Methods and apparatus for remapping public network addresses on a network to an external network via an intermediate network

US 8,751,691 B1
Filed: 03/23/2011
Issued: 06/10/2014
Est. Priority Date: 03/23/2011
Status: Active Grant

First Claim

Patent Images

1. A provider network, comprising:

one or more server devices configured to;

assign subsets of a plurality of public Internet Protocol (IP) addresses to customers as customer IP addresses and assign subsets of a plurality of resource instances on the provider network to the customers as customer resource instances;

map the customer IP addresses to particular ones of the customer resource instances on the provider network;

remap at least one of the customer IP addresses to a specified endpoint on a customer network external to the provider network; and

maintain mapping information that indicates current mappings of the customer IP addresses to the customer resource instances on the provider network and current remappings of the customer IP addresses to specified endpoints on the customer networks external to the provider network;

one or more network devices configured to;

receive packets from client devices, the packets indicating a customer IP address as a destination address and an IP address of the client device as a source address;

for at least some of the packets, determine, from the mapping information, whether the customer IP address indicated by the destination address of the packet is currently mapped to a customer resource instance on the provider network or is currently remapped to an endpoint on a customer network external to the provider network;

based on the determination;

for a packet for which the customer IP address is currently mapped to a customer resource instance on the provider network, send the packet to the respective customer resource instance via the provider network; and

for another packet for which the customer IP address is currently remapped to an endpoint on a customer network external to the provider network;

translate the destination address of the packet to determine a network address of the endpoint on the customer network;

modify the packet to indicate the network address of the endpoint on the customer network as a destination address; and

send the modified packet onto a public network to be routed to the customer network over the public network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for remapping IP addresses of a network to endpoints within a different network. A provider network may allocate IP addresses and resources to a customer. The provider network may allow the customer to map an IP address to remap an IP address to an endpoint on the customer'"'"'s network. When a packet is received from a client addressed to the IP address, the provider network may determine that the IP address has been remapped to the endpoint. The provider network may translate the source and destination addresses of the packet and modify the source address of the packet to indicate the endpoint as the destination, and send the modified packet to the endpoint via the Internetan intermediate network. Response traffic may be routed to the client through the provider network, or may be directly routed to the client by the customer network.

71 Citations

View as Search Results

33 Claims

1. A provider network, comprising:
- one or more server devices configured to;
  
  assign subsets of a plurality of public Internet Protocol (IP) addresses to customers as customer IP addresses and assign subsets of a plurality of resource instances on the provider network to the customers as customer resource instances;
  
  map the customer IP addresses to particular ones of the customer resource instances on the provider network;
  
  remap at least one of the customer IP addresses to a specified endpoint on a customer network external to the provider network; and
  
  maintain mapping information that indicates current mappings of the customer IP addresses to the customer resource instances on the provider network and current remappings of the customer IP addresses to specified endpoints on the customer networks external to the provider network;
  
  one or more network devices configured to;
  
  receive packets from client devices, the packets indicating a customer IP address as a destination address and an IP address of the client device as a source address;
  
  for at least some of the packets, determine, from the mapping information, whether the customer IP address indicated by the destination address of the packet is currently mapped to a customer resource instance on the provider network or is currently remapped to an endpoint on a customer network external to the provider network;
  
  based on the determination;
  
  for a packet for which the customer IP address is currently mapped to a customer resource instance on the provider network, send the packet to the respective customer resource instance via the provider network; and
  
  for another packet for which the customer IP address is currently remapped to an endpoint on a customer network external to the provider network;
  
  translate the destination address of the packet to determine a network address of the endpoint on the customer network;
  
  modify the packet to indicate the network address of the endpoint on the customer network as a destination address; and
  
  send the modified packet onto a public network to be routed to the customer network over the public network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The provider network as recited in claim 1, wherein the public network is the Internet.
  - 3. The provider network as recited in claim 1, wherein, for the other packet, the one or more network devices are further configured to modify the packet to indicate a network address of a network device on the provider network as a source address.
  - 4. The provider network as recited in claim 3, wherein, for the other packet, the one or more network devices are further configured to:
    - receive a response packet from the customer network via the public network, wherein the response packet indicates the network address of the endpoint on the customer network as a source address and the network address of the network device on the provider network as a destination address;
      
      translate the source address and the destination address of the response packet to determine the customer IP address and the IP address of the client device;
      
      modify the response packet to indicate the customer IP address as a source IP address and the IP address of the client device as a destination address; and
      
      send the modified response packet to the client device via the public network.
  - 5. The provider network as recited in claim 1, wherein the other packet is an IPv4 packet, and wherein, to modify the packet to indicate the network address of the endpoint on the customer network as a destination address, the one or more network devices are configured to generate an IPv6 packet as the modified packet, wherein the IPv6 packet includes the network address of the endpoint on the customer network as an IPv6 destination address.
  - 6. The provider network as recited in claim 5, wherein the one or more network devices are further configured to indicate a network address of a network device on the provider network as an IPv6 source address in the IPv6 packet.
  - 7. The provider network as recited in claim 6, wherein the one or more network devices are further configured to embed the IPv4 address of the client device in the IPv6 source address in the IPv6 packet.
  - 8. The provider network as recited in claim 1, wherein the provider network is a virtualized service provider network configured to provide the resource instances as virtualized resource instances to the customers of the provider network.
  - 9. The provider network as recited in claim 8, wherein the provider network is further configured to form a customer private network on the provider network for a particular customer, wherein the customer private network includes at least a subset of the plurality of resource instances assigned to the particular customer.
  - 10. The provider network as recited in claim 8, wherein the plurality of resource instances includes virtualized computation resources and virtualized storage resources.
  - 11. The provider network as recited in claim 8, wherein the provider network further comprises one or more devices configured to implement at least one virtualization service and at least one Application Programming Interface (API) to the at least one virtualization service, wherein the at least one API is accessible from a device on the customer network to:
    - obtain a subset of the plurality of public IP addresses as customer IP addresses;
      
      obtain a subset of the plurality of resource instances on the provider network as customer resource instances;
      
      specify mappings of the customer IP addresses obtained by the customer to particular customer resource instance obtained by the customer; and
      
      specify remappings of the customer IP addresses obtained by the customer to particular endpoints on the customer network.

12. A method, comprising:
- assigning, by one or more devices on a provider network, subsets of a plurality of Internet Protocol (IP) addresses to customers as customer IP addresses and subsets of a plurality of resource instances on the provider network to the customers as customer resource instances;
  
  maintaining, by the one or more devices, mapping information that indicates current mappings of the customer IP addresses to particular customer resource instances and remappings of the customer IP addresses to particular endpoints on customer networks external to the provider network;
  
  receiving, by the provider network, packets from client devices, the packets indicating a customer IP address as a destination address and an IP address of the client device as a source address;
  
  for at least some of the packets, determining, from the mapping information, whether the customer IP address indicated by the destination address of the packet is currently mapped to a customer resource instance on the provider network or is currently remapped to an endpoint on a customer network external to the provider network;
  
  for a packet for which the customer IP address is currently mapped to a customer resource instance on the provider network, sending the packet to the respective customer resource instance via the provider network; and
  
  for another packet for which the customer IP address is currently remapped to an endpoint on a customer network external to the provider network;
  
  translating the destination address of the packet to determine a network address of the endpoint on the customer network;
  
  modifying the packet to indicate the network address of the endpoint on the customer network as a destination address; and
  
  sending the modified packet from the provider network onto a shared network to be routed to the customer network over the shared network.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method as recited in claim 12, wherein the shared network is a private network to which access is limited to two or more entities.
  - 14. The method as recited in claim 12, further comprising, for the other packet, modifying the packet to indicate a network address of a network device on the provider network as a source address.
  - 15. The method as recited in claim 14, further comprising, for the other packet:
    - receiving, by the provider network, a response packet from the customer network via the shared network, wherein the response packet indicates the network address of the endpoint on the customer network as a source address and the network address of the network device on the provider network as a destination address;
      
      translating the source address and the destination address of the response packet to determine the customer IP address and the IP address of the client device;
      
      modifying the response packet to indicate the customer IP address as a source IP address and the IP address of the client device as a destination address; and
      
      sending the modified response packet from the provider network to the client device.
  - 16. The method as recited in claim 12, wherein the other packet is an IPv4 packet, and wherein modifying the packet to indicate the network address of the endpoint on the customer network as a destination address comprises generating an IPv6 packet as the modified packet, wherein the IPv6 packet includes the network address of the endpoint on the customer network as an IPv6 destination address.
  - 17. The method as recited in claim 16, further comprising indicating a network address of a network device on the provider network as an IPv6 source address in the IPv6 packet.
  - 18. The method as recited in claim 17, further comprising embedding the IPv4 address of the client device in the IPv6 source address of the IPv6 packet.
  - 19. The method as recited in claim 12, wherein the provider network is a virtualized service provider network configured to provide the resource instances as virtualized resource instances to the customers of the provider network.
  - 20. The method as recited in claim 19, further comprising forming a customer private network on the provider network for a particular customer, wherein the customer private network includes at least a subset of the plurality of resource instances assigned to the particular customer.
  - 21. The method as recited in claim 19, wherein the plurality of resource instances includes virtualized computation resources and virtualized storage resources.
  - 22. The method as recited in claim 19, further comprising:
    - receiving input mapping at least one customer IP address assigned to a customer to a customer resource instance assigned to the customer; and
      
      receiving input mapping at least one other customer IP address assigned to the customer to an endpoint on a customer network of the customer.

23. A non-transitory computer-accessible storage medium storing program instructions computer-executable to implement:
- receiving, on a provider network, a plurality of packets, wherein each packet indicates one of a plurality of public Internet Protocol (IP) addresses assigned to customers of the provider network as customer IP addresses as a destination address and an IP address of a client device as a source address;
  
  for each received packet, determining an endpoint to which the respective destination address is mapped, wherein the destination address of at least one received packet is mapped to an endpoint on a customer network external to the provider network and the destination address of at least one other received packet is mapped to a resource instance on the provider network that is assigned to a particular customer;
  
  for each packet for which the destination address is mapped to a resource instance on the provider network, sending the packet to the respective resource instance via the provider network; and
  
  for each packet for which the destination address is mapped to an endpoint on a customer network external to the provider network;
  
  translating the destination address of the packet to determine a network address of the endpoint on the customer network;
  
  modifying the packet to indicate the network address of the endpoint on the customer network as a destination address; and
  
  sending the modified packet from the provider network onto an intermediate network to be routed to the customer network over the intermediate network.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The non-transitory computer-accessible storage medium as recited in claim 23, wherein the intermediate network is one of a shared network or a public network.
  - 25. The non-transitory computer-accessible storage medium as recited in claim 23, wherein the program instructions are further computer-executable to implement, for at least one packet for which the destination address is mapped to an endpoint on a customer network external to the provider network, modifying the packet to indicate a network address of a network device on the provider network as a source address.
  - 26. The non-transitory computer-accessible storage medium as recited in claim 25, wherein the program instructions are further computer-executable to implement, for at least one packet for which the destination address is mapped to an endpoint on a customer network external to the provider network:
    - receiving, by the provider network, a response packet from a customer network via the network, wherein the response packet indicates the network address of the endpoint on the customer network as a source address and the network address of the network device on the provider network as a destination address;
      
      translating the source address and the destination address of the response packet to determine a customer IP address of the respective customer and a IP address of a client device to which the response packet is to be routed; and
      
      sending the response packet to the client device, wherein the response packet indicates the customer IP address as a source IP address and the IP address of the client device as a destination address.
  - 27. The non-transitory computer-accessible storage medium as recited in claim 23, wherein the plurality of packets include IPv4 packets, and wherein, in said modifying the packet to indicate the network address of the endpoint on the customer network as a destination address, the program instructions are further computer-executable to implement generating an IPv6 packet as the modified packet, wherein the IPv6 packet includes the network address of the endpoint on the customer network as an IPv6 destination address.
  - 28. The non-transitory computer-accessible storage medium as recited in claim 27, wherein the program instructions are further computer-executable to implement indicating a network address of a network device on the provider network as an IPv6 source address in the IPv6 packet.
  - 29. The non-transitory computer-accessible storage medium as recited in claim 28, wherein the program instructions are further computer-executable to implement embedding the IPv4 address of the client device in the IPv6 source address of the IPv6 packet.
  - 30. The non-transitory computer-accessible storage medium as recited in claim 23, wherein the provider network is a virtualized service provider network configured to provide a plurality of resource instances on the provider network as virtualized resource instances to the customers of the provider network.
  - 31. The non-transitory computer-accessible storage medium as recited in claim 30, wherein the program instructions are further computer-executable to implement forming a customer private network on the provider network for a particular customer, wherein the customer private network includes at least one resource instance on the provider network that is assigned to the particular customer.
  - 32. The non-transitory computer-accessible storage medium as recited in claim 30, wherein the plurality of resource instances includes virtualized computation resources and virtualized storage resources.
  - 33. The non-transitory computer-accessible storage medium as recited in claim 23, wherein the program instructions are further computer-executable to implement:
    - mapping at least one customer IP address assigned to a customer to a resource instance on the provider network assigned to the customer; and
      
      mapping at least one other customer IP address assigned to the customer to an endpoint on a customer network of the customer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Brandwine, Eric J., Dickinson, Andrew B.
Primary Examiner(s)
Whipple, Brian P
Assistant Examiner(s)
Chambers, Michael A

Application Number

US13/069,727
Time in Patent Office

1,175 Days
Field of Search

709/227, 709/238, 709/250, 370/398
US Class Current

709/250
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 61/2521   Translation architectures o...

H04L 61/2592   using tunnelling or encapsu...

Methods and apparatus for remapping public network addresses on a network to an external network via an intermediate network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

71 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for remapping public network addresses on a network to an external network via an intermediate network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links