Using virtual networking devices to connect managed computer networks

US 9,094,421 B1
Filed: 09/15/2012
Issued: 07/28/2015
Est. Priority Date: 12/28/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by one or more configured computing systems of a configurable network service, configuration information from a first client via an API (application programming interface) provided by the configurable network service, wherein the configuration information is sent by an executing program of the first client and specifies one or more virtual networking devices of a first virtual computer network and further includes first peering configuration information for use by a virtual peering router in blocking or allowing communications of one or more specified types, wherein the virtual peering router is configurable to interconnect multiple virtual computer networks;

providing, by the one or more configured computing systems, the first virtual computer network to the first client in accordance with the configuration information by overlaying the first virtual computer network on a substrate network and emulating functionality of the one or more virtual networking devices;

providing, by the one or more configured computing systems, functionality of the virtual peering router in accordance with the first peering configuration information;

establishing, by the one or more configured computing systems, a logical first connection between the provided first virtual computer network and the virtual peering router; and

forwarding, by the one or more configured computing systems, one or more communications between the first virtual computer network and one or more second virtual computer networks having one or more logical second connections to the virtual peering router.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage data communications between computing nodes of the inter-connected managed computer networks in accordance with client-specified configuration information.

Citations

23 Claims

1. A computer-implemented method comprising:
- receiving, by one or more configured computing systems of a configurable network service, configuration information from a first client via an API (application programming interface) provided by the configurable network service, wherein the configuration information is sent by an executing program of the first client and specifies one or more virtual networking devices of a first virtual computer network and further includes first peering configuration information for use by a virtual peering router in blocking or allowing communications of one or more specified types, wherein the virtual peering router is configurable to interconnect multiple virtual computer networks;
  
  providing, by the one or more configured computing systems, the first virtual computer network to the first client in accordance with the configuration information by overlaying the first virtual computer network on a substrate network and emulating functionality of the one or more virtual networking devices;
  
  providing, by the one or more configured computing systems, functionality of the virtual peering router in accordance with the first peering configuration information;
  
  establishing, by the one or more configured computing systems, a logical first connection between the provided first virtual computer network and the virtual peering router; and
  
  forwarding, by the one or more configured computing systems, one or more communications between the first virtual computer network and one or more second virtual computer networks having one or more logical second connections to the virtual peering router.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 further comprising, before the forwarding of the one or more communications, determining, by the one or more configured computing systems, to perform the forwarding of the one or more communications based at least in part on specified configuration information for the virtual peering router that includes the first peering configuration information.
  - 3. The method of claim 1 wherein the emulating of the functionality of the one or more virtual networking devices includes, without physically providing the one or more virtual networking devices, modifying additional communications being forwarded for the first virtual computer network to reflect operations that would be performed by the one or more virtual networking devices if the one or more virtual networking devices were physically provided.
  - 4. The method of claim 3 further comprising, before the determining to perform the forwarding of the one or more communications, receiving some of the specified configuration information for the virtual peering router from one or more second clients associated with the one or more second virtual computer networks.
  - 5. The method of claim 1 further comprising determining, by the one or more configured computing systems, not to forward one or more additional communications between the first virtual computer network and the one or more second virtual computer networks based at least in part on specified configuration information for the virtual peering router that includes the first peering configuration information.
  - 6. The method of claim 1 wherein the one or more communications are routing communications that include routing information for the first virtual computer network corresponding to one or more computing nodes of the first virtual computer network, and wherein the forwarding of the one or more communications includes forwarding the one or more communications to the one or more second virtual computer networks to enable subsequent communications from the one or more second virtual computer networks to be sent to the one or more computing nodes of the first virtual computer network.
  - 7. The method of claim 1 wherein the one or more communications are routing communications that include routing information corresponding to one or more computing nodes of at least one of the one or more second virtual computer networks, and wherein the forwarding of the one or more communications includes forwarding the one or more communications to the first virtual computer network to enable subsequent communications from the first virtual computer network to be sent to the one or more computing nodes of the at least one second virtual computer network.
  - 8. The method of claim 1 wherein the one or more communications are routing communications that include routing information for the first virtual computer network, and wherein the forwarding of the one or more communications includes forwarding the one or more communications to one or more second computing nodes of the one or more second virtual computer networks that participate in a routing protocol.
  - 9. The method of claim 8 wherein the one or more communications are specified in accordance with a first routing protocol, wherein the routing protocol that the one or more second computing nodes participate in is a distinct second routing protocol, and wherein the forwarding of the one or more communications to the one or more second computing nodes includes modifying the forwarded one or more communications to be specified in accordance with the second routing protocol.
  - 10. The method of claim 1 wherein the one or more communications are data communications that are sent between one or more first computing nodes of the first virtual computer network and one or more second computing nodes of the one or more second virtual computer networks.
  - 11. The method of claim 1 further comprising creating the virtual peering router for use with the first virtual computer network in response to a request from the first client.
  - 12. The method of claim 1 further comprising providing, by the one or more configured computing systems, the one or more second virtual computer networks to one or more second clients distinct from the first client, the providing of the one or more second virtual computer networks including overlaying the one or more second virtual computer network on the substrate network.
  - 13. The method of claim 12 wherein the forwarding of each of the one or more communications is performed over the substrate network to a location in the substrate network of a determined destination of the communication.
  - 14. The method of claim 1 wherein the virtual peering router is configured to allow communications to pass in only one direction between the first virtual computer network and the one or more second virtual computer networks, and wherein the providing of the functionality of the virtual peering router includes emulating, by the one or more configured computing systems, the functionality of the virtual peering router.
  - 15. The method of claim 1 further comprising, before the forwarding of the one or more communications, determining, by the one or more configured computing systems, to perform the forwarding of the one or more communications based at least in part on one or more filters specified in the received configuration information.
  - 16. The method of claim 1 further comprising intercepting the one or more communications before the one or more communications are forwarded over the substrate network.
  - 17. The method of claim 1 wherein the one or more second virtual computer networks are provided to the first client by the configurable network service.

18. A non-transitory computer-readable medium having stored contents that configure a computing system to:
- receive configuration information, from a first client via a programmatic interface provided for use by clients, that specifies one or more virtual networking devices of a first virtual computer network and that further includes first peering configuration information for use by a virtual peering router in blocking or allowing communications of one or more specified types, wherein the virtual peering router is configurable to interconnect multiple virtual computer networks;
  
  provide the first virtual computer network to the first client in accordance with the configuration information by overlaying the first virtual computer network on a substrate network and emulating functionality of the one or more virtual networking devices;
  
  provide functionality of the virtual peering router in accordance with the first peering configuration information;
  
  establish a logical first connection between the provided first virtual computer network and the virtual peering router; and
  
  forward one or more communications between the first virtual computer network and one or more second virtual computer networks having one or more logical second connections to the virtual peering router.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable medium of claim 18 wherein the stored contents further configure the computing system to:
    - before the forwarding of the one or more communications, determine to perform the forwarding of the one or more communications based at least in part on the first peering configuration information.
  - 20. The non-transitory computer-readable medium of claim 19 wherein the configured computing system is part of a configurable network service that provides multiple virtual computer networks to multiple clients by overlaying the multiple virtual computer networks on one or more substrate computer networks, wherein the programmatic interface is an API (application programming interface) provided by the configurable network service, wherein the received configuration information is sent by an executing program of the first client, and wherein the stored contents include executable software instructions.

21. A system comprising:
- one or more processors of one or more computing systems; and
  
  one or more modules of a configurable network service that, when executed by at least one of the one or more processors, configure the at least one processor to;
  
  receive information from a first client via an API (application programming interface) provided by the configurable network service, the received information including configuration information for a first virtual computer network that specifies one or more networking devices of the first virtual computer network, and further including peering configuration information for use by a virtual peering router in blocking or allowing communications of one or more specified types exchanged with other computer networks;
  
  provide, in accordance with the configuration information, the first virtual computer network to the first client by overlaying the first virtual computer network on a substrate network and emulating functionality of the one or more networking devices;
  
  provide in accordance with the peering configuration information, functionality of the virtual peering router, including establishing a logical inter-connection between the provided first virtual computer network and one or more second virtual computer networks provided by the configurable network service; and
  
  forward one or more communications between the first virtual computer network and the one or more second virtual computer networks based on the established logical inter-connection.
- View Dependent Claims (22, 23)
- - 22. The system of claim 21 wherein functionality of the virtual peering router is emulated by the configurable network service, and wherein the one or more modules are further configured to, before the forwarding of the one or more communications, determine to perform the forwarding of the one or more communications based at least in part on the peering configuration information.
  - 23. The system of claim 22 wherein the establishing of the logical inter-connection includes establishing a first logical connection from the first virtual computer network to the provided virtual peering router, and wherein the one or more modules include executable software instructions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Miller, Kevin Christopher, Brandwine, Eric Jason, Doane, Andrew J.
Primary Examiner(s)
Dinh, Khanh

Application Number

US13/620,809
Time in Patent Office

1,046 Days
Field of Search

709/220, 709/224, 709/227, 709/228, 370/401
US Class Current

1/1
CPC Class Codes

H04L 41/0803   Configuration setting

H04L 41/0895   Configuration of virtualise...

H04L 41/12   Discovery or management of ...

H04L 41/122   of virtualised topologies, ...

H04L 41/40   using virtualisation of net...

H04L 45/02   Topology update or discovery

H04L 49/15   Interconnection of switchin...

H04L 49/252   Store and forward routing

H04L 49/70   Virtual switches

H04L 65/1069   Session establishment or de...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Using virtual networking devices to connect managed computer networks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Using virtual networking devices to connect managed computer networks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links