Using virtual networking devices and routing information to associate network addresses with computing nodes

US 9,036,504 B1
Filed: 12/07/2009
Issued: 05/19/2015
Est. Priority Date: 12/07/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

providing, by one or more configured computing systems of a configurable network service, a first virtual computer network for a first client in accordance with specified configuration information, wherein the configuration information indicates one or more specified virtual router devices that are part of the first virtual computer network and that are indicated to interconnect multiple computing nodes of the first virtual computer network and further indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, the providing of the first virtual computer network including;

forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, the forwarding of the one or more communications including emulating functionality of the one or more specified virtual router devices related to modifying the one or more communications as part of the forwarding;

intercepting a routing communication that is directed to at least one of the specified virtual router devices and that includes specified network routing information indicating that the specified computing node is newly associated with the first virtual network address, the specified computing node being distinct from the first computing node;

updating the configuration information for the first virtual computer network based on the specified network routing information included in the received routing communication, the updating of the configuration information including associating the first virtual network address with the specified computing node; and

after the updating of the configuration information, forwarding one or more additional communications directed to the first virtual network address to the specified computing node based on the updated configuration information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.

160 Citations

24 Claims

1. A computer-implemented method comprising:
- providing, by one or more configured computing systems of a configurable network service, a first virtual computer network for a first client in accordance with specified configuration information, wherein the configuration information indicates one or more specified virtual router devices that are part of the first virtual computer network and that are indicated to interconnect multiple computing nodes of the first virtual computer network and further indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, the providing of the first virtual computer network including;
  
  forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, the forwarding of the one or more communications including emulating functionality of the one or more specified virtual router devices related to modifying the one or more communications as part of the forwarding;
  
  intercepting a routing communication that is directed to at least one of the specified virtual router devices and that includes specified network routing information indicating that the specified computing node is newly associated with the first virtual network address, the specified computing node being distinct from the first computing node;
  
  updating the configuration information for the first virtual computer network based on the specified network routing information included in the received routing communication, the updating of the configuration information including associating the first virtual network address with the specified computing node; and
  
  after the updating of the configuration information, forwarding one or more additional communications directed to the first virtual network address to the specified computing node based on the updated configuration information.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the network routing information included in the received routing communication is specified in accordance with one or more predefined network routing protocols.
  - 3. The method of claim 1 wherein the providing of the first virtual computer network further includes overlaying the first virtual computer network on a distinct substrate network without physically providing the one or more specified virtual router devices, and wherein the intercepting of the routing communication is performed before the routing communication is forwarded over the substrate network and includes inhibiting forwarding of the intercepted routing communication to the at least one specified virtual router device to which the intercepted routing communication is directed.
  - 4. The method of claim 1 wherein the configurable network service provides a plurality of computing nodes for use in provided virtual computer networks, and further provides multiple other virtual computer networks distinct from the first virtual computer network to multiple other clients.
  - 5. The method of claim 1 wherein the multiple computing nodes are each a virtual machine hosted on one of multiple physical computing systems of the configurable network service, and wherein the providing of the first virtual computer network includes configuring one or more virtual machine communication manager modules that execute on one or more of the physical computing systems to manage communications for the hosted virtual machines.

6. A computer-implemented method comprising:
- providing, by one or more configured computing systems of a configurable network service, a first virtual computer network for a first client in accordance with specified configuration information, wherein the configuration information indicates one or more specified virtual router devices of the first virtual computer network that interconnect multiple computing nodes of the first virtual computer network and further indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, the providing of the first virtual computer network including;
  
  forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, wherein the forwarding of the one or more communications includes emulating functionality of the one or more specified virtual router devices related to modifying the one or more communications as part of the forwarding, and wherein the first virtual network address is specified in the configuration information to be an anycast address for the first virtual computer network that may be associated with a group of one or more of the multiple computing nodes that includes the first computing node;
  
  receiving a routing communication directed to at least one of the specified virtual router devices that includes specified network routing information indicating that the specified computing node is newly associated with the first virtual network address, the specified computing node being distinct from the first computing node; and
  
  updating the configuration information for the first virtual computer network based on the specified network routing information included in the received routing communication, wherein the updating of the configuration information for the first virtual computer network includes associating the first virtual network address with the specified computing node by designating that the specified computing node is one of the group of computing nodes.
- View Dependent Claims (7)
- - 7. The method of claim 6 wherein the specified configuration information is received from the first client and includes indications of multiple virtual network addresses to be used with the first virtual computer network, the first virtual network address being one of the multiple virtual network addresses and being designated by the first client as an anycast address, and wherein the updating of the configuration information is performed based at least in part on the specified configuration information received from the first client.

8. A computer-implemented method comprising:
- providing, by one or more configured computing systems of a configurable network service, a first virtual computer network for a first client in accordance with specified configuration information, wherein the configuration information indicates one or more specified virtual router devices of the first virtual computer network that interconnect multiple computing nodes of the first virtual computer network and further indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, the providing of the first virtual computer network including;
  
  forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, wherein the forwarding of the one or more communications includes emulating functionality of the one or more specified virtual router devices related to modifying the one or more communications as part of the forwarding, and wherein the first virtual network address is specified in the configuration information to be associated with the first computing node and to be a target address for the first virtual computer network that is enabled to be migrated between and serially associated with two or more of the multiple computing nodes;
  
  receiving a routing communication directed to at least one of the specified virtual router devices that includes specified network routing information indicating that a specified computing node is newly associated with the first virtual network address, the specified computing node being distinct from the first computing node; and
  
  updating the configuration information for the first virtual computer network based on the specified network routing information included in the received routing communication, wherein the updating of the configuration information for the first virtual computer network includes associating the first virtual network address with the specified computing node by designating to transfer an association of the first virtual network address from the first computing node to the specified computing node.

9. A non-transitory computer-readable storage medium having stored contents that configure a computing system to:
- provide, by the configured computing system, a first virtual computer network for a first client in accordance with configuration information, wherein the configuration information specifies interconnections between multiple computing nodes of the first virtual computer network that include one or more virtual router devices of the first virtual computer network and indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, wherein the configured computing system is part of a configurable network service that provides multiple virtual computer networks to multiple remote clients and that provides a plurality of co-located computing nodes for use with the multiple virtual computer networks, wherein the multiple computing nodes of the first virtual computer network are a subset of the plurality of computing nodes, and wherein the providing of the first virtual computer network includes;
  
  forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, the forwarding of the one or more communications including emulating functionality of the one or more virtual router devices related to modifying the one or more communications as part of the forwarding;
  
  receiving a routing communication that is directed to at least one of the one or more virtual router devices and that includes specified routing information indicating an external public network address for use by computer systems external to the first virtual computer network in directing communications to a specified computing node of the first virtual computer network;
  
  initiating one or more routing announcements external to the first virtual computer network that indicate that the external public network address is associated with the first virtual computer network; and
  
  receiving one or more external communications that are from one or more remote computer systems external to the first virtual computer network and that are directed to the external public network address based at least in part on the one or more routing announcements, and forwarding the received one or more external communications to the specified computing node.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The non-transitory computer-readable storage medium of claim 9 wherein the received routing communication is sent by the first computing node, and wherein specified computing node to which the received one or more external communications are forwarded is the first computing node.
  - 11. The non-transitory computer-readable storage medium of claim 9 wherein the stored contents further configure the computing system to update the configuration information for the first virtual computer network based on the specified routing information.
  - 12. The non-transitory computer-readable storage medium of claim 9 wherein the configuration information specifies the one or more virtual router devices, and wherein the emulating of the functionality of the one or more virtual router devices is performed without physically providing the one or more virtual router devices as part of the first virtual computer network.
  - 13. The non-transitory computer-readable storage medium of claim 9 wherein the stored contents are instructions that, when executed, program the configured computing system to perform the providing of the first virtual computer network, and wherein the providing of the first virtual computer network further includes:
    - after the forwarding of the one or more communications, intercepting an additional routing communication that is directed to at least one of the one or more virtual router devices and that includes additional routing information for the first virtual computer network, the additional routing information indicating that the specified computing node is newly associated with the first virtual network address; and
      
      updating the configuration information based on the additional routing communication, and for one or more additional communications that are directed to the first virtual network address, forwarding the one or more additional communications to the specified computing node in accordance with the updated configuration information.
  - 14. The non-transitory computer-readable storage medium of claim 9 wherein the initiated one or more routing announcements external to the first virtual computer network are provided to at least the one or more remote computer systems and further indicate that the external public network address is associated with the configurable network service, and wherein the one or more remote computer systems are further external to the configurable network service.
  - 15. The non-transitory computer-readable storage medium of claim 9 wherein the providing of the first virtual computer network further includes overlaying the first virtual computer network on a distinct substrate network without physically providing the one or more virtual router devices, and wherein the receiving of the routing communication includes intercepting the routing communication before the routing communication is forwarded over the substrate network.

16. A non-transitory computer-readable storage medium having stored contents that configure a computing system to:
- provide, by the configured computing system, a first virtual computer network for a first client in accordance with configuration information, wherein the configured computing system is part of a configurable network service that provides the first virtual computer network, wherein the configuration information specifies interconnections between multiple computing nodes of the first virtual computer network that include one or more virtual router devices of the first virtual computer network and indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, and wherein the providing of the first virtual computer network includes;
  
  forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, the forwarding of the one or more communications including emulating functionality of the one or more virtual router devices related to modifying the one or more communications as part of the forwarding without physically providing the one or more virtual router devices;
  
  receiving a routing communication that is directed to at least one of the one or more virtual router devices and that includes specified routing information indicating an external public network address for use by computer systems external to the first virtual computer network in directing communications to a specified computing node of the first virtual computer network, wherein the external public network address is assigned to the first client by an entity external to the configurable network service;
  
  initiating one or more routing announcements external to the first virtual computer network that indicate that the external public network address is associated with the first virtual computer network; and
  
  receiving one or more external communications that are from one or more remote computer systems external to the first virtual computer network and that are directed to the external public network address, and forwarding the received one or more external communications to the specified computing node; and
  
  before the initiating of the one or more routing announcements external to the first virtual computer network, verify that the first client is authorized to use the external public network address outside the configurable network service based at least in part on information provided by the first client to the configurable network service.

17. A non-transitory computer-readable storage medium having stored contents that configure a computing system to:
- provide, by the configured computing system, a first virtual computer network for a first client in accordance with configuration information, wherein the configuration information specifies interconnections between multiple computing nodes of the first virtual computer network that include one or more virtual router devices and indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a virtual network address while the first virtual computer network is in use, the providing of the first virtual computer network including;
  
  forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first virtual network address, one or more communications that are directed to the first virtual network address, the forwarding of the one or more communications including emulating functionality of the one or more virtual router devices related to modifying the one or more communications as part of the forwarding without physically providing the one or more virtual router devices;
  
  receiving a routing communication that is directed to at least one of the one or more virtual router devices and that includes specified routing information indicating an external public network address for use by computer systems external to the first virtual computer network in directing communications to a specified computing node of the first virtual computer network, wherein the specified routing information in the received routing communication further indicates an additional external public network address for use with the first virtual computer network;
  
  initiating one or more routing announcements external to the first virtual computer network that indicate that the external public network address is associated with the first virtual computer network; and
  
  receiving one or more external communications that are from one or more remote computer systems external to the first virtual computer network and that are directed to the external public network address, and forwarding the received one or more external communications to the specified computing node; and
  
  determine to prevent initiation of any additional routing announcements external to the first virtual computer network that indicate that the additional external public network address is associated with the first virtual computer network.
- View Dependent Claims (18, 19)
- - 18. The non-transitory computer-readable storage medium of claim 17 wherein the configuration information is received from the first client and includes an indication of one or more computing nodes authorized to announce one or more external public network addresses that do not include the first computing node, wherein the received routing communication is sent by the first computing node, and wherein the determining to prevent the initiation of the additional routing announcements is based on the first computing node not being one of the indicated one or more computing nodes that are authorized.
  - 19. The non-transitory computer-readable storage medium of claim 17 wherein the configuration information is received from the first client and includes an indication of one or more external public network addresses that are authorized to be used with the first virtual computer network, wherein the additional external public network address is not one of the indicated one or more external public network addresses that are authorized, and wherein the determining to prevent the initiation of the additional routing announcements is based on the additional external public network address not being one of the indicated one or more external public network addresses that are authorized.

20. A computing system, comprising:
- one or more processors; and
  
  a manager module that is part of a configurable network service and is configured to, when executed by at least one of the processors, provide computer networks to one or more remote clients by, for each of the one or more remote clients;
  
  configuring a first computer network provided for the client in accordance with configuration information from the client, wherein the configuration information indicates interconnections between multiple computing nodes of the provided computer network that include one or more virtual router devices of the provided first computer network and further indicates that a specified computing node of the multiple computing nodes is authorized to dynamically obtain an association to a network address while the first computer network is in use;
  
  forwarding multiple communications between the multiple computing nodes over the substrate computer network while emulating functionality of the one or more virtual router devices related to modifying the one or more communications as part of the forwarding without physically providing the one or more virtual router devices, the forwarding of the multiple communications including forwarding, to a first computing node that is one of the multiple computing nodes and is initially associated with a first network address, one or more communications that are directed to the first network address;
  
  receiving one or more routing communications that are each directed to at least one of the one or more virtual router devices and include routing information for the first computer network, the routing information indicating that the specified computing node is associated with the first network address, the specified computing node being distinct from the first computing node;
  
  determining whether the specified computing node is authorized to be associated with the first network address; and
  
  after the receiving of the one or more routing communications, and if the specified computing node is determined to be authorized to be associated with the first network address, forwarding one or more additional communications that are each directed to the first network address to the specified computing node based at least in part on the routing information included in the received one or more routing communications.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The computing system of claim 20 wherein the manager module includes software instructions for execution by the at least one processor.
  - 22. The computing system of claim 20 wherein the one or more clients include multiple remote clients, wherein the configurable network service provides an interface for use by the multiple remote clients to configure the computer networks provided for use by the clients, and wherein the configuration information for each of the multiple remote clients is received via the provided interface.
  - 23. The computing system of claim 20 wherein the multiple computing nodes of each of the provided computer networks are a subset of a plurality of computing nodes provided by the configurable network service for use with the provided computer networks, wherein the second computer network is a substrate network, wherein the provided computer networks are each virtual computer networks overlaid on the substrate network, and wherein the first network address for each of the provided computer networks is one of multiple virtual network addresses associated with that provided computer network.
  - 24. The computing system of claim 20 wherein the providing of the computer networks further includes overlaying each of the provided first computer networks on a distinct substrate network without physically providing the one or more virtual router devices of each of the provided first computer networks, and the receiving of the one or more routing communications for each of the provided first computer networks includes intercepting the one or more routing communications before the one or more routing communications are forwarded over the substrate network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Miller, Kevin Christopher, Brandwine, Eric Jason, Doane, Andrew J.
Primary Examiner(s)
Hsu, Alpus H
Assistant Examiner(s)
Divito, Walter

Application Number

US12/632,718
Time in Patent Office

1,989 Days
Field of Search
US Class Current

370/254
CPC Class Codes

H04L 41/0816   the condition being an adap...

H04L 41/0895   Configuration of virtualise...

H04L 41/12   Discovery or management of ...

H04L 41/40   using virtualisation of net...

H04L 45/02   Topology update or discovery

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/586   of virtual routers

Using virtual networking devices and routing information to associate network addresses with computing nodes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

160 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Using virtual networking devices and routing information to associate network addresses with computing nodes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

160 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links