WO2016044769A1 - Private alias endpoints for isolated virtual networks - Google Patents

Private alias endpoints for isolated virtual networks Download PDF

Info

Publication number
WO2016044769A1
WO2016044769A1 PCT/US2015/051027 US2015051027W WO2016044769A1 WO 2016044769 A1 WO2016044769 A1 WO 2016044769A1 US 2015051027 W US2015051027 W US 2015051027W WO 2016044769 A1 WO2016044769 A1 WO 2016044769A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
ivn
packet
pae
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2015/051027
Other languages
English (en)
French (fr)
Inventor
Kevin Christopher Miller
Richard Alexander SHEEHAN
Douglas Stewart Laurence
Marwan Salah El-Din OWEIS
Andrew Bruce Dickinson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Amazon Technologies Inc
Original Assignee
Amazon Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN201580050148.9A priority Critical patent/CN107077367B/zh
Priority to RU2017107749A priority patent/RU2669525C1/ru
Priority to SG11201702072SA priority patent/SG11201702072SA/en
Priority to EP15774804.7A priority patent/EP3195531A1/en
Priority to CN202110183914.6A priority patent/CN113014468B/zh
Priority to KR1020177010247A priority patent/KR101948598B1/ko
Application filed by Amazon Technologies Inc filed Critical Amazon Technologies Inc
Priority to AU2015317394A priority patent/AU2015317394B2/en
Priority to JP2017513782A priority patent/JP6499276B2/ja
Publication of WO2016044769A1 publication Critical patent/WO2016044769A1/en
Anticipated expiration legal-status Critical
Priority to AU2018203702A priority patent/AU2018203702B9/en
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/604Address structures or formats
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/659Internet protocol version 6 [IPv6] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • IP Internet Protocol
  • the IP addresses may not be visible outside the IVN, at least by default.
  • IP addresses may be referred to herein as "private" IP addresses, in contrast to "public" IP addresses that are accessible from the public Internet as a result of being directly or indirectly advertised on the public Internet via BGP (the Border Gateway Protocol) or other similar protocols.
  • BGP Border Gateway Protocol
  • the use of private addresses may enable clients to protect their applications from potential attacks originating from the Internet, for example.
  • Another way to establish connectivity between compute instances running in the IVN and resources of a publicly-accessible service may be to first establish a VPN (virtual private network) connection between the IVN and a customer network, and then send traffic indirectly from the IVN to the publicly-accessible service via the customer network.
  • VPN-based connectivity may be fairly expensive, and the indirect paths used for the traffic may not necessarily be fast enough (e.g., with respect to end-to-end latency) to meet client application requirements.
  • a provider network operator may support the establishment of private alias endpoints for IVNs.
  • the VMC at instance host 130A may intercept an outbound baseline network packet generated at a CI 112A and containing a service request directed to Svcl .
  • a service request is assumed to fit in a baseline packet in the following discussion.
  • the tunneling technique described herein for such service requests may also be used for service requests that cross packet boundaries in various embodiments.
  • the service request may be formatted in accordance with any appropriate interface supported by Svcl, such as HTTP (HyperText Transfer Protocol), HTTPs (secure HTTP), XML (Extensible Markup Language), or the like.
  • the virtual computing service may provide a service connectivity library (SCL) exposing a set of APIs that can be invoked to access publicly-accessible services using PAEs from applications running on the compute instances of an IVN.
  • SCL service connectivity library
  • an application may issue an API call indicating a target service Svcl, where the contents of a service request are indicated by parameters of the API call.
  • the SCL may determine that the application intends to submit the service request to Svcl, and may initiate the implementation of the appropriate encapsulation necessary to transmit the service request to Svcl .
  • the work of creating packets from service requests may be handled by the SCL.
  • the tunneling protocol may be implemented at the instance host at which the source compute instance runs, e.g., without the need for a separate tunneling intermediary fleet.
  • the two-step encapsulation illustrated in FIG. 4 may be combined into a single logical step implemented at the VMC and/or at a different service connectivity component running at the instance host.
  • the VMC and/or the service connectivity component may be considered the tunneling intermediary between the source compute instance and the destination service in such embodiments.
  • a client of the provider network may also submit a request 517 to register a service for PAE-assisted routing in some embodiments.
  • a third party service i.e., a service not directly managed by the provider network operator
  • the operator of such a third party service may wish to enable access to the service from within IVNs without requiring public IP addresses to be used by at the IVNs.
  • a "Register-Service-For-PAE" request providing details of the service configuration (e.g., addresses of front-end nodes of the service) may be submitted by the client 502.
  • a different configuration manager may be responsible for registering services than the configuration manager responsible for establishing
  • FIG. 7 illustrates an example of a use of IVN and PAE identifiers to distinguish between requests received at a service from compute instances with the same private IP addresses, according to at least some embodiments.
  • respective IVNs 702 A and 702B may be set up by a client CI, with IVN 702A set up for use by an Engineering Department of the client's organization, and IVN 702B set up for use by a Marketing Department of the organization. Both organizations may need to access objects stored at the same publicly- accessible storage service "StorageSvcl" in the depicted example.
  • PAE 750A may be established for accessing StorageSvcl from IVN 702A
  • PAE 750B may be established for accessing StorageSvcl from IVN 702B.
  • one or more EP2 headers may respectively indicate or encode (a) BPl source and destination addresses (e.g., using 32 bits of a 128-bit EP2 source address header to encode a 32-bit BPl source IP address, and using 32 buts of a 128-bit EP2 destination address field to encode a 32-bit Bpl destination IP address) and/or (b) identifiers of the source IVN (IVN1) and the PAE used for the routing (PAE1).
  • BPl source and destination addresses e.g., using 32 bits of a 128-bit EP2 source address header to encode a 32-bit BPl source IP address, and using 32 buts of a 128-bit EP2 destination address field to encode a 32-bit Bpl destination IP address
  • IVN1 source IVN
  • PAE1 PAE used for the routing
  • a method comprising:
  • a first private alias endpoint PAE
  • IVN isolated virtual network

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
PCT/US2015/051027 2014-09-19 2015-09-18 Private alias endpoints for isolated virtual networks Ceased WO2016044769A1 (en)

Priority Applications (9)

Application Number Priority Date Filing Date Title
RU2017107749A RU2669525C1 (ru) 2014-09-19 2015-09-18 Частные псевдонимы конечных точек для изолированных виртуальных сетей
SG11201702072SA SG11201702072SA (en) 2014-09-19 2015-09-18 Private alias endpoints for isolated virtual networks
EP15774804.7A EP3195531A1 (en) 2014-09-19 2015-09-18 Private alias endpoints for isolated virtual networks
CN202110183914.6A CN113014468B (zh) 2014-09-19 2015-09-18 用于隔离虚拟网络的私有别名端点
KR1020177010247A KR101948598B1 (ko) 2014-09-19 2015-09-18 고립된 가상 네트워크에 대한 사설 별칭 종단점
CN201580050148.9A CN107077367B (zh) 2014-09-19 2015-09-18 用于隔离虚拟网络的私有别名端点
AU2015317394A AU2015317394B2 (en) 2014-09-19 2015-09-18 Private alias endpoints for isolated virtual networks
JP2017513782A JP6499276B2 (ja) 2014-09-19 2015-09-18 分離仮想ネットワークのためのプライベートエイリアスエンドポイント
AU2018203702A AU2018203702B9 (en) 2014-09-19 2018-05-25 Private alias endpoints for isolated virtual networks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/491,758 2014-09-19
US14/491,758 US9787499B2 (en) 2014-09-19 2014-09-19 Private alias endpoints for isolated virtual networks

Publications (1)

Publication Number Publication Date
WO2016044769A1 true WO2016044769A1 (en) 2016-03-24

Family

ID=54249629

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2015/051027 Ceased WO2016044769A1 (en) 2014-09-19 2015-09-18 Private alias endpoints for isolated virtual networks

Country Status (9)

Country Link
US (5) US9787499B2 (https=)
EP (1) EP3195531A1 (https=)
JP (3) JP6499276B2 (https=)
KR (1) KR101948598B1 (https=)
CN (2) CN113014468B (https=)
AU (2) AU2015317394B2 (https=)
RU (1) RU2669525C1 (https=)
SG (1) SG11201702072SA (https=)
WO (1) WO2016044769A1 (https=)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2025207344A1 (en) * 2024-03-29 2025-10-02 Amazon Technologies, Inc. Secure unidirectional network access using consumer-configured limited-access endpoints

Families Citing this family (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8230050B1 (en) 2008-12-10 2012-07-24 Amazon Technologies, Inc. Providing access to configurable private computer networks
US9106540B2 (en) 2009-03-30 2015-08-11 Amazon Technologies, Inc. Providing logical networking functionality for managed computer networks
US9036504B1 (en) 2009-12-07 2015-05-19 Amazon Technologies, Inc. Using virtual networking devices and routing information to associate network addresses with computing nodes
US8966027B1 (en) 2010-05-24 2015-02-24 Amazon Technologies, Inc. Managing replication of computing nodes for provided computer networks
US10623504B2 (en) * 2014-04-25 2020-04-14 Telefonaktiebolaget Lm Ericsson (Publ) Apparatus and method for managing client devices
US9787499B2 (en) 2014-09-19 2017-10-10 Amazon Technologies, Inc. Private alias endpoints for isolated virtual networks
US9832118B1 (en) 2014-11-14 2017-11-28 Amazon Technologies, Inc. Linking resource instances to virtual networks in provider network environments
US10148493B1 (en) * 2015-06-08 2018-12-04 Infoblox Inc. API gateway for network policy and configuration management with public cloud
US10749808B1 (en) 2015-06-10 2020-08-18 Amazon Technologies, Inc. Network flow management for isolated virtual networks
US10021196B1 (en) 2015-06-22 2018-07-10 Amazon Technologies, Inc. Private service endpoints in isolated virtual networks
US10326710B1 (en) 2015-09-02 2019-06-18 Amazon Technologies, Inc. Propagating access rules on virtual networks in provider network environments
US10380070B2 (en) * 2015-11-12 2019-08-13 International Business Machines Corporation Reading and writing a header and record on tape
US10089116B2 (en) * 2016-03-18 2018-10-02 Uber Technologies, Inc. Secure start system for an autonomous vehicle
US9946890B2 (en) 2016-03-18 2018-04-17 Uber Technologies, Inc. Secure start system for an autonomous vehicle
US10873540B2 (en) 2016-07-06 2020-12-22 Cisco Technology, Inc. Crowd-sourced cloud computing resource validation
US10360606B2 (en) 2016-07-19 2019-07-23 Cisco Technology, Inc. Crowd-sourced cloud computing in a multiple resource provider environment
US10187356B2 (en) * 2016-11-22 2019-01-22 Citrix Systems, Inc. Connectivity between cloud-hosted systems and on-premises enterprise resources
US10623374B2 (en) 2017-06-09 2020-04-14 Microsoft Technology Licensing, Llc Automatic network identification for enhanced communications administration
US20180375762A1 (en) * 2017-06-21 2018-12-27 Microsoft Technology Licensing, Llc System and method for limiting access to cloud-based resources including transmission between l3 and l7 layers using ipv6 packet with embedded ipv4 addresses and metadata
US10666606B2 (en) * 2017-06-28 2020-05-26 Amazon Technologies, Inc. Virtual private network service endpoints
US11140020B1 (en) * 2018-03-01 2021-10-05 Amazon Technologies, Inc. Availability-enhancing gateways for network traffic in virtualized computing environments
US11108687B1 (en) 2018-09-12 2021-08-31 Amazon Technologies, Inc. Scalable network function virtualization service
US10897417B2 (en) 2018-09-19 2021-01-19 Amazon Technologies, Inc. Automated route propagation among networks attached to scalable virtual traffic hubs
US10834044B2 (en) 2018-09-19 2020-11-10 Amazon Technologies, Inc. Domain name system operations implemented using scalable virtual traffic hub
US10833992B1 (en) 2018-12-14 2020-11-10 Amazon Technologies, Inc. Associating route tables with ingress traffic to logically isolated networks
US10880124B2 (en) 2018-12-28 2020-12-29 Alibaba Group Holding Limited Offload controller control of programmable switch
US11627080B2 (en) * 2019-01-18 2023-04-11 Vmware, Inc. Service insertion in public cloud environments
US10892989B2 (en) 2019-01-18 2021-01-12 Vmware, Inc. Tunnel-based service insertion in public cloud environments
US11722336B2 (en) * 2019-02-25 2023-08-08 Vmware, Inc. Selection of tunneling protocol
US11496440B2 (en) 2019-03-22 2022-11-08 Mcafee, Llc Systems, methods, and media for intelligent split-tunneling
CN115277816B (zh) * 2019-04-16 2023-10-20 创新先进技术有限公司 服务适配方法、设备、系统以及计算机可读介质
EP4694039A3 (en) * 2019-06-24 2026-04-08 Amazon Technologies, Inc. Serverless packet processing service with isolated virtual network integration
US11032162B2 (en) * 2019-07-18 2021-06-08 Vmware, Inc. Mothod, non-transitory computer-readable storage medium, and computer system for endpoint to perform east-west service insertion in public cloud environments
US11102251B1 (en) 2019-08-02 2021-08-24 Kandji, Inc. Systems and methods for deploying configurations on computing devices and validating compliance with the configurations during scheduled intervals
CN112671938B (zh) 2019-10-15 2023-06-20 华为云计算技术有限公司 业务服务提供方法及系统、远端加速网关
CN112671628B (zh) * 2019-10-15 2023-06-02 华为云计算技术有限公司 业务服务提供方法及系统
CN113132435B (zh) * 2019-12-31 2023-05-23 深圳致星科技有限公司 一种存储、业务网分离的分布式训练网络系统及通信方法
US11917001B2 (en) 2020-02-04 2024-02-27 Nutanix, Inc. Efficient virtual IP address management for service clusters
CN111385203B (zh) * 2020-03-19 2022-02-22 上海东普信息科技有限公司 基于混合云的数据传输方法、装置、设备及存储介质
US12452315B2 (en) 2021-01-29 2025-10-21 Apple Inc. Electronic conferencing
US20220400123A1 (en) * 2021-06-11 2022-12-15 Mellanox Technologies Ltd. Secure network access device
US11461459B1 (en) 2021-11-02 2022-10-04 Kandji, Inc. User device authentication gateway module
US11700149B1 (en) * 2021-12-31 2023-07-11 Arista Networks, Inc. Automatic RSVP tunnel endpoint aliasing
CN116938805B (zh) * 2022-03-31 2025-06-17 腾讯科技(深圳)有限公司 数据包传输方法、装置、设备、存储介质及程序产品
US12177123B1 (en) 2022-06-30 2024-12-24 Amazon Technologies, Inc. Routing ingress traffic for logically isolated networks destined for IP blocks without any network address translation
US12609934B2 (en) * 2023-05-18 2026-04-21 Pure Storage, Inc. Service mesh-based control of access to a storage application
US12526258B2 (en) * 2023-06-02 2026-01-13 Cisco Technology, Inc. Obfuscating server-side addresses

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110075667A1 (en) * 2009-09-30 2011-03-31 Alcatel-Lucent Usa Inc. Layer 2 seamless site extension of enterprises in cloud computing
US20120099602A1 (en) * 2010-10-25 2012-04-26 Brocade Communications Systems, Inc. End-to-end virtualization
WO2012170016A1 (en) * 2011-06-07 2012-12-13 Hewlett-Packard Development Company, L.P. A scalable multi-tenant network architecture for virtualized datacenters

Family Cites Families (122)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NZ331215A (en) 1996-03-29 2000-01-28 British Telecomm Charge allocation in a multi-user network
SE507138C2 (sv) * 1996-10-14 1998-04-06 Mirror Image Internet Ab Förfarande och anordning för informationsöverföring på Internet
US6289452B1 (en) 1997-11-07 2001-09-11 Cybersource Corporation Method and system for delivering digital products electronically
US6993021B1 (en) 1999-03-08 2006-01-31 Lucent Technologies Inc. Lightweight internet protocol encapsulation (LIPE) scheme for multimedia traffic transport
JP2001186191A (ja) 1999-12-24 2001-07-06 Fujitsu Ltd ルータ及びルータを用いたパケット中継システム
US7254409B2 (en) 2000-04-14 2007-08-07 Ntt Docomo, Inc. Multicast service providing system, multicast service providing method, information distributor, radio terminal, and radio base station
US20020026592A1 (en) 2000-06-16 2002-02-28 Vdg, Inc. Method for automatic permission management in role-based access control systems
US20020073215A1 (en) 2000-12-07 2002-06-13 Christian Huitema Method and system for transmitting encapsulated IPV6 data packets
US7599351B2 (en) 2001-03-20 2009-10-06 Verizon Business Global Llc Recursive query for communications network data
US7962950B2 (en) 2001-06-29 2011-06-14 Hewlett-Packard Development Company, L.P. System and method for file system mandatory access control
US7383433B2 (en) 2001-07-31 2008-06-03 Sun Microsystems, Inc. Trust spectrum for certificate distribution in distributed peer-to-peer networks
US7349392B2 (en) 2001-09-14 2008-03-25 Hewlett-Packard Development Company, L.P. Assigning IP addresses in an internet data center
US20030084104A1 (en) 2001-10-31 2003-05-01 Krimo Salem System and method for remote storage and retrieval of data
US20030217126A1 (en) 2002-05-14 2003-11-20 Polcha Andrew J. System and method for automatically configuring remote computer
US20040078371A1 (en) 2002-05-22 2004-04-22 Joel Worrall Method and system for providing multiple virtual portals on a computer network
US7325140B2 (en) 2003-06-13 2008-01-29 Engedi Technologies, Inc. Secure management access control for computers, embedded and card embodiment
US20050193103A1 (en) 2002-06-18 2005-09-01 John Drabik Method and apparatus for automatic configuration and management of a virtual private network
US7707594B1 (en) 2002-08-20 2010-04-27 At&T Intellectual Property I, L.P. System and method for providing a routing service in distributed computing environment
JP2004185440A (ja) 2002-12-04 2004-07-02 Nissin Electric Co Ltd データ公開方法及びデータ公開システム
US7440415B2 (en) 2003-05-30 2008-10-21 Ixia Virtual network addresses
US7389529B1 (en) * 2003-05-30 2008-06-17 Cisco Technology, Inc. Method and apparatus for generating and using nested encapsulation data
US7447203B2 (en) * 2003-07-29 2008-11-04 At&T Intellectual Property I, L.P. Broadband access for virtual private networks
US20050099976A1 (en) * 2003-09-23 2005-05-12 Shu Yamamoto Enabling mobile IPv6 communication over a network containing IPv4 components using a tunnel broker model
US7978716B2 (en) 2003-11-24 2011-07-12 Citrix Systems, Inc. Systems and methods for providing a VPN solution
US8195835B2 (en) 2004-01-28 2012-06-05 Alcatel Lucent Endpoint address change in a packet network
US7676552B2 (en) 2004-02-11 2010-03-09 International Business Machines Corporation Automatic provisioning of services based on a high level description and an infrastructure description
GB2418326B (en) 2004-09-17 2007-04-11 Hewlett Packard Development Co Network vitrualization
US8732182B2 (en) 2004-12-02 2014-05-20 Desktopsites Inc. System and method for launching a resource in a network
US20060146870A1 (en) 2004-12-30 2006-07-06 Harvey George A Transparent communication with IPv4 private address spaces using IPv6
US8261341B2 (en) 2005-01-27 2012-09-04 Nokia Corporation UPnP VPN gateway configuration service
US7463637B2 (en) 2005-04-14 2008-12-09 Alcatel Lucent Public and private network service management systems and methods
US7733890B1 (en) 2005-04-22 2010-06-08 Oracle America, Inc. Network interface card resource mapping to virtual network interface cards
US7634584B2 (en) 2005-04-27 2009-12-15 Solarflare Communications, Inc. Packet validation in virtual network interface architecture
US7535848B2 (en) 2005-05-17 2009-05-19 Tektronix, Inc. System and method for associating IP services to mobile subscribers
US7873994B1 (en) 2005-06-27 2011-01-18 Juniper Networks, Inc. Management of session timeouts in an SSL VPN gateway
US7984066B1 (en) 2006-03-30 2011-07-19 Emc Corporation Mandatory access control list for managed content
US7801128B2 (en) 2006-03-31 2010-09-21 Amazon Technologies, Inc. Managing communications between computing nodes
JP4752064B2 (ja) * 2006-04-07 2011-08-17 国立大学法人信州大学 アクセス制限を行う公衆回線上の通信システムと端末接続装置およびサーバー接続制限装置
US7505962B2 (en) 2006-05-15 2009-03-17 Microsoft Corporation Rating and settlements engine
US7684423B2 (en) 2006-06-30 2010-03-23 Sun Microsystems, Inc. System and method for virtual network interface cards based on internet protocol addresses
US7792140B2 (en) 2006-06-30 2010-09-07 Oracle America Inc. Reflecting the bandwidth assigned to a virtual network interface card through its link speed
US7630368B2 (en) 2006-06-30 2009-12-08 Sun Microsystems, Inc. Virtual network interface card loopback fastpath
US8259597B1 (en) 2006-08-16 2012-09-04 Bally Gaming, Inc. System for managing IP addresses in a network gaming environment
US20080104393A1 (en) 2006-09-28 2008-05-01 Microsoft Corporation Cloud-based access control list
KR100817552B1 (ko) 2006-09-29 2008-03-27 한국전자통신연구원 맵핑 테이블을 이용한 IPv4/IPv6 단말 또는 응용프로그램간 프로토콜 변환 장치 및 방법과, 프로토콜 변환장치의 맵핑 테이블 생성 방법
JP4899959B2 (ja) 2007-03-19 2012-03-21 富士通株式会社 Vpn装置
ATE468688T1 (de) 2007-04-27 2010-06-15 Imec Gateway mit erhöhter qos-kenntnis
US7945640B1 (en) 2007-09-27 2011-05-17 Emc Corporation Methods and apparatus for network provisioning
US20100257276A1 (en) 2007-11-22 2010-10-07 Nokia Corporation Virtual network interface for relayed nat traversal
US8484089B1 (en) 2008-01-14 2013-07-09 Pendragon Wireless Llc Method and system for a hosted digital music library sharing service
US8254381B2 (en) 2008-01-28 2012-08-28 Microsoft Corporation Message processing engine with a virtual network interface
US20090205018A1 (en) 2008-02-07 2009-08-13 Ferraiolo David F Method and system for the specification and enforcement of arbitrary attribute-based access control policies
US7865586B2 (en) 2008-03-31 2011-01-04 Amazon Technologies, Inc. Configuring communications between computing nodes
US7912082B2 (en) 2008-06-09 2011-03-22 Oracle America, Inc. Shared virtual network interface
WO2010018398A2 (en) 2008-08-13 2010-02-18 Bae Systems Plc Equipment cooling
US8615400B2 (en) 2008-08-19 2013-12-24 International Business Machines Corporation Mapping portal applications in multi-tenant environment
US9910708B2 (en) 2008-08-28 2018-03-06 Red Hat, Inc. Promotion of calculations to cloud-based computation resources
US8209749B2 (en) 2008-09-17 2012-06-26 Apple Inc. Uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement
US7961726B2 (en) 2008-10-07 2011-06-14 Microsoft Corporation Framework for optimizing and simplifying network communication in close proximity networks
KR100948693B1 (ko) 2008-10-08 2010-03-18 한국전자통신연구원 가상 플랫폼을 이용한 이종 망간 프로토콜 연동 지원을 위한 인터넷 프로토콜 변환장치 및 방법
US8521868B2 (en) 2008-10-15 2013-08-27 International Business Machines Corporation Platform-level indicators of application performance
US8239538B2 (en) 2008-11-21 2012-08-07 Samsung Electronics Co., Ltd. Execution allocation cost assessment for computing systems and environments including elastic computing systems and environments
US8479256B2 (en) 2008-11-26 2013-07-02 Red Hat, Inc. Merging mandatory access control (MAC) policies in a system with multiple execution containers
US9210173B2 (en) 2008-11-26 2015-12-08 Red Hat, Inc. Securing appliances for use in a cloud computing environment
US8984505B2 (en) 2008-11-26 2015-03-17 Red Hat, Inc. Providing access control to user-controlled resources in a cloud computing environment
US8230050B1 (en) 2008-12-10 2012-07-24 Amazon Technologies, Inc. Providing access to configurable private computer networks
US9524167B1 (en) 2008-12-10 2016-12-20 Amazon Technologies, Inc. Providing location-specific network access to remote services
US8201237B1 (en) 2008-12-10 2012-06-12 Amazon Technologies, Inc. Establishing secure remote access to private computer networks
US8108546B2 (en) 2008-12-12 2012-01-31 Comtech Ef Data Corporation Data packet encapsulation methods
US9106540B2 (en) 2009-03-30 2015-08-11 Amazon Technologies, Inc. Providing logical networking functionality for managed computer networks
US8244909B1 (en) 2009-06-18 2012-08-14 Google Inc. Method, apparatus and networking equipment for performing flow hashing using quasi cryptographic hash functions
US8352941B1 (en) 2009-06-29 2013-01-08 Emc Corporation Scalable and secure high-level storage access for cloud computing platforms
US20110047540A1 (en) 2009-08-24 2011-02-24 Embarcadero Technologies Inc. System and Methodology for Automating Delivery, Licensing, and Availability of Software Products
US20110072487A1 (en) 2009-09-23 2011-03-24 Computer Associates Think, Inc. System, Method, and Software for Providing Access Control Enforcement Capabilities in Cloud Computing Systems
US8490150B2 (en) 2009-09-23 2013-07-16 Ca, Inc. System, method, and software for enforcing access control policy rules on utility computing virtualization in cloud computing systems
US20110087888A1 (en) 2009-10-13 2011-04-14 Google Inc. Authentication using a weak hash of user credentials
US8369333B2 (en) 2009-10-21 2013-02-05 Alcatel Lucent Method and apparatus for transparent cloud computing with a virtualized network infrastructure
US8584221B2 (en) 2009-10-23 2013-11-12 Microsoft Corporation Authenticating using cloud authentication
US20110110377A1 (en) 2009-11-06 2011-05-12 Microsoft Corporation Employing Overlays for Securing Connections Across Networks
US8369345B1 (en) * 2009-11-13 2013-02-05 Juniper Networks, Inc. Multi-router system having shared network interfaces
US20110137947A1 (en) 2009-12-03 2011-06-09 International Business Machines Corporation Dynamic access control for documents in electronic communications within a cloud computing environment
US7937438B1 (en) 2009-12-07 2011-05-03 Amazon Technologies, Inc. Using virtual networking devices to manage external connections
US8819701B2 (en) 2009-12-12 2014-08-26 Microsoft Corporation Cloud computing monitoring and management system
US8331371B2 (en) 2009-12-17 2012-12-11 Amazon Technologies, Inc. Distributed routing architecture
US7991859B1 (en) 2009-12-28 2011-08-02 Amazon Technologies, Inc. Using virtual networking devices to connect managed computer networks
US8224971B1 (en) 2009-12-28 2012-07-17 Amazon Technologies, Inc. Using virtual networking devices and routing information to initiate external actions
US7953865B1 (en) 2009-12-28 2011-05-31 Amazon Technologies, Inc. Using virtual networking devices to manage routing communications between connected computer networks
US8904241B2 (en) 2011-07-27 2014-12-02 Oracle International Corporation Proactive and adaptive cloud monitoring
US20110251937A1 (en) 2010-04-09 2011-10-13 International Business Machines Corporation Software license brokering within a cloud computing environment
US8452957B2 (en) 2010-04-27 2013-05-28 Telefonaktiebolaget L M Ericsson (Publ) Method and nodes for providing secure access to cloud computing for mobile users
US8345692B2 (en) 2010-04-27 2013-01-01 Cisco Technology, Inc. Virtual switching overlay for cloud computing
US8407366B2 (en) * 2010-05-14 2013-03-26 Microsoft Corporation Interconnecting members of a virtual network
US9246703B2 (en) * 2010-06-08 2016-01-26 Brocade Communications Systems, Inc. Remote port mirroring
US9178766B2 (en) 2010-06-28 2015-11-03 Amazon Technologies, Inc. Provisioning multiple network resources
EP2589188B1 (en) * 2010-06-29 2020-04-22 Huawei Technologies Co., Ltd. Asymmetric network address encapsulation
CA2813071C (en) * 2010-09-28 2020-07-07 Headwater Research Llc Service design center for device assisted services
US11106479B2 (en) 2010-09-30 2021-08-31 Amazon Technologies, Inc. Virtual provisioning with implementation resource boundary awareness
US10013662B2 (en) 2010-09-30 2018-07-03 Amazon Technologies, Inc. Virtual resource cost tracking with dedicated implementation resources
US8443435B1 (en) 2010-12-02 2013-05-14 Juniper Networks, Inc. VPN resource connectivity in large-scale enterprise networks
JP2012129648A (ja) * 2010-12-13 2012-07-05 Fujitsu Ltd サーバ装置、管理装置、転送先アドレス設定プログラムおよび仮想ネットワークシステム
US8751691B1 (en) * 2011-03-23 2014-06-10 Amazon Technologies, Inc. Methods and apparatus for remapping public network addresses on a network to an external network via an intermediate network
US8774213B2 (en) * 2011-03-30 2014-07-08 Amazon Technologies, Inc. Frameworks and interfaces for offload device-based packet processing
US8705394B2 (en) 2011-04-18 2014-04-22 Cisco Technology, Inc. BGP slow peer detection
US8977754B2 (en) * 2011-05-09 2015-03-10 Metacloud Inc. Composite public cloud, method and system
US8924542B1 (en) * 2011-05-31 2014-12-30 Amazon Technologies, Inc. Methods and apparatus for scalable private services
US8612599B2 (en) 2011-09-07 2013-12-17 Accenture Global Services Limited Cloud service monitoring system
US8751686B2 (en) 2011-10-05 2014-06-10 Cisco Technology, Inc. Forwarding IPv6 packets based on shorter addresses derived from their IPv6 destination addresses
US9916545B1 (en) * 2012-02-29 2018-03-13 Amazon Technologies, Inc. Portable network interfaces for authentication and license enforcement
US9026864B2 (en) 2012-02-29 2015-05-05 Red Hat, Inc. Offloading health-checking policy
US20140241173A1 (en) * 2012-05-16 2014-08-28 Erik J. Knight Method for routing data over a telecommunications network
US20140006638A1 (en) * 2012-06-29 2014-01-02 Alan Kavanagh Method and a network node, for use in a data center, for routing an ipv4 packet over an ipv6 network
US9634922B2 (en) 2012-09-11 2017-04-25 Board Of Regents Of The Nevada System Of Higher Education, On Behalf Of The University Of Nevada, Reno Apparatus, system, and method for cloud-assisted routing
US9197551B2 (en) * 2013-03-15 2015-11-24 International Business Machines Corporation Heterogeneous overlay network translation for domain unification
US20140366155A1 (en) * 2013-06-11 2014-12-11 Cisco Technology, Inc. Method and system of providing storage services in multiple public clouds
US9806949B2 (en) * 2013-09-06 2017-10-31 Brocade Communications Systems, Inc. Transparent interconnection of Ethernet fabric switches
KR20150076041A (ko) * 2013-12-26 2015-07-06 한국전자통신연구원 가상 사설 클라우드망에서 사설 ip 주소 기반의 멀티 테넌트를 지원하기 위한 시스템 및 그 방법
US10268492B2 (en) * 2014-05-20 2019-04-23 Amazon Technologies, Inc. Low latency connections to workspaces in a cloud computing environment
US9419897B2 (en) 2014-06-30 2016-08-16 Nicira, Inc. Methods and systems for providing multi-tenancy support for Single Root I/O Virtualization
US9608858B2 (en) * 2014-07-21 2017-03-28 Cisco Technology, Inc. Reliable multipath forwarding for encapsulation protocols
US9787499B2 (en) 2014-09-19 2017-10-10 Amazon Technologies, Inc. Private alias endpoints for isolated virtual networks
US10749808B1 (en) * 2015-06-10 2020-08-18 Amazon Technologies, Inc. Network flow management for isolated virtual networks
US10021196B1 (en) * 2015-06-22 2018-07-10 Amazon Technologies, Inc. Private service endpoints in isolated virtual networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110075667A1 (en) * 2009-09-30 2011-03-31 Alcatel-Lucent Usa Inc. Layer 2 seamless site extension of enterprises in cloud computing
US20120099602A1 (en) * 2010-10-25 2012-04-26 Brocade Communications Systems, Inc. End-to-end virtualization
WO2012170016A1 (en) * 2011-06-07 2012-12-13 Hewlett-Packard Development Company, L.P. A scalable multi-tenant network architecture for virtualized datacenters

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "Amazon Virtual Private Cloud - User Guide", 18 May 2014 (2014-05-18), pages 1 - 156, XP055236306, Retrieved from the Internet <URL:https://web.archive.org/web/20140518000312/http://awsdocs.s3.amazonaws.com/VPC/latest/vpc-ug.pdf> [retrieved on 20151214] *
ANONYMOUS: "Amazon Virtual Private Cloud - User Guide", 5 September 2015 (2015-09-05), pages 1 - 207, XP055236307, Retrieved from the Internet <URL:https://web.archive.org/web/20150905103308/http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-ug.pdf> [retrieved on 20151214] *
ANONYMOUS: "IP tunnel - Wikipedia, the free encyclopedia", 11 December 2013 (2013-12-11), XP055236581, Retrieved from the Internet <URL:https://en.wikipedia.org/w/index.php?title=IP_tunnel&oldid=585545977> [retrieved on 20151215] *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2025207344A1 (en) * 2024-03-29 2025-10-02 Amazon Technologies, Inc. Secure unidirectional network access using consumer-configured limited-access endpoints
US12580888B2 (en) 2024-03-29 2026-03-17 Amazon Technologies, Inc. Secure unidirectional network access using consumer-configured limited-access endpoints

Also Published As

Publication number Publication date
US20160087940A1 (en) 2016-03-24
US20180034663A1 (en) 2018-02-01
US20240097939A1 (en) 2024-03-21
RU2669525C1 (ru) 2018-10-11
US20210152392A1 (en) 2021-05-20
JP2021040352A (ja) 2021-03-11
JP6499276B2 (ja) 2019-04-10
CN113014468A (zh) 2021-06-22
SG11201702072SA (en) 2017-04-27
JP6810182B2 (ja) 2021-01-06
AU2018203702A1 (en) 2018-06-14
AU2018203702B2 (en) 2019-03-07
EP3195531A1 (en) 2017-07-26
US9787499B2 (en) 2017-10-10
KR20170057357A (ko) 2017-05-24
AU2015317394A1 (en) 2017-04-13
AU2015317394B2 (en) 2018-03-15
CN113014468B (zh) 2023-02-28
JP2017529789A (ja) 2017-10-05
KR101948598B1 (ko) 2019-02-18
JP2019088031A (ja) 2019-06-06
JP7073475B2 (ja) 2022-05-23
US11792041B2 (en) 2023-10-17
AU2018203702B9 (en) 2019-03-28
CN107077367B (zh) 2021-03-09
US10256993B2 (en) 2019-04-09
CN107077367A (zh) 2017-08-18
US20190305986A1 (en) 2019-10-03
US10848346B2 (en) 2020-11-24

Similar Documents

Publication Publication Date Title
US20240097939A1 (en) Private alias endpoints for isolated virtual networks
US12355637B2 (en) Virtual network interface objects
US11637906B2 (en) Private service endpoints in isolated virtual networks
US10666606B2 (en) Virtual private network service endpoints
US8813225B1 (en) Provider-arbitrated mandatory access control policies in cloud computing environments

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15774804

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2017513782

Country of ref document: JP

Kind code of ref document: A

REEP Request for entry into the european phase

Ref document number: 2015774804

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2015774804

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2015317394

Country of ref document: AU

Date of ref document: 20150918

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 20177010247

Country of ref document: KR

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2017107749

Country of ref document: RU

Kind code of ref document: A