Methods and apparatus for remapping public network addresses on a network to an external network via a private communications channel

US 9,628,294 B1
Filed: 03/23/2011
Issued: 04/18/2017
Est. Priority Date: 03/23/2011
Status: Active Grant

First Claim

Patent Images

1. A provider network, comprising:

one or more server devices configured to;

assign subsets of a plurality of public Internet Protocol (IP) addresses to particular customers of the provider network as customer IP addresses, wherein the customer IP addresses are published external to the provider network and external to a customer network of the particular customers as addresses associated with one or more network devices on the provider network; and

maintain mapping information that indicates mappings of the customer IP addresses to particular endpoints, wherein the mappings are specified by the particular customers of the provider network, and wherein at least one customer IP address is currently mapped to an endpoint on the provider network and at least one other customer IP address is currently mapped to an endpoint external to the provider network;

the one or more network devices on the provider network configured to;

receive packets from client devices external to the provider network and external to the customer network, the packets indicating respective ones of the customer IP addresses as respective destination addresses and IP addresses of respective ones of the client devices as respective source addresses;

for at least some of the packets, determine, from the mapping information, whether a given customer IP address indicated by a given destination address of a given packet is currently mapped to a given endpoint on the provider network or is currently mapped to a given endpoint on the customer network external to the provider network;

based on the determination;

for a packet for which the customer IP address is currently mapped to a particular endpoint on the provider network, send the packet to the particular endpoint via the provider network; and

for another packet for which the customer IP address is currently mapped to a particular endpoint on the customer network external to the provider network;

translate the destination address of the other packet to determine a network address of the particular endpoint on the customer network;

encapsulate the other packet according to a private communications channel protocol to generate an encapsulated packet, wherein the encapsulated packet indicates the network address of the particular endpoint on the customer network as a destination address; and

send the encapsulated packet to the customer network via a private communications channel over a public network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for remapping IP addresses of a network to endpoints within a different network. A provider network may allocate IP addresses and resources to a customer. The provider network may allow the customer to remap an IP address to an endpoint on the customer'"'"'s network. When a packet is received from a client addressed to the IP address, the provider network may determine that the IP address has been remapped to the endpoint. The provider network may translate the source and destination addresses of the packet and encode the packet for transmission over a private communications channel. The encoded packet may be sent to the endpoint via the private communications channel over an intermediate network. Response traffic may be routed to the client through the provider network, or may be directly routed to the client by the customer network.

Citations

35 Claims

1. A provider network, comprising:
- one or more server devices configured to;
  
  assign subsets of a plurality of public Internet Protocol (IP) addresses to particular customers of the provider network as customer IP addresses, wherein the customer IP addresses are published external to the provider network and external to a customer network of the particular customers as addresses associated with one or more network devices on the provider network; and
  
  maintain mapping information that indicates mappings of the customer IP addresses to particular endpoints, wherein the mappings are specified by the particular customers of the provider network, and wherein at least one customer IP address is currently mapped to an endpoint on the provider network and at least one other customer IP address is currently mapped to an endpoint external to the provider network;
  
  the one or more network devices on the provider network configured to;
  
  receive packets from client devices external to the provider network and external to the customer network, the packets indicating respective ones of the customer IP addresses as respective destination addresses and IP addresses of respective ones of the client devices as respective source addresses;
  
  for at least some of the packets, determine, from the mapping information, whether a given customer IP address indicated by a given destination address of a given packet is currently mapped to a given endpoint on the provider network or is currently mapped to a given endpoint on the customer network external to the provider network;
  
  based on the determination;
  
  for a packet for which the customer IP address is currently mapped to a particular endpoint on the provider network, send the packet to the particular endpoint via the provider network; and
  
  for another packet for which the customer IP address is currently mapped to a particular endpoint on the customer network external to the provider network;
  
  translate the destination address of the other packet to determine a network address of the particular endpoint on the customer network;
  
  encapsulate the other packet according to a private communications channel protocol to generate an encapsulated packet, wherein the encapsulated packet indicates the network address of the particular endpoint on the customer network as a destination address; and
  
  send the encapsulated packet to the customer network via a private communications channel over a public network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The provider network as recited in claim 1, wherein the public network is the Internet.
  - 3. The provider network as recited in claim 1, wherein the encapsulated packet further indicates a network address of one of the one or more network devices on the provider network as a source address.
  - 4. The provider network as recited in claim 3, wherein the one or more network devices are further configured to:
    - receive a response packet encapsulated according to the private communications channel protocol from the customer network via the private communications channel, wherein the encapsulated response packet indicates the network address of the particular endpoint on the customer network as a source address and the network address of one of the one or more network devices on the provider network as a destination address;
      
      translate the source address and the destination address of the encapsulated response packet to determine the customer IP address and the IP address of the client device;
      
      strip the private communications channel protocol encapsulation from the response packet; and
      
      send the response packet to the client device, wherein the response packet sent to the client device indicates the customer IP address as a source IP address and the IP address of the client device as a destination address.
  - 5. The provider network as recited in claim 1, wherein the provider network includes a separate customer private network for each of one or more of the customers of the provider network, wherein each customer private network includes one or more components of the provider network assigned to the respective customer.
  - 6. The provider network as recited in claim 5, wherein the one or more network devices on the provider network comprises a plurality of network devices, and wherein, for the other packet for which the customer IP address is currently mapped to the particular endpoint on the customer network external to the provider network:
    - one of the plurality of network devices receives the packet from the client device, determines that the destination address of the packet is mapped to the particular endpoint on the customer network external to the provider network, and routes the packet over a customer private network via one or more other network devices of the plurality of network devices, wherein at least one of the one or more other network devices is a component of the customer private network on the provider network; and
      
      one of the one or more other network devices receives the packet via the customer private network, translates the destination address of the packet, encapsulates the packet according to the private communications channel protocol to generate the encapsulated packet, and sends the encapsulated packet to the customer network via the private communications channel.
  - 7. The provider network as recited in claim 6, wherein, to route the packet over the customer private network via the one or more other network devices, the one of the plurality of network devices encodes the packet according to a network protocol of the provider network to form a customer private network packet for transmission on the customer private network.
  - 8. The provider network as recited in claim 6, wherein a path over the customer private network via which the packet is routed includes one or more customer private network appliances configured to apply one or more customer private network-specific networking functions to packets routed through the network appliances.
  - 9. The provider network as recited in claim 8, wherein the one or more customer private network appliances include one or more of firewalls, packet inspection appliances, security appliances, acceleration caches, and load balancers.
  - 10. The provider network as recited in claim 1, wherein the provider network is a virtualized service provider network configured to provide a plurality of virtualized resource instances on the provider network to the customers of the provider network, wherein the provider network is configured to assign subsets of the plurality of virtualized resource instances to the customers as customer resource instances.
  - 11. The provider network as recited in claim 10, wherein the provider network is further configured to form a customer private network on the provider network for a particular customer, wherein the customer private network includes at least a subset of the plurality of virtualized resource instances assigned to the particular customer.
  - 12. The provider network as recited in claim 10, wherein the plurality of virtualized resource instances includes virtualized computation resources and virtualized storage resources.
  - 13. The provider network as recited in claim 10, wherein the mapping information maps at least one customer IP address to a customer resource instance assigned to a respective customer.
  - 14. The provider network as recited in claim 10, wherein the provider network further comprises one or more devices configured to implement at least one virtualization service and at least one application programming interface (API) to the at least one virtualization service, wherein the at least one virtualization service is configured to:
    - assign a subset of the plurality of public IP addresses to a customer as customer IP addresses in response to input received via the at least one API;
      
      assign a subset of the plurality of resource instances on the provider network to the customer as customer resource instances in response to input received via the at least one API;
      
      map at least one customer IP address assigned to the customer to a particular customer resource instance assigned to the customer in response to input received via the at least one API; and
      
      map at least one other customer IP address assigned to the customer to a particular endpoint on a customer network of the customer in response to input received via the at least one API.

15. A method, comprising:
- assigning, by one or more server devices on a provider network, subsets of a plurality of public Internet Protocol (IP) addresses to particular customers of the provider network as customer IP addresses, wherein the customer IP addresses are published external to the provider network and external to one or more customer networks of the particular customers as addresses associated with one or more network devices on the provider network;
  
  maintaining, by the one or more server devices, mapping information that indicates mappings of the customer IP addresses to particular endpoints, wherein the mappings are specified by the customers of the provider network, and wherein at least one customer IP address is currently mapped to an endpoint on the provider network and at least one other customer IP address is currently mapped to an endpoint external to the provider network;
  
  receiving, by the one or more network devices on the provider network, packets from client devices external to the provider network and external to the one or more customer networks, the packets indicating respective customer IP addresses as respective destination addresses and respective IP addresses of the client devices as respective source addresses;
  
  for at least some of the packets, determining, from the mapping information, whether a given customer IP address is currently mapped to a given endpoint on the provider network or is currently mapped to a given endpoint on a customer network external to the provider network;
  
  for a packet for which the customer IP address is currently mapped to a particular endpoint on the provider network, sending the packet to the particular endpoint via the provider network; and
  
  for another packet for which the customer IP address is currently mapped to a particular endpoint on a customer network external to the provider network;
  
  translating the customer IP address to determine a network address of the particular endpoint on the customer network; and
  
  transmitting the other packet from the provider network to the customer network via a private communications channel, wherein the transmitted other packet indicates the network address of the particular endpoint on the customer network as the destination address.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The method as recited in claim 15, wherein the private communications channel is over a direct connection between the provider network and the customer network.
  - 17. The method as recited in claim 15, wherein the private communications channel is a tunneling technology channel over a public network.
  - 18. The method as recited in claim 15, wherein the transmitted packet further indicates a network address of one of the network devices on the provider network as a source address, and wherein the method further comprises:
    - receiving, on the provider network, a response packet from the customer network via the private communications channel, wherein the response packet indicates the network address of the endpoint on the customer network as a source address and the network address of the one of the network devices on the provider network as a destination address;
      
      translating the source address and the destination address of the response packet to determine the customer IP address and the IP address of the client device; and
      
      sending the response packet to the client device, wherein the response packet sent to the client device indicates the customer IP address as a source IP address and the IP address of the client device as a destination address.
  - 19. The method as recited in claim 15, wherein the provider network includes a separate customer private network for each of one or more of the customers of the provider network, wherein each customer private network includes one or more components of the provider network assigned to the respective customer.
  - 20. The method as recited in claim 19, wherein the one or more network devices on the provider network comprises a plurality of network devices, and wherein, for the other packet for which the customer IP address is currently mapped to the particular endpoint on the customer network external to the provider network:
    - one of the plurality of network devices of the provider network performs said receiving the packet from the client device and said determining that the destination address of the packet is mapped to the particular endpoint on the customer network external to the provider network, and wherein the method further comprises the one of the plurality of network devices routing the packet over a customer private network via one or more other network devices of the plurality of network devices, wherein at least one of the other network devices is a component of the customer private network on the provider network; and
      
      one of the one or more other network devices receives the packet via the customer private network and performs said translating the customer IP address to determine the network address of the particular endpoint on the customer network and said transmitting the packet from the provider network to the customer network via the private communications channel.
  - 21. The method as recited in claim 20, wherein the method further comprises applying, by one or more customer private network appliances on a path over the customer private network via which the packet is routed, one or more networking functions to the packet, wherein the one or more customer private network appliances include one or more of firewalls, packet inspection appliances, security appliances, acceleration caches, and load balancers.
  - 22. The method as recited in claim 15, wherein the provider network is a virtualized service provider network configured to provide a plurality of virtualized resource instances on the provider network to the customers of the provider network, and wherein the method further comprises assigning subsets of the plurality of resource instances to the customers as customer resource instances.
  - 23. The method as recited in claim 22, further comprising forming a customer private network on the provider network for a particular customer, wherein the customer private network includes at least a subset of the plurality of resource instances assigned to the particular customer.
  - 24. The method as recited in claim 22, wherein the mapping information maps at least one customer IP address of the plurality of customer IP addresses to a customer resource instance assigned to a respective customer.
  - 25. The method as recited in claim 22, further comprising:
    - receiving input mapping at least one customer IP address assigned to a customer to a customer resource instance assigned to the customer; and
      
      receiving input mapping at least one other customer IP address assigned to the customer to an endpoint on a customer network of the customer.

26. A non-transitory computer-accessible storage medium storing program instructions computer-executable to implement:
- receiving, on a provider network, a plurality of packets from client devices external to the provider network and external to one or more customer networks of customers of the provider network, wherein each packet indicates one of a plurality of public Internet Protocol (IP) addresses assigned to the customers of the provider network as customer IP addresses as a destination address and an IP address of one of the client devices as a source address, wherein the customer IP addresses are published external to the provider network and external to customer networks as addresses associated with one or more network devices on the provider network;
  
  for each received packet, determining an endpoint to which the respective destination address is mapped, wherein the destination address of at least one received packet is mapped to an endpoint on a customer network external to the provider network and the destination address of at least one other received packet is mapped to an endpoint on the provider network;
  
  for each packet for which the destination address is currently mapped to an endpoint on the provider network, sending the packet to the respective endpoint via the provider network; and
  
  for each packet for which the destination address is mapped to an endpoint on a customer network external to the provider network;
  
  translating the destination address of the packet to determine a network address of the endpoint on the customer network;
  
  encoding the packet according to a private communications channel protocol to generate an encoded packet, wherein the encoded packet indicates the network address of the endpoint on the customer network as a destination address; and
  
  transmitting the encoded packet from the provider network to the customer network via a private communications channel.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 27. The non-transitory computer-accessible storage medium as recited in claim 26, wherein the private communications channel is over a direct connection between the provider network and the customer network.
  - 28. The non-transitory computer-accessible storage medium as recited in claim 26, wherein the private communications channel is a tunneling technology channel over a public network.
  - 29. The non-transitory computer-accessible storage medium as recited in claim 26, wherein said encoding the packet according to a private communications channel protocol to generate an encoded packet comprises encapsulating the packet according to the private communications channel protocol.
  - 30. The non-transitory computer-accessible storage medium as recited in claim 26, wherein the program instructions are further computer-executable to implement:
    - receiving, on the provider network, a response packet from the customer network via the private communications channel, wherein the response packet indicates the network address of the endpoint on the customer network as a source address and a network address of an endpoint on the provider network as a destination address;
      
      translating the source address and the destination address of the response packet to determine a customer IP address of the respective customer and an IP address of a client device to which the response packet is to be routed; and
      
      sending the response packet to the client device, wherein the response packet sent to the client device indicates the customer IP address as a source IP address and the IP address of the client device as a destination address.
  - 31. The non-transitory computer-accessible storage medium as recited in claim 26, wherein the program instructions are further computer-executable to implement routing at least one packet for which the destination address is mapped to the endpoint on the customer network external to the provider network through a customer private network, wherein the customer private network includes two or more components of the provider network assigned to the respective customer.
  - 32. The non-transitory computer-accessible storage medium as recited in claim 31, wherein at least one component of the customer private network applies a networking function to the packet prior to said transmitting the packet from the provider network to the customer network via the private communications channel, wherein the two or more components of the customer private network include one or more of firewalls, packet inspection appliances, security appliances, acceleration caches, and load balancers.
  - 33. The non-transitory computer-accessible storage medium as recited in claim 26, wherein the provider network is a virtualized service provider network configured to provide a plurality of virtualized resource instances on the provider network to the customers of the provider network, and wherein the program instructions are further computer-executable to implement assigning subsets of the plurality of resource instances to the customers as customer resource instances.
  - 34. The non-transitory computer-accessible storage medium as recited in claim 33, wherein the program instructions are further computer-executable to implement forming a customer private network on the provider network for a particular customer, wherein the customer private network includes at least a subset of the plurality of resource instances assigned to the particular customer.
  - 35. The non-transitory computer-accessible storage medium as recited in claim 26, wherein the program instructions are further computer-executable to implement:
    - mapping at least one customer IP address assigned to the customer to a resource instance on the provider network assigned to the customer; and
      
      mapping at least one other customer IP address assigned to the customer to an endpoint on a customer network of the customer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Brandwine, Eric J., Dickinson, Andrew B.
Primary Examiner(s)
Phillips, Hassan
Assistant Examiner(s)
Tsegaye, Saba

Application Number

US13/069,719
Time in Patent Office

2,218 Days
Field of Search

370392, 370351, 370389, 709245
US Class Current
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 2012/5667   IP over ATM

H04L 61/2514   between local and global IP...

H04L 61/2592   using tunnelling or encapsu...

H04L 63/0272   Virtual private networks

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/166   IP fragmentation; TCP segme...

H04L 69/167   Adaptation for transition b...

H04L 69/168   specially adapted for link ...

H04L 69/169   Special adaptations of TCP,...

H04W 80/06   Transport layer protocols, ...

Methods and apparatus for remapping public network addresses on a network to an external network via a private communications channel

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for remapping public network addresses on a network to an external network via a private communications channel

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links