managing of the multiple communications by the communication manager module including;
  
  for a first of the multiple communications that is directed to a destination first virtual network address of the first virtual computer network, the destination first virtual network address being from an indicated range of virtual network addresses that are a subset of the multiple virtual network addresses and being associated with a first external network node of the first virtual computer network that is at an external location separate from the one or more second networks;
  
  determining to use a translation manager module connected to the one or more second networks to manage forwarding of the first communication to the first external network node;
  
  encoding the first communication in a manner specific to the one or more second networks; and
  
  sending the encoded first communication to the one or more second networks for forwarding to the translation manager module, to enable the translation manager module to decode the encoded first communication and further forward the decoded first communication to the first external network node at the external location; and
  
  for a second communication of the multiple communications that is directed to a destination second virtual network address of the first virtual computer network, the destination second virtual network address being one of the multiple virtual network addresses outside of the indicated range and being associated with one of the multiple computing nodes of the first virtual computer network, encoding the second communication in a manner specific to the one or more second networks, and sending the encoded second communication to the one or more second networks for forwarding to the one computing node associated with the destination virtual network address without being provided to the translation manager module.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The computing system of claim 24 wherein each of the multiple computing nodes is associated with one of the multiple virtual network addresses outside of the indicated range and has a distinct associated substrate network address for the substrate one or more second networks, wherein the sending of the encoded first communication to the one or more second networks for forwarding to the translation manager module includes sending the encoded first communication to a substrate network address of the translation manager module that corresponds to a location of the translation manager module in the substrate one or more second networks, and wherein the sending of the encoded second communication to the one or more second networks for forwarding to the one computing node associated with the destination second virtual network address includes sending the second communication to the substrate network address associated with that one computing node.
  - 26. The computing system of claim 24 further comprising the translation manager module to which the encoded first communication is forwarded, the translation manager module being associated with one or more external network nodes for the first virtual computer network and being configured to manage communications between the associated one or more external network nodes and the multiple computing nodes, the managing of the communications by the translation manager module including:
    - receiving the forwarded encoded first communication from the substrate one or more second networks;
      
      decoding the received encoded first communication to remove information specific to the substrate one or more second networks; and
      
      further forwarding the decoded first communication outside the substrate one or more second networks to the first external network node.
  - 27. The computing system of claim 26 wherein the communication manager module is further configured to manage incoming communications sent to the one or more computing nodes of the first virtual computer network with which the communication manager module is associated, the managing of the incoming communications including:
    - receiving one of the forwarded encoded second communications from the substrate one or more second networks;
      
      decoding the received encoded second communication to remove information specific to the substrate one or more second networks;
      
      further encoding the decoded second communication in a manner specific to the first virtual computer network; and
      
      providing the further encoded second communication to one of the one or more computing nodes with which the communication manager module is associated, the one computing node being associated with the destination second virtual network address to which the further encoded second communication was directed before the encoding and forwarding of the second communication over the substrate one or more second networks.
  - 28. The computing system of claim 27 further comprising a system manager module configured to:
    - obtain configuration information specified by a user on whose behalf the first virtual computer network is provided, the configuration information including a specified network topology for the first virtual computer network and indicating the first external network node for the first virtual computer network; and
      
      before the managing of the multiple communications by the communication manager module, configure the translation manager module to manage communications between the multiple computing nodes and the first external network node.
  - 29. The computing system of claim 24 wherein the communication manager module includes software instructions for execution by the at least one hardware processors of the computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Brandwine, Eric Jason, Miller, Kevin Christopher
Primary Examiner(s)
Lazaro, David
Assistant Examiner(s)
Ashraf, Waseem

Application Number

US12/752,036
Time in Patent Office

1,077 Days
Field of Search

709/220
US Class Current

709/220
CPC Class Codes

H04L 12/6418   Hybrid transport

H04L 41/08   Configuration management of...

H04L 41/0895   Configuration of virtualise...

Managing integration of external nodes into provided computer networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Managing integration of external nodes into provided computer networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links