WO2021108652A1 - Configuration et gestion de réseaux privés globaux évolutifs - Google Patents

Configuration et gestion de réseaux privés globaux évolutifs Download PDF

Info

Publication number
WO2021108652A1
WO2021108652A1 PCT/US2020/062347 US2020062347W WO2021108652A1 WO 2021108652 A1 WO2021108652 A1 WO 2021108652A1 US 2020062347 W US2020062347 W US 2020062347W WO 2021108652 A1 WO2021108652 A1 WO 2021108652A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
global
graph
user
data
Prior art date
Application number
PCT/US2020/062347
Other languages
English (en)
Inventor
Baihu Qian
Nikhil Reddy CHERUKU
Bashuman Deb
Omer HASHMI
Alok MISHRA
Alexander Justin Penney
Thomas Nguyen Spendley
Original Assignee
Amazon Technologies, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US16/699,431 external-priority patent/US11729077B2/en
Priority claimed from US16/699,440 external-priority patent/US10999169B1/en
Priority claimed from US16/699,424 external-priority patent/US11533231B2/en
Priority claimed from US16/699,446 external-priority patent/US11336528B2/en
Application filed by Amazon Technologies, Inc. filed Critical Amazon Technologies, Inc.
Publication of WO2021108652A1 publication Critical patent/WO2021108652A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0879Manual configuration through operator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • H04L41/122Discovery or management of network topologies of virtualised topologies, e.g. software-defined networks [SDN] or network function virtualisation [NFV]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/22Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/40Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/044Network management architectures or arrangements comprising hierarchical management structures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning

Definitions

  • a company may utilize a private network that includes leased line circuits that are backhauled to a corporate data center and/or the use of lower-cost broadband Internet.
  • WANs wide area networks
  • Scaling out these traditional WANs can be costly as companies have to provision and manage expensive new leased-lines and hardware.
  • some companies may attempt to utilize lower-cost broadband Internet to connect remote branches, the use of lower-cost broadband Internet to expand can also be difficult and time- consuming. For example, a company may spend a significant amount of time and money developing custom solutions to utilize broadband Internet. These custom solutions may include custom software and may use software, and devices from various networking vendors.
  • FIG. 1 is a software and network architecture diagram showing aspects of configuration and management of a scalable global private network.
  • FIG. 2 is a software and network architecture diagram showing aspects of a network management system (NMS) interacting with different networks of a global network.
  • FIG. 3 is a software and network architecture diagram showing aspects of communication between a network and an NMS.
  • FIG. 4 illustrates an example system diagram in which networks may be linked using redundant pathways.
  • FIG. 5A is a diagram showing an exemplary graphical user interface for configuring and managing a scalable global private network.
  • FIG. 5B is a diagram showing an exemplary graphical user interface for registering a gateway to include within a global network.
  • FIG. 5C is a diagram showing an exemplary graphical user interface for viewing information about a gateway within a global network. [0011] FIG.
  • FIG. 5D is a diagram showing an exemplary graphical user interface for viewing a graph representing a portion of the global network and performing a search of the graph.
  • FIG. 5E is a diagram showing an exemplary graphical user interface for viewing a graph representing a global network.
  • FIG. 6 is a flow diagram showing an illustrative routine for configuration and management of a scalable global private network, according to some examples.
  • FIG. 7 is a flow diagram showing an illustrative routine for creating a gateway within the global network, according to some examples.
  • FIG. 8 is a flow diagram showing an illustrative routine for monitoring network endpoints for connectivity, according to some examples.
  • FIG. 9 is a flow diagram showing an illustrative routine 900 for monitoring the global network to generate metrics, according to some examples.
  • FIG. 10 is a system and network diagram that shows an illustrative operating environment including several data centers that can be configured to implement aspects of the functionality described herein.
  • FIG. 11 is a computing system diagram illustrating a configuration for a data center that can be utilized to implement aspects of the technologies disclosed herein.
  • FIG. 12 is a computer architecture diagram showing an illustrative computer hardware architecture for implementing a computing device that can be utilized to implement aspects of the various technologies presented herein. DETAILED DESCRIPTION [0020] This disclosure relates to techniques for configuring and managing scalable global private networks.
  • a “stand-alone network” may include networks that are external to the service provider network (e.g., at client-owned premises or client-managed data centers) and/or networks that include computing resources allocated within a service provider network on behalf of a user (e.g., a virtual private cloud (VPC)).
  • VPC virtual private cloud
  • a user of a service provider network may utilize a network management service (NMS) to configure, visualize, and manage a global private network that spans across the cloud in different geographic locations and connects to different stand-alone networks associated with the user.
  • NMS network management service
  • the NMS may expose different input mechanisms to interact with a global private network, such as a graphical user interface (GUI), a user interface (UI), a command line interface (CLI), an application programming interface (API), and the like.
  • GUI graphical user interface
  • UI user interface
  • CLI command line interface
  • API application programming interface
  • the NMS may generate a connected graph using industry-standard graph description language to represent the global private network and then display a visual representation of the network graph within a GUI.
  • the network graph may include nodes that represent different aspects of the global network, such as computing resources, networking resources, and other indicators that show connections between different the resources, as well as data that may indicate information about the global private network (e.g., metrics, events, versions of the graph, changes to the graph, ).
  • the user, or some device, service, or component may also query the network graph. For instance, a user may provide a query to the NMS to determine whether a particular change has been made to the network, locate one or more resources within the network, view one or more metrics, and the like.
  • These graph-based queries may be performed by a user to analyze the network at scale such that the user does not have to generate a query for each different region and/or network that is part of the global network.
  • the NMS may associate metadata with the network graph.
  • the NMS may annotate the network graph to indicate network capacity, metadata, state, and the like.
  • the annotations may be associated with nodes of the graph and/or edges of the graph that connect the nodes.
  • the NMS may also generate subgraphs for portions of the global network, such that cloud, or stand-alone local networks can be imported/exported and merged into the global network. For instance, the user may request that a graph be generated of a stand-alone network that the user wants to add to the global network. After generating the network graph, the user may utilize the GUI to connect the stand-alone network to the global network.
  • the NMS exposes an API for the configuration and management of the global network.
  • An API refers to an interface and/or communication protocol between a client and a server, such that if the client makes a request in a predefined format, the client should receive a response in a specific format or initiate a defined action.
  • APIs provide a gateway for customers to access cloud infrastructure by allowing customers to obtain data from or cause actions within the cloud provider network, enabling the development of applications that interact with resources and services hosted in the cloud provider network. APIs can also enable different services of the cloud provider network to exchange data with one another. The user may utilize the API and/or some other input mechanism to configure and manage the global private network from one location.
  • the user may proactively use the API to configure and query different network resources as well as use the API to reactively configure settings for reacting to one or more events.
  • the events may indicate changes to the global network, such as but not limited to network additions, deletions, topology changes, and the like.
  • the user may also use the API to configure alarms that may be triggered in response to a metric associated with the network changing (e.g., exceeding a value, dropping below a specified value, entering/leaving a particular range of values, ).
  • a metric associated with the network e.g., exceeding a value, dropping below a specified value, entering/leaving a particular range of values, .
  • the user may configure monitoring of different events and alarms and based on an occurrence of an alarm and/or an event perform an event-driven configuration (e.g., using AWS® Lambda) that automatically reacts to network changes quickly and provides the user with tools to automatically reconfigure their global private networks to mitigate impacts without human intervention.
  • the API may also be utilized by the user to define the network resources to be modeled within the global private network, the connections between the network resources, the connections between a stand-alone network, the cloud network, and/or other networks.
  • the user might also utilize the GUI, API, or CLI exposed by the NMS to configure metrics to be monitored, tasks/workflows to be performed (e.g., based on an occurrence of one or more events and/or alarms being triggered), and the like.
  • the NMS may also perform operations on behalf of the user, such as health monitoring, reachability analysis (static and/or dynamic) and monitoring, and the like. As users run tasks across the cloud and stand-alone networks forming the global private network, the NMS may perform dynamic network reachability monitoring to assist the user in identifying possible problems with connectivity between different endpoints.
  • the NMS may utilize Two-Way Active Measurement Protocol (TWAMP), or some other dynamic analysis to identify connectivity between endpoints.
  • TWAMP Two-Way Active Measurement Protocol
  • TWAMP is an open protocol that may be used to measure network performance between two network endpoints (e.g., devices in the network) that support the TWAMP framework.
  • TWAMP is a framework that separates sessions based on the client/server architecture.
  • the TWAMP client initiates a Transmission Control Protocol (TCP) connection and acts as a control- client and a session-sender, while the TWAMP server acknowledges the TCP connection and performs the roles of a server and a session-reflector.
  • TCP Transmission Control Protocol
  • TWAMP-Control messages are exchanged between the endpoints and TWAMP-Test messages are exchanged between the session-sender and the session-reflector.
  • Managing reachability can be difficult in large, complex networks that span across both stand-alone networks and the cloud, as the monitoring and analysis of the reachability depends on the correct configuration of many resources and networking devices.
  • the global network may include firewalls, security groups, access control lists (ACLs)/network access control lists (NACLs) that are configured to block/allow traffic to flow between different network endpoints.
  • ACLs access control lists
  • NACLs network access control lists
  • static network reachability analysis can be performed by the NMS before tasks are run across the global network.
  • the NMS may use formal methods, or some other verification technique, to determine whether the network is configured properly such that network endpoints are reachable.
  • Form methods refers to design techniques that use rigorously specified mathematical models to build software and hardware systems. Formal methods may utilize mathematical proof as a complement to dynamic testing in order to help ensure correct behavior.
  • the NMS is configured to perform static reachability analysis and/or dynamic reachability monitoring to determine network reachability between endpoints and policy-based reachability to simplify the network monitoring and management.
  • users may also define policies or intents on reachability, such as "VPC A can reach stand-alone network in CIDR range X" or "VPC D cannot reach VPC E", and the NMS configures the network accordingly. This makes network management and configuration easier and less error-prone.
  • users may specify metrics and/or alarms for different endpoints within the network (e.g., monitor whether two points in a network, A and B, can or cannot reach each other).
  • metrics and/or alarms for different endpoints within the network (e.g., monitor whether two points in a network, A and B, can or cannot reach each other).
  • FIG. 1 is a software and network architecture diagram 100 showing aspects of configuration and management of a scalable global network.
  • the NMS 102 may include one or more computing resources 120.
  • the computing resources 120 may be provided by a service provider that operates one or more service/cloud provider networks 104 (sometimes referred to simply as a "cloud"), which refers to a large pool of network-accessible computing resources (such as compute, storage, and networking resources, applications, and services), which may be virtualized or bare-metal.
  • the cloud can provide convenient, on-demand network access to a shared pool of configurable computing resources that can be programmatically provisioned and released in response to user commands.
  • a cloud provider network can be formed as a number of different regions, where a region is a separate geographical area in which the cloud provider clusters data centers. Each region can include two or more availability zones connected to one another via a private high-speed network, for example a fiber communication connection.
  • An availability zone also known as an availability domain, or simply a “zone” refers to an isolated failure domain including one or more data center facilities with separate power, separate networking, and separate cooling from those in another availability zone.
  • availability zones within a region are positioned far enough away from one other that the same natural disaster (or other event) should not take more than one availability zone offline at the same time.
  • Users can connect to availability zones of the cloud provider network via a publicly accessible network (e.g., the Internet, a cellular communication network) by way of a transit center (TC).
  • TCs are the primary backbone locations linking users to the cloud provider network and may be collocated at other network provider facilities (e.g., Internet service providers, telecommunications providers) and securely connected (e.g. via a VPN or direct connection) to the availability zones.
  • Each region can operate two or more TCs for redundancy.
  • the cloud provider network may deliver content from points of presence outside of, but networked with, these regions by way of edge locations and regional edge cache servers.
  • the cloud provider network can provide on-demand, scalable computing platforms to users through a network, for example allowing users to have at their disposal scalable “virtual computing devices” via their use of the compute servers and block store servers.
  • These virtual computing devices have attributes of a personal computing device including hardware (various types of processors, local memory, random access memory (“RAM”), hard-disk and/or solid-state drive (“SSD”) storage), a choice of operating systems, networking capabilities, and pre-loaded application software.
  • Each virtual computing device may also virtualize its console input and output (“I/O”) (e.g., keyboard, display, and mouse).
  • I/O console input and output
  • This virtualization allows users to connect to their virtual computing device using a computer application such as a browser, application programming interface, software development kit, or the like, in order to configure and use their virtual computing device just as they would a personal computing device.
  • a computer application such as a browser, application programming interface, software development kit, or the like
  • the hardware associated with the virtual computing devices can be scaled up or down depending upon the resources the user requires.
  • Users can choose to deploy their virtual computing systems to provide network-based services for their own use and/or for use by their users or clients.
  • the computing resources 120 implemented by the NMS 102 and executed on behalf of one or more users of the service provider can be data processing resources, such as virtual machine (“VM”) instances, data storage resources, networking resources, data communication resources, network services, and other types of resources.
  • VM virtual machine
  • the computing resources 120 utilized can be general-purpose or can be available in a number of specific configurations.
  • data processing resources can be available as physical computers or VM instances in a number of different configurations.
  • the VM instances can be configured to execute applications, including web servers, servers, media servers, database servers, some or all of the network services described above, and/or other types of programs.
  • Data storage resources can include file storage devices, block storage devices, and the like.
  • the NMS 102 can also include and utilize other types of computing resources not mentioned specifically herein.
  • servers are utilized to provide at least a portion of the computing resources 120 and execute software components to provide functionality described herein, including functionality related to the configuration and management of global private networks.
  • the software components can execute on a single server or in parallel across multiple servers in the NMS 102.
  • a software component can consist of subcomponents executing on different servers or other computing devices in the NMS 102.
  • Various components can be implemented as software, hardware, or any combination of the two.
  • a user 138 of the NMS 102 can utilize a computing device 134, or some other input device, to access the NMS 102 through a network 132.
  • the user 138 may be a user of the service provider network 104 that provides computing resources within the service provider network 104.
  • the computing device 134 is an input/output device configured to receive input associated with specifying parameters utilized by the network management service 122 to configure and manage global private networks.
  • the computing device 134 may also present for display a user interface 136, that may be utilized by the user 138 to view a graphical representation of a global private network, interact with the graphical representation to set or view parameters associated with the global private network, and the like.
  • the user interface 136 may also be utilized by the user as a CLI to interact with the global private network.
  • the computing device 134 may be one or more devices, such as but not limited to a smart phone, a smart watch, a personal computer (“PC”), desktop workstation, laptop computer, tablet computer, notebook computer, personal digital assistants (“PDA”), electronic-book reader, game console, set-top box, consumer electronics device, server computer, or any other type of computing device capable of connecting to the network 132 and communicating with the NMS 102.
  • the computing device 134 may couple with the NMS 102 over a network 132.
  • the network 132 may represent an array or wired networks, wireless networks (e.g., WiFi), or combinations thereof.
  • the NMS 102 may provide a variety of different services (not shown) as a network-accessible platform that is implemented as a computing infrastructure of processors, storage, software, data access, and so forth that is maintained and accessible via the network 132, such as the Internet. These services may not require end-user knowledge of the physical location and configuration of the system that delivers the services. Common expressions associated with these remote services, include “on-demand computing”, “software as a service (SaaS)”, “platform computing”, “network accessible platform”, and so forth.
  • the network 132 can be a local-area network (“LAN”), a wide-area network (“WAN”), the Internet, or any other networking topology known in the art that connects the user devices to the NMS 102.
  • the user 138 can use an application (not shown) executing on computing device 134 to access and utilize the functionality provided by NMS 102.
  • the application is a web browser application, such as the Amazon® Silk® web browser, or some other web browser.
  • a web browser application exchanges data with the computing devices in the NMS 102 using the hypertext transfer protocol (“HTTP”) over the network 132.
  • HTTP hypertext transfer protocol
  • the application might also be a stand-alone client application configured for communicating with the NMS 102.
  • the client application can also utilize any number of communication methods known in the art to communicate with the NMS 102 across the network 132, including remote procedure calls, SOAP-based web services, remote file access, proprietary client-server architectures, and the like.
  • the application provides a user interface 136 that can be utilized by the user 138 for the configuration and management of one or more global private networks.
  • the user interface 136 may also be utilized to present data, and/or to interact with the NMS 102.
  • web service users or, in general, clients may utilize or otherwise control a processing entity of the service provider to control, access, or otherwise manage other computing resources.
  • data associated with the processing entity and/or the computing resources of the service provider may be transmitted to or received from computing resources of a client’s private network (or other local network) via one or more network connections.
  • a processing entity may be a computing resource of the service provider and may include one or more computing devices, such as instantiated virtual machine instances, configured to access data of the distributed computing system (e.g., provided by the distributed system and acting on behalf of a client or user of the system).
  • the service provider may also provide storage, access, and/or placement of one or more computing resources through a service such as, but not limited to, a web service, a cloud computing service, or other network-based data management service.
  • a user or processing entity acting on behalf of the user may access, via the service provider, data storage services and/or data management services such that access mechanisms may be implemented and/or provided by the service provider to the processing entity utilizing the computing resources.
  • computing resource services may include one or more computing resources accessible across one or more networks through user interfaces (UIs), application programming interfaces (APIs), and/or other interfaces where the one or more computing resources may be scalable and/or expandable as desired
  • UIs user interfaces
  • APIs application programming interfaces
  • a user of a service provider network, and/or a component or device may utilize the NMS 102 to configure, visualize, and manage a global private network that spans across the cloud in different geographic locations and connects to different stand-alone networks associated with the user.
  • the NMS 102 exposes different input mechanisms to interact with a global private network, such as a user interface (UI) 136, a command line interface (CLI), API(s) 140, and the like.
  • UI user interface
  • CLI command line interface
  • the NMS 102 may generate a connected graph using industry-standard graph description language to represent the global private network.
  • the NMS 102, network management service 122, or some other component may display a visual representation of the network graph within a GUI, such as within UI 136 (e.g., See FIGs. 5C, 5D, and 5E).
  • the NMS 102 may store the graph as data 128 in the data store 126, or at some other location (e.g., in a data store of an external network 116).
  • the network graph may include nodes that represent different resources and/or connections between resources/networks, indicators that show connections between the nodes, as well as data that may indicate information about the global private network (e.g., metrics, events, versions of the global network, changes to the global network, ).
  • the user 138 and/or service, device, or component may also query the network graph.
  • a user or service e.g., network management service 122 and/or other service(s) 124) may provide a query via a CLI, an API, using a search box within a GUI, to the NMS 102 to determine whether a particular change has been made to the network, locate one or more resources within the network, view one or more metrics, and the like.
  • These graph-based queries may be performed by a user 138 to analyze the network at scale such that the user does not have to generate a query for each different geographic area of the global network and/or network that is part of the global network.
  • the user 138 and/or the NMS 102 may associate metadata with the network graph.
  • the NMS 102 may annotate the network graph to indicate network capacity, metadata, state, relationships between the connected nodes, and the like.
  • the NMS 102 may also generate subgraphs for portions of the global network, such that cloud, or stand-alone local networks can be imported/exported and merged into the global network.
  • the user 138 may request that a graph be generated of a stand-alone network (e.g., external network 116A), that the user wants to add to the global network.
  • the user 138 may utilize the GUI, CLI, and/or the API to connect the stand-alone network to the global network.
  • the user 138 has created a global network that spans three regions 118 including VPCs 112 and connects external networks 116.
  • the user 138 may utilize a UI 136, API(s) 140, or some other mechanism to configure and manage a global network.
  • UI 136 As a particular example, assume that user 138 has utilized UI 136 to configure and manage the global network as illustrated in FIG. 1.
  • the user 138 may select network resources to include within the global network. For instance, the user 138 may utilize a GUI to define that network 118A associated with a first geographic location, which may be referred to herein as a “network”, includes VPC 112A, VPC 112B, and VPC 112C connected using a gateway 106A that are connected to resources 114A in external network 116A using external connector 108A.
  • a “gateway” is a gateway service that enables users to connect Virtual Private Clouds (VPCs) 112 and stand-alone networks, such as external networks 116 across different geographic locations/areas and the cloud.
  • VPCs Virtual Private Clouds
  • a gateway makes it easier for managing point-to-point connectivity across many different VPCs 112 and external networks 116, with the ability to centrally manage connectivity policies.
  • the user 138 may also attach a VPN 110A to a gateway 106A that is connected to the VPCs 112A – 112C, without requiring the user 138 to attach a VPN 110 to each VPC.
  • a gateway 106 acts as a hub that controls how traffic is routed among the connected networks.
  • the gateway 106 utilizes a hub and spoke model, where the spokes connect the hub to the different VPCs 112 and/or VPNs 110.
  • any new VPC 112 added is simply connected to the gateway 106A and is then automatically available to every other network that is connected to the gateway 106A.
  • the routing/forwarding of network packets from one attached stand- alone network to another stand-alone network is managed by one or more gateways 106 based on metadata and/or policies provided by the users.
  • the gateways may be created using AWS® Transit Gateway.
  • the NMS 102 may expose functionality for incorporating an existing network into a global network.
  • the user 138 may access a graph that represents network 118C and select an option within the UI 136 and/or programmatically through an API 140 that adds network 118C to the global network.
  • the gateway 106D that connects the different networks 118A, 118B, and 118C may be added in response to a command received from a user and/or automatically in response to connecting a network being added to the global network.
  • the network 118C includes VPC 112H, VPC 112I, and VPC 112J connected using a gateway 106C that are connected to resources 114C in external network 116C using link 142 and external connector 108C.
  • Gateway 106D connects network 118A to network 118C.
  • the user 138 may utilize a CLI to generate the representation of network 118B.
  • the network 118B includes VPC 112D, VPC 112E, VPC 112F, and VPC 112G connected using a gateway 106B that are connected to resources 114B in external network 116B using VPN 110B and external connector 108B.
  • Gateway 106D connects network 118B to network 118C, and network 118A. See FIGs. 5A – 5E and related description for example GUIs for configuring and managing a global network.
  • Networks 118 may have different resources 114 and connections.
  • network 118A may comprise a set of resources 114 at a data center or premise external to the service provider network’s own data centers, which may be linked to the service provider network 104 using VPN 110 (virtual private network) tunnels or connections that utilize portions of the public Internet.
  • Network 118C may also comprise resources 114C at premises outside the service provider network 104, connected to the service provider network 104 via dedicated physical links (which may be referred to as “direct connect” links), such as link 142, in the depicted example.
  • the networks 118 may also include one or more virtual networks, such as VPCs 112, set up using resources located at the provider network’s data centers.
  • a virtual network may comprise a collection of networked resources (including, for example, virtual machines) allocated to a given client of the service provider network 104, which are logically isolated from (and by default, inaccessible from) resources allocated for other clients in other virtual networks.
  • the client on whose behalf a virtual network is established may be granted substantial flexibility regarding network configuration for the resources of the virtual network (e.g., private IP addresses for virtual machines may be selected by the client without having to consider the possibility that other resources within other virtual networks may have been assigned the same IP addresses, subnets of the client’s choice may be established within the virtual network, security rules may be set up by the client for incoming and outgoing traffic with respect to the virtual network, and so on).
  • Similar flexibility may also apply to configuration settings at VPN-connected external networks such as external network 116A and external network 116B, and/or at external networks 140C connected via dedicated links, such as link 142, to the service provider network 104.
  • the user 138 may also utilize the UI 136, the API(s) 140, or some other input mechanism (e.g., speech) for the configuration and management of a global network.
  • the user 138 may configure monitoring of different events and alarms and based on an occurrence of an alarm and/or an event perform an event-driven configuration (e.g., using AWS® Lambda) that automatically reacts to network changes quickly and provides the user with tools to automatically reconfigure their global private networks to mitigate impacts without human intervention.
  • an event-driven configuration e.g., using AWS® Lambda
  • the user might also utilize the UI 136, API 140, and/or CLI exposed by the NMS 102 to configure metrics/events to be monitored, tasks/workflows to be performed (e.g., based on an occurrence of an event and/or a triggering of an alarm), and the like.
  • FIG. 2 is a software and network architecture diagram showing aspects of a network management system (NMS) 102 interacting with different networks 118 of a global network.
  • NMS network management system
  • FIG.2 is similar to FIG.1 in that it shows networks 118 that span different geographic locations but includes further details regarding performing reachability analysis and monitoring of resources within the networks 118.
  • the global network includes four networks 118D – 118G.
  • network 118D may include one or more data centers in a country C1 (or territory, area, etc.)
  • network 118E may include one or more premises in country C2
  • network 118F may include locations in state S1 of country C3
  • network 118G may include resources in states S2 and S3 of country C3.
  • the global network may be generated and set up within each of the specified geographic areas/locations/regions.
  • the user may also have configured one or more external networks 116, such as 116D – 116G, at premises outside the service provider network’s data centers to be part of the global network.
  • such external networks 116 may be connected to the service provider network 104, for example, using VPNs 110 or dedicated physical links 142 as discussed earlier.
  • one or more gateways such as gateway 106E, can be utilized.
  • the gateway 106E, and gateways 106 included in the networks 118, provide network pathways or links that may be used to enable packets to flow at desired levels of performance and availability. In many cases, there is more than one path between network endpoints.
  • the paths of the global network within the service provider network 104 may be provisioned and managed (e.g., by adding/acquiring new fiber optic or other types of physical links, upgrading or otherwise changing the links and/or devices used) by the service provider network operator without obtaining input from clients.
  • the NMS 102 configures the pathways that connect the gateways 106 on behalf of the user 136.
  • the client may submit a programmatic request using the API(s) 140 indicating a set of stand-alone networks that are to be connected to one another using gateways 106, and the network management service 122 may configure the region-level gateways as well as one or more cross-region gateways, such as gateway 106E.
  • FIG. 2 shows network 118D including external network 116D, network 118E including external network 116E, network 118F including external network 116E, and network 118G including external network 116G, coupled via gateway 106E.
  • the NMS 102 includes network management service 122, monitoring service 204, reachability service 106, and other services 124.
  • Each network 118 includes a network manager 208 configured to perform operations relating to the configuration and management of the global private network.
  • the network managers 208 are configured to interact with the different services exposed by the NMS 102.
  • the reachability service 206 of the NMS 102 may perform static and/or dynamic network reachability monitoring to assist the user 138 in identifying possible problems with connectivity between different endpoints within a global network.
  • Managing network reachability can be difficult in large, complex networks that span across both stand-alone networks and the cloud, as the monitoring and analysis of the reachability depends on the correct configuration of many resources and networking devices.
  • the global network may include firewalls, security groups, access control lists (ACLs)/network access control lists (NACLs) that are configured to block/allow traffic to flow between different network endpoints.
  • the reachability service 206 of the NMS 102 is configured to manage the monitoring of the different networks, the connectivity between the networks, and identify problems in network reachability between different network endpoints.
  • the NMS 102 may receive information from the network managers 208 of the different networks 118 and provide the data to the reachability service 206 to determine reachability between different endpoints.
  • the NMS 102 may receive events data from a network 118 that a network change has been made (e.g., a device added/removed from the global network, setting(s) have been changed, ...) and/or metrics data that is associated with performance of the network (e.g., performance of a gateway and/or some other node within the global network).
  • the NMS 102 may also transmit instructions to the network managers 118 to perform monitoring of one or more computing resources and/or network resources within the associated region.
  • a user 138 may define what endpoints to monitor. For instance, the user 138 may specify one or more policies that define what network endpoints to monitor for reachability. As an example, the user 138 may specify policies that are positively stated, such as "VPC A can reach stand-alone network in CIDR range X" or negatively stated, such as "VPC D cannot reach VPC E". The user 138 may also specify what events to utilize in determining when to perform static/dynamic reachability analysis.
  • the reachability service 206 may perform static analysis in response to a change being made to the global network and perform dynamic analysis at some specified period (e.g., every minute, five minutes, ). In some configurations, the reachability service 206 may monitor each of the different network endpoints defined within the global network for reachability. This makes network management and configuration easier and less error-prone since the user does not have to individually access each network and analyze a flow of data between the networks. [0062] In some examples, users may specify to determine network connectivity for different endpoints within the network (e.g., monitor whether two points in a network, A and B, can or cannot reach each other).
  • One or more alarms may be configured to trigger in response to a value of metric being out of range, exceeding a specified value, below a specified value, and the like.
  • the monitoring service 204, and the reachability service 206 may monitor various network resources/parameters.
  • the monitoring service 204 is configured to obtain metrics data and/or event data from the networks 118.
  • metrics data includes metrics that identify a performance of a computing resource and/or a network element.
  • the monitoring service 204 may instruct a network manager 208 to monitor, collect and store metrics data from various network resources, applications, and services operating in the network 118.
  • the monitoring service 204 collects specified and/or default metrics relating to use of resources.
  • each region may collect metrics data relating to CPU utilization, data transfer, disk usage, memory usage, bandwidth utilized, latency, and the like.
  • the monitoring service 204 collects metrics associated with gateways 106.
  • the metrics may include the number of bytes received by the gateway, The number of bytes sent from the gateway 106, the number of packets received by the gateway 106, the number of packets sent by the gateway 106, the number of packets dropped by a gateway 106, the number of packets dropped by a gateway 106 because they did not match a route, and the like.
  • the metrics may also include the number of bytes sent to each connection of the gateway 106, the number of packets received by each connection of the gateway 106, the number of packets sent by the gateway 106 to each connection of the gateway, and the like.
  • the user 138 may monitor metrics associated with an overall performance of a gateway 106, as well as performance of a gateway 106 with each connection of the gateway 106.
  • the monitoring service 204 may collect metrics for VPNs 110, such as a state of the tunnel, a number of bytes received through a VPN tunnel, bytes sent through the VPN tunnel, and the like. The VPN metrics may be aggregated per VPN tunnel and per VPN connection.
  • the monitoring service 204 may also collect metrics for VPNs 110 such as a number of down tunnels terminated on a device, a number of bytes received through a device or link, a number of bytes sent through a device or link, and the like.
  • the metrics may be aggregated by device and/or by link.
  • different events may be published by one or more services, such as by network management service 122 and/or other services 124.
  • the following events may be published a network topology change, a routing update, a network status change, a gateway attachment created, a gateway 106 attachment deleted, a gateway 106 added, a gateway 106 deleted, a route/path created in a gateway 106 route table, a route deleted in gateway 106 route table, a route replaced in gateway 106 route table, a VPN 110 connection created, a VPN 110 connection deleted, VPN 110 connection's gateway 106 changed, a VPN 110 tunnel’s IPSec session went down, a VPN 110 tunnel’s IPSec session is now up, a VPN 110 tunnel’s session went down, a VPN 110 tunnel’s session is now up, a VPN 110 tunnel’s session went down, a VPN 110 tunnel’s session is now up, a VPN 110 tunnel's endpoint instance replaced, a route added for VPN 110 connection, route removed for VPN 110 connection, and the like.
  • the monitoring service 204 may obtain the data from the different networks 118D and utilize this data to monitor operational performance, troubleshoot issues, and spot trends within each of the different networks 118 forming the global network.
  • each network manager 208 may be configured to collect data for the gateways 106. For instance, the bandwidth usage between the VPCs 112 and a VPN 110 connection, packet flow count, packet drop count, and the like may be monitored. In some examples, information on the IP traffic routed through a gateway may also be monitored.
  • the network management service 122, the monitoring service 204, and/or the reachability service 206 collects this data in form of logs and metrics.
  • the different components of the global network may be monitored as a complete stack (e.g., applications, infrastructure, and services). This data may be then be used the network management service 122, the monitoring service 204, the reachability service 206, and/or some other service 124 to trigger alarms, create logs, and generate events that may be used to perform automated tasks (e.g., take a corrective action, provide warnings to a user 138 via the UI 136, ).
  • MTTR Mean Time to Resolution
  • a number of different types of metrics may be utilized, including for example latency metrics associated with individual ones of the network pathways between networks, bandwidth metrics associated with individual ones of network pathways, packet loss metrics associated with individual ones of the network pathways, or flow count metrics associated with individual ones of network pathways.
  • a user 138 may be provided indications of pathways that are available for inter-region traffic between stand-alone networks (e.g., the user may be informed that some paths pass through country C1, others pass through countries C2 and C3, and the like).
  • the user 138 may be provided metrics for inter-region traffic (e.g., total number of packets transmitted between networks 118, latencies for packets sent between different endpoints, and the like.
  • the NMS may be configured to perform static reachability analysis and/or dynamic reachability monitoring to determine network reachability between endpoints and policy-based reachability to simplify the network monitoring and management.
  • the reachability service 206 may utilize formal methods, or some other verification technique, to determine whether the network is configured properly such that network endpoints are reachable. For instance, the user 138, or some other user associated with the service provider network 104, or some other authorized user may generate mathematical models that model a global network.
  • the reachability service 206 may apply these formal methods in response to changes being made to the global network and/or at a request of the user 138 and/or by some other service, device, or component. In this way, if the user requests a change to the global network that would result in a loss of network connectivity, the NMS 102 may provide this information and/or recommendations to correct this detected loss of connectivity. [0071]
  • the monitoring of the global network allows a user 138 of the service provider network 104 to gain actionable insights that help the user 138 optimize application performance, manage resource utilization, and understand system-wide operational health of the global network.
  • the NMS 102 may utilize monitoring service 204 for collecting, aggregating, and summarizing compute utilization information like TWAMP data, CPU, memory, disk, and network data, as well as diagnostic information network reachability between various endpoints, to help the user 138 isolate network issues and resolve the issues quickly.
  • the network management service 102 may perform a self-correcting action (e.g., by executing one or more workflows) in response to an alarm triggered by metrics data or monitoring data.
  • FIG. 3 is a software and network architecture diagram 300 showing aspects of communication between a network 118 and an NMS 102.
  • the NMS 102 includes an API 302, a global workflow service 304, a global data store 306, an event publisher 308 to publish events 312, and a metrics publisher 310 to publish metrics 314.
  • the NMS 102 communicates with a network manager 208 of the network 118 via the communication channel 316.
  • the network manager 208 includes a regional workflow service 318, a regional data store 320, an event service 322, and a metrics service 324.
  • the NMS 102 and the network manager 208 may utilize a different number of components according to other configurations.
  • the API 302 may be configured to expose functionality for interacting with the NMS 102 for configuring and managing global networks that span across different geographic locations/areas/regions. As discussed above, the API 302 may be utilized by the user 138 to specify parameters associated with the configuration and management of the global network. The API 302 may also be configured to interact with the network management service 122, and other services 124 of the service provider network 104, such as a metrics service 324, and an event service 322. [0075] According to some configurations, communication takes place between the NMS 102 in the service provider network 104 and each region. In these configurations, a network manager 208 in one location does not directly communicate with another network manager 208 that is located in a different location.
  • the global data store 306 is configured to store data associated with the global networks associated with different users.
  • the regional data store 320 is configured to store data associated with the network resources that are located within a particular geographic area.
  • the data stores may include one or more databases for storing different types of data, such as a SQL database, a not only SQL (NoSQL) database, a graph database, and the like.
  • the global workflow service 304 and the regional workflow service 318 provide functionality associated with performing actions relating to workflows.
  • the global workflow service 304 and the regional workflow service 318 provide functionality for performing different tasks and managing intertask dependencies, scheduling, and concurrency in accordance with the defined logical flow.
  • the global workflow service 304 and/or the regional workflow service 318 may be implemented using AWS® Lambda and AWS® Step Functions, AWS® Simple Workflow service, and the like.
  • the workflow services may execute code and access different computing resources, such as computing resources 120 in the service provider network 104 and/or resources 114 included in one or more stand-alone networks 116, or other networks.
  • the event service 322 is configured to receive and identify different events.
  • the event service 322 may be configured to identify changes in a network, such as changes in a gateway, changes in VPN, and the like.
  • the events may include events such as but not limited to network topology changed, routing updates, network status changed, gateway 106 updates (e.g., attachment created/deleted, gateway 106 added/ deleted, route/path altered in a gateway 106 route table, ...), VPN 110 updates (e.g., VPN 110 connection created/deleted/changed, VPN 110 tunnel changes, ...), and the like.
  • the event service 322 identifies the changes based on data generated by the metrics service 324, the reachability service 206, and/or some other service, device or component.
  • the event service 322 is a service that runs code without provisioning or managing servers (e.g., AWS® Lambda).
  • the metrics service 324 is configured to generate metrics that may be utilized by the NMS 102 and/or the user 138. In some configurations, the metrics service 324 may utilize one or more services provided by the service provider network 104. The metrics service 324 collects metrics from network resources, and applications to monitor operational performance, troubleshoot issues, and spot trends within the global network.
  • FIG.4 illustrates an example system environment 400 in which networks 118 may be linked using redundant pathways. As illustrated in FIG.4, networks 118 are redundantly connected to more than one instance of NMS 122. For example, each of the networks 118A, 118B, and 118C may be connected to both NMS 122A and NMS 122B within the global network.
  • FIGs. 5A – 5E are diagrams showing exemplary graphical user interfaces for configuring and management of scalable global private networks.
  • the user configures and manages a global private network using a graphical user interface (GUI).
  • GUI graphical user interface
  • FIGs. 5A, 5B, 5C, 5D, and 5E illustrates example graphical user interfaces 500, 520, 540, 570, and 592 where the user 138 can configure and manage scalable global private networks.
  • the NMS 102 may provide data for displaying a GUI to a display associated with the user computing device 138.
  • GUI 500 shows user interface (UI) elements for selecting a global network. More or fewer UI elements may be included within GUI 500.
  • the GUI 500 includes a search global network UI element 504 to enter a search term to locate a defined global network.
  • GUI 500 also includes a view global network UI element 508 to view a global network. For example, selecting the view global network UI element 508 may cause a graph of the global network to be displayed (See FIG. 5D and 5E for example graphs of a global network).
  • Create global network UI element 512 may be used to delete a previously created global network.
  • Delete global network UI element 510 may be used to delete a previously created global network. For example, selecting the delete global network UI element 510 may cause the selected global network to be deleted.
  • FIG.5B shows GUI 520 that includes user interface (UI) elements for registering a gateway 106 to include within a global network. More or fewer UI elements may be included within GUI 520. As illustrated, the GUI 520 includes a gateways UI element 522, a devices UI element 524, a regions UI element 526, a connections UI element 528, and a configuration UI element 530 that may be selected to create, configure and/or edit a gateway 106, devices, regions 118, connections (e.g., VPNs 110, links 142), and/or other configurations relating to a global network.
  • UI user interface
  • GUI 520 also includes a search gateway UI element 532 for a user 138 to enter a search term to locate a gateway 106.
  • GUI 530 also includes a cancel network UI element 536 to cancel registration of a gateway 106 and a register gateway UI element 538 to include one or more gateways 106 as part of the global network.
  • FIG. 5C shows GUI 540 that includes user interface (UI) elements for viewing information about a gateway 106 within a global network. More or fewer UI elements may be included within GUI 540.
  • UI user interface
  • the GUI 540 includes a home UI element 542 to go to a home display, an events UI element 544 to configure alarms, actions, and tasks to perform, and a policies UI element 546 to configure policies for the global network.
  • the GUI 540 also includes a view of a map 548 that displays a world view that includes gateway UI elements 554A – 554C that show different gateways 106 that are part of the global map.
  • UI element 556 provides an indication to the user 138 to select one of the gateway UI elements 554 to obtain details about the gateway 106. In the current example, the user has selected gateway UI element 554A. In response to selection of the gateway UI element 554A, graphical window 552 is displayed.
  • Graphical window 552 includes a graph view that shows the connections of gateway 106F to VPCs 112K – VPC 112M, link 560, connection 558, and gateway 106A. More or less information may be shown within graphical window 552.
  • GUI 540 also shows a create gateway UI element 562, an import network UI element 564, and a remove gateway UI element 566.
  • Indicator 568 shows additional details relating to gateway 106A and gateway 106F.
  • FIG. 5D shows GUI 570 that includes user interface (UI) elements for viewing a graph representing a portion of the global network and performing a search of the graph. More or fewer UI elements may be included within GUI 570.
  • UI user interface
  • the GUI 570 includes a gateways UI element 572 selectable to access information about gateways 106 of the global network, a devices UI element 574 selectable to access information about devices of the global network, a regions UI element 576 selectable to access information about networks of the global network, a connections UI element 578 to selectable to access information about connections of the global network, and a configuration UI element 580 selectable to access configuration information about the global network.
  • the GUI 570 also includes a graph display area 586 that display a connected graph representing a portion of the global network. In the current example, the graph display area 586 shows a portion of a global network connected to gateway 106G.
  • the gateway 106G is connected to a VPC 114N and a VPN 110L.
  • the VPC 114N is connected to VPCs 114O – 1140R, which are connected to resources 114M – 114S.
  • VPN 110L is connected to VPC 110S, link 142L, and direct connection 108A.
  • the user 138 may identify what to display in the graph display area 586 using selection UI elements 584. For instance, the user 138 has selected to show devices, links, sites. In other examples, the selection UI elements 584 may include other options to show more or fewer details. Similarly, the user 138 may select elements to collapse within the graph.
  • GUI 570 also includes a graph search UI element 588 for a user 138 to enter a search term to locate a portion or resource within the graph.
  • the user 138 has entered the search term “EAST” in the graph search UI element 590.
  • the network management service 122 has returned two results “GATEWAY 2” and “GATEWAY 3”, and the user has selected “GATEWAY 2” to be illustrated within graph display area 586 as indicated by indicator 594.
  • FIG. 5E shows GUI 592 that includes user interface (UI) elements for viewing a graph representing a global network.
  • UI user interface
  • GUI 592 includes UI elements selectable to access information about the global network.
  • the GUI 5920 displays a connected graph representing the global network as illustrated in FIG. 1.
  • the gateway 106G is connected to network 118A, network 118B, and network 118C.
  • Network 118A includes gateway 106A connected to gateway 106G, VPCs 112A – 112C, and VPN 110A.
  • VPN 110A is connected to connector 108A that is connected to resources 114R1 that includes resources (114A – 114C) of an external network.
  • Network 118B includes gateway 106B connected to gateway 106G, VPCs 112E – 112G, and VPN 110B.
  • VPN 110B is connected to connector 108B that is connected to resources 114R3 that includes resources (114F – 114H) of an external network.
  • Network 118C includes gateway 106C connected to gateway 106G, VPCs 112H – 112J, and link 142 coupled to connector 108C that is connected to resources 114R2 that includes resources (114D and 114E) of an external network.
  • the user 138 may identify what to display in the graph display area using selection UI elements 584. In the current example of FIG. 5E, the user 138 has selected to show the entire global network. In other examples, the selection UI elements 584 may include other options to show more or fewer details.
  • FIGs. 6-9 are flow diagrams showing illustrative routines 600, 700, 800, and 900 for configuration and management of global scalable networks, according to examples disclosed herein. It should be appreciated that the logical operations described herein with respect to FIG.6, FIG.6, FIG. 8, FIG.9, and the other FIGS., can be implemented (1) as a sequence of computer implemented acts or program modules running on a computing system and/or (2) as interconnected machine logic circuits or circuit modules within the computing system. [0096] The implementation of the various components described herein is a matter of choice dependent on the performance and other requirements of the computing system.
  • FIG.6 is a flow diagram showing an illustrative routine 600 for configuration and management of a scalable global private network, according to some examples.
  • the routine 600 may be performed by computing resources 120 associated with the NMS 102 and/or other computing resources, such as computing resources associated with some other network or system.
  • one or more interfaces are provided for configuration and management of a scalable global network.
  • the NMS 102 may expose one or more API(s) 140, a CLI, and/or a UI 136, such as a graphical user interface.
  • a user such as user 138, may utilize the interfaces to configure, view, and manage global networks.
  • a request is received to perform an operation for configuration/management of a scalable global private network.
  • the request may be to add a stand-alone network to the current global network, change a policy (e.g., security policy) associated with the network, add a resource to one or more of the networks forming the global private network, configure one or more events and/or actions, configure monitoring, or perform some other action or operation.
  • the request may be received from a user, such as user 138 of a service provider network 104.
  • the network management service 122 within NMS 102 receives the request.
  • the action to perform is identified.
  • NMS 102 may receive the request and identify the service, component, or device to perform the requested operation.
  • the NMS102 may cause one or more workflows to be performed in response to the request. For instance, the NMS may identify that the request alters the global network, such as an update a security policy, add a resource to a particular region, monitor one or metrics, determine reachability between specified nodes within the global network, and the like.
  • static analysis of the global network may be performed. As discussed above, the network reachability service 206 may perform a static analysis using formal methods, or some other verification technique, in response to a request from a user 138 and/or in response to some other event (e.g., a change of network topology). In some configurations, the static analysis may be performed before the network change is implemented.
  • the user 138 may be provided with data indicating the issue and/or recommendations to correct the issue with network connectivity.
  • the request to perform the action is transmitted to one or more of the locations of the global private network.
  • the network management service 122 may provide the security policy to the network managers 208 to implement the change within each of the geographic locations and provide the change to the external networks 116 when determined.
  • the metrics/events to monitor within the locations of the networks forming the global network are configured.
  • the network management service 122, the event service 322, the metrics service 324, or the reachability service 206 may transmit instructions to the network managers 208, or some other service, device or component, to monitor one or more network resources within the different locations.
  • the scalable global private network is monitored. As discussed above, each of the networks at the different locations may monitor events and metrics and provide metrics data and events data back to the NMS 102 for further analysis and/or actions.
  • the reachability service 206 utilizes monitoring information from the different locations to identify when there may be a connectivity issue between specified endpoints in the global network. See FIG. 8 and FIG. 9 for additional details.
  • network data is provided to a user and/or some other device or component.
  • FIG.7 is a flow diagram showing an illustrative routine 700 for creating a gateway 106 within the global network.
  • the routine 700 may be performed by computing resources 120 associated with the NMS 102 and/or other computing resources associated with the global network. While routine 700 illustrates a request to create a gateway, a similar routine may be performed to perform other actions within the global network.
  • a request is received to create a gateway 106 for a particular network location.
  • the user 138 may utilize an API 140, a CLI, or a UI 136 to request to create a gateway 106.
  • the network management service 122 receives the request to create a gateway 106.
  • the request to create the gateway is transmitted to the location in which the gateway 106 is to be created.
  • the network management service 122 may transmit the request to a network manager 208 to create the gateway in the network 118.
  • a response is received from the region indicating whether the gateway was created and/or whether any problems occurred during the creation of the gateway 106.
  • the network manager 208 transmits a message to the network management service 122 indicating whether the creation of the gateway 106 was successful.
  • a decision is made as to whether the creation of the gateway 106 was successful.
  • the routine moves to 760.
  • the routine moves to 750.
  • a notification of a problem creating the gateway 106 is provided.
  • the notification may be provided to the user 138 via a UI 136. In other examples, the notification may be provided to a service, component and/or device.
  • the gateway may be connected to other regions when determined.
  • FIG. 8 is a flow diagram showing an illustrative routine 800 for monitoring network endpoints for connectivity, according to some examples.
  • the routine 800 may be performed by computing resources 120 associated with the NMS 102 and/or other computing resources associated with the global network.
  • the network endpoints to monitor for connectivity are identified.
  • the reachability service 206 may identify network endpoints to check for connectivity based on input specified by the user 138 as well as identify other network endpoints to monitor for connectivity, such as gateways 106, VPCs 112, VPNs 110, connectors 108, links 142, and the like.
  • static analysis of the global network may be performed.
  • the network reachability service 206 may perform a static analysis using formal methods, or some other verification technique, in response to a request from a user 138 and/or in response to some other event (e.g., a change of network topology).
  • the network is dynamically monitored.
  • the reachability service 206 may receive monitoring data, such as events data indicating an occurrence of one or more events and metrics data, from the network managers 208 that may be used to determine connectivity between network endpoints within a region and/or network endpoints that span more than one region.
  • the reachability service 206 may perform dynamic network connectivity checks between network endpoints specified by the user 138 as well as other network endpoints, at predetermined times (e.g., every minute, five minutes, ). [0117]
  • a determination is made as to whether there is connectivity between network endpoints. For example, the reachability service 206 may identify that one or more network endpoints are not reachable and/or that specified network endpoints are reachable.
  • the reachability service 206 may decide whether the network endpoints have network connectivity. When the network endpoints have network connectivity, the routine 800 returns to 820. When the network endpoints do not have network connectivity, routine 800 flows to 860.
  • an action is caused to be performed. As discussed above, the reachability service 206 may provide connectivity data to the user 138 via the UI 136 indicating the connectivity issue. The reachability service 206 might also provide the data to one or more other services, devices, or components that in turn execute a workflow to address the network connectivity issue. The routine 800 may end or return to 820. [0120] FIG.
  • FIG. 9 is a flow diagram showing an illustrative routine 900 for monitoring the global network to generate metrics, according to some examples.
  • the routine 900 may be performed by computing resources 120 associated with the NMS 102 and/or other computing resources associated with the global network.
  • the network resources to monitor are identified.
  • the monitoring service 204 may identify network resources to monitor based on input specified by the user 138 and/or identify network resources to monitor based on other specifications.
  • the reachability service 206 may instruct the monitoring service 204 to monitor specified metrics and/or events.
  • the monitoring service 204 may monitor computing resources for default metrics.
  • the networks are configured to monitor specified computing resources.
  • the monitoring service 204 may instruct the network managers 208 to monitor specified computing resources for one or more metrics and/or events.
  • monitoring data is received from the different network locations.
  • the monitoring service 204 may receive monitoring data including the metrics from each of the different networks 118. In this way, the user 138 may access the metrics for the global network without having to access each location separately.
  • an action is caused to be performed.
  • the monitoring service 204 may provide events data, and/or metric data to the user 138 via the UI 136.
  • the monitoring service 203 might also provide the data to one or more other services, devices, or components that in turn execute a workflow.
  • the metric data may be utilized to trigger one or more alarms, and/or cause one or more other task flows to be performed (e.g., automatically choose a different data store when the data store is experiencing a high volume of requests).
  • an occurrence of an event may cause one or more flows to be performed, such as by global workflow service 304 and/or regional workflow service 318.
  • the workflow may be performed by one or more computing resources located in an external network that is part of the global network.
  • FIG. 10 is a system and network diagram that shows one illustrative operating environment for the configurations disclosed herein that includes an NMS 102 that can be configured to provide the functionality described above.
  • the NMS 102 can execute network services that provide computing resources for implementing the functionality disclosed herein.
  • the computing resources implemented by the NMS 102 can be data processing resources, such as virtual machine (“VM”) instances, data storage resources, networking resources, data communication resources, network services, and other types of resources.
  • VM virtual machine
  • the computing resources utilized can be general-purpose or can be available in a number of specific configurations.
  • data processing resources can be available as physical computers or VM instances in a number of different configurations.
  • the VM instances can be configured to execute applications, including web servers, servers, media servers, database servers, some or all of the network services described above, and/or other types of programs.
  • Data storage resources can include file storage devices, block storage devices, and the like.
  • the NMS 102 can also include and utilize other types of computing resources not mentioned specifically herein.
  • the computing resources provided by the NMS 102 are enabled in one implementation by one or more data centers 1004A-1004D (which might be referred to herein singularly as “a data center 1004” or collectively as “the data centers 1004”).
  • the data centers 1004 are facilities utilized to house and operate computer systems and associated components.
  • the data centers 1004 typically include redundant and backup power, communications, cooling, and security systems.
  • the data centers 1004 can also be located in geographically disparate locations.
  • One illustrative configuration for a data center 1004 that can be utilized to implement the technologies disclosed herein will be described below with regard to FIG. 11.
  • the users can access the services provided by the NMS 102 over a network 1002, which can be a wide area communication network (“WAN”), such as the Internet, an intranet or an Internet service provider (“ISP”) network or a combination of such networks.
  • a network 1002 can be a wide area communication network (“WAN”), such as the Internet, an intranet or an Internet service provider (“ISP”) network or a combination of such networks.
  • WAN wide area communication network
  • ISP Internet service provider
  • a computing device 1000 operated by a user or other user of the NMS 102 such as the computing device 134
  • LAN local-area network
  • the Internet or any other networking topology known in the art that connects the data centers 1004 to remote users and other users can be utilized.
  • combinations of such networks can also be utilized.
  • FIG. 11 is a computing system diagram that illustrates examples for a data center 1004 that can be utilized to configure and manage a global network, and the other functionality disclosed herein.
  • the example data center 1004 shown in FIG. 11 includes several server computers 1102A-1102F (which might be referred to herein singularly as “a server computer 1102” or in the plural as “the server computers 1102”).
  • the server computers 1102 can be standard tower, rack-mount, or blade server computers configured appropriately for providing various types of computing resources 1110 for implementing the functionality disclosed herein.
  • the computing resources 1110 provided by the data center 1004 can be data processing resources such as VM instances or hardware computing systems, data storage resources, database resources, networking resources, and others.
  • the servers 1102 can also be configured to execute network services 1112A-1112E, respectively, capable of instantiating, providing and/or managing the computing resources 1110A-1110E.
  • the data center 1004 shown in FIG. 11 also includes a server computer 1102F that can execute some or all of the software components described above.
  • the server computer 1102F can be configured to execute functionality described herein, such as network management system functionality 1120 and other available services 1122.
  • the server computer 1102F can also be configured to execute other components and/or to store data for providing some or all of the functionality described herein.
  • components or different instances of the services can execute on many other physical or virtual servers in the data centers 1004 in various configurations.
  • an appropriate LAN 1108 is also utilized to interconnect the server computers 1102A-1102F.
  • the LAN 1108 is also connected to the network 1002 illustrated in FIG. 10.
  • Appropriate load balancing devices or other types of network infrastructure components can also be utilized for balancing a load between each of the data centers 1004A-1004D, between each of the server computers 1102A-1102F in each data center 1004, and, potentially, between computing resources 1110 in each of the data centers 1004.
  • FIG. 12 shows an example computer architecture for a computer 1200 capable of executing program components for implementing the functionality described above.
  • the computer architecture shown in FIG. 12 illustrates a conventional server computer, workstation, desktop computer, laptop, tablet, network appliance, e-reader, smartphone, or other computing device, and can be utilized to execute any of the software components presented herein.
  • the computer 1200 includes a baseboard 1202, or “motherboard,” which is a printed circuit board to which a multitude of components or devices can be connected by way of a system bus or other electrical communication paths.
  • one or more central processing units (“CPUs”) 1204 operate in conjunction with a chipset 1206.
  • the CPUs 1204 can be standard programmable processors that perform arithmetic and logical operations necessary for the operation of the computer 1200.
  • the CPUs 1204 perform operations by transitioning from one discrete, physical state to the next through the manipulation of switching elements that differentiate between and change these states.
  • Switching elements can generally include electronic circuits that maintain one of two binary states, such as flip-flops, and electronic circuits that provide an output state based on the logical combination of the states of one or more other switching elements, such as logic gates.
  • the chipset 1206 provides an interface between the CPUs 1204 and the remainder of the components and devices on the baseboard 1202.
  • the chipset 1206 can provide an interface to a RAM 1208, used as the main memory in the computer 1200.
  • the chipset 1206 can further provide an interface to a computer-readable storage medium such as a read-only memory (“ROM”) 1210 or non-volatile RAM (“NVRAM”) for storing basic process that help to startup the computer 1200 and to transfer information between the various components and devices.
  • ROM read-only memory
  • NVRAM non-volatile RAM
  • the ROM 1210 or NVRAM can also store other software components necessary for the operation of the computer 1200 in accordance with the configurations described herein.
  • the computer 1200 can operate in a networked environment using logical connections to remote computing devices and computer systems through a network, such as the network 1208.
  • the chipset 1206 can include functionality for providing network connectivity through a NIC 1212, such as a gigabit Ethernet adapter.
  • the NIC 1212 is capable of connecting the computer 1200 to other computing devices over the network 1208. It should be appreciated that multiple NICs 1212 can be present in the computer 1200, connecting the computer to other types of networks and remote computer systems.
  • the computer 1200 can be connected to a mass storage device 1218 that provides non-volatile storage for the computer.
  • the mass storage device 1218 can store an operating system 1220, programs 1222, workload control user interface 1224, and data, which have been described in greater detail herein.
  • the mass storage device 1218 can be connected to the computer 1200 through a storage controller 1214 connected to the chipset 1206.
  • the mass storage device 1218 can consist of one or more physical storage units.
  • the storage controller 1214 can interface with the physical storage units through a serial attached SCSI (“SAS”) interface, a serial advanced technology attachment (“SATA”) interface, a fiber channel (“FC”) interface, or other type of interface for physically connecting and transferring data between computers and physical storage units.
  • SAS serial attached SCSI
  • SATA serial advanced technology attachment
  • FC fiber channel
  • the computer 1200 can store data on the mass storage device 1218 by transforming the physical state of the physical storage units to reflect the information being stored.
  • the specific transformation of physical state can depend on various factors, in different implementations of this description. Examples of such factors can include, but are not limited to, the technology used to implement the physical storage units, whether the mass storage device 1218 is characterized as primary or secondary storage, and the like.
  • the computer 1200 can store information to the mass storage device 1218 by issuing instructions through the storage controller 1214 to alter the magnetic characteristics of a particular location within a magnetic disk drive unit, the reflective or refractive characteristics of a particular location in an optical storage unit, or the electrical characteristics of a particular capacitor, transistor, or other discrete component in a solid- state storage unit.
  • Other transformations of physical media are possible without departing from the scope and spirit of the present description, with the foregoing examples provided only to facilitate this description.
  • the computer 1200 can further read information from the mass storage device 1218 by detecting the physical states or characteristics of one or more particular locations within the physical storage units.
  • the computer 1200 can have access to other computer-readable storage media to store and retrieve information, such as program modules, data structures, or other data.
  • computer-readable storage media is any available media that provides for the non-transitory storage of data and that can be accessed by the computer 1200.
  • computer-readable storage media can include volatile and non-volatile, removable and non-removable media implemented in any method or technology.
  • Computer-readable storage media includes, but is not limited to, RAM, ROM, erasable programmable ROM (“EPROM”), electrically-erasable programmable ROM (“EEPROM”), flash memory or other solid-state memory technology, compact disc ROM (“CD-ROM”), digital versatile disk (“DVD”), high definition DVD (“HD-DVD”), BLU-RAY, or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to store the desired information in a non-transitory fashion.
  • the mass storage device 1218 can store an operating system 1220 utilized to control the operation of the computer 1200.
  • the operating system comprises the LINUX operating system or one of its variants.
  • the operating system comprises the WINDOWS® SERVER operating system from MICROSOFT Corporation.
  • the operating system can comprise the UNIX operating system or one of its variants. It should be appreciated that other operating systems can also be utilized.
  • the mass storage device 1218 can store other system or application programs and data utilized by the computer 1200. [0144] In examples, the mass storage device 1218 or other computer-readable storage media is encoded with computer-executable instructions which, when loaded into the computer 1200, transform the computer from a general-purpose computing system into a special-purpose computer capable of implementing the configurations described herein. These computer-executable instructions transform the computer 1200 by specifying how the CPUs 1204 transition between states, as described above.
  • the computer 1200 has access to computer-readable storage media storing computer- executable instructions which, when executed by the computer 1200, perform the various processes described above with regard to FIGS. 1-12.
  • the computer 1200 can also include computer-readable storage media for performing any of the other computer-implemented operations described herein.
  • the computer 1200 can also include one or more input/output controllers 1216 for receiving and processing input from a number of input devices, such as a keyboard, a mouse, a touchpad, a touch screen, an electronic stylus, or other type of input device.
  • an input/output controller 1216 can provide output to a display, such as a computer monitor, a flat-panel display, a digital projector, a printer, or other type of output device.
  • a display such as a computer monitor, a flat-panel display, a digital projector, a printer, or other type of output device.
  • the computer 1200 might not include all of the components shown in FIG.12, can include other components that are not explicitly shown in FIG. 12, or can utilize an architecture completely different than that shown in FIG. 12.
  • a system comprising: one or more processors; and one or more computer- readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: receive, from a computing device of a user of a service provider network, a request to configure a global network that spans across a first geographic location and a second geographic location, and that includes a stand-alone network that is hosted by the service provider network and an external network that is separate from the service provider network; identify a first action to perform to configure the global network within one or more of the first geographic location, the second geographic location, the stand-alone network, and the external network, wherein the first action is selected from one or more of configuring a gateway to connect to the stand-alone network, configuring the gateway to connect to a first network in the first geographic location and a second network in the second geographic location, configuring a virtual private cloud (VPC), configuring a virtual private network (VPN), and configuring a connection from the service provider network to the external network;
  • a computer-implemented method comprising: receiving, at a service provider network, data associated with a request to configure a global network that includes a stand- alone network, a first network that is hosted by the service provider network within a first geographic location, and a second network that is hosted by the service provider network within a second geographic location; identifying based, at least in part, on the data, one or more actions to perform within one or more of the first network and the second network to configure the global network; and cause the one or more actions to be performed within the one or more of the first network and the second network to configure the global network.
  • the computer-implemented method of clause E wherein the one or more actions include one or more of configuring a gateway of service provider network to connect to at least one of the one or more stand-alone networks, configuring the gateway to connect to the first network and the second network, configuring a virtual private cloud (VPC), configuring a virtual private network (VPN) to connect to the stand-alone network, and configuring a connection between the service provider network and the stand-alone network.
  • VPC virtual private cloud
  • VPN virtual private network
  • G The computer-implemented method of clause E or F, wherein the stand-alone network includes a first external network that is separate from the service provider network and that is connected to the first network, and a second external network that is separate from the service provider network and that is connected to the second network.
  • J The computer-implemented method of clause H, wherein causing the one or more second actions to be performed includes executing a workflow within the service provider network that causes tasks to be performed within the first network and the second geographical network to increase one or more of the first performance or the second performance.
  • K The computer-implemented method of any of clauses E–J, further comprising performing a static analysis of a mathematical representation of the global network to identify network connectivity between at least two network endpoints, and wherein identifying the one or more actions to perform is based at least in part on the static analysis.
  • L L.
  • GUI graphical user interface
  • UI user interface
  • a system comprising: one or more processors associated with a service provider network; and one or more computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: receive, at a service provider network, data associated with configuration of a global network that includes a stand-alone network, a first network that is hosted by the service provider network within a first geographic location and a second network that is hosted by the service provider network within a second geographic location; identify based, at least in part, on the data, one or more actions to perform within one or more of the first network, the second geographical network, and the stand-alone network, to configure the global network; and cause the one or more actions to be performed within the one or more of the first network, the second geographical network, and the stand-alone network to configure the global network.
  • one or more actions includes one or more of configuring a gateway of service provider network to connect to at least one of the one or more stand-alone networks, configuring the gateway to connect to the first network and the second network, configuring a virtual private cloud (VPC), configuring a virtual private network (VPN) to connect to the stand-alone network, and configuring a connection between the service provider network and the stand-alone network that is separate from the service provider network.
  • VPC virtual private cloud
  • VPN virtual private network
  • GUI graphical user interface
  • UI user interface
  • T The system of any of clauses N–S, wherein the GUI further comprises a graph display area that displays a graphical representation of the global network.
  • a system comprising: one or more processors; and one or more computer- readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: provide for display, to a computing device of a user of a service provider network, a graphical user interface (GUI) that includes user interface (UI) elements relating to configuring a global network that includes one or more stand-alone networks, the global network spanning across a first network that is hosted by the service provider network within a first geographic location and a second network that is hosted by the service provider network within a second geographic location; generate a graph that depicts the global network, wherein the graph includes first nodes that represent gateways, second nodes that represent stand-alone networks, and one or more of third nodes and edges that represent connections between the first network, the second network, and the one or more stand-alone networks; provide, to the computing device of the user, the graph for display within the GUI; receive, via one or more of the UI elements of the GUI, configuration data
  • D1 The system of clauses C1, wherein the instructions further cause the one or more processors to: generate an annotated graph that reflects at least a portion of the first monitoring data and the second monitoring data; and provide for display, to the computing device of the user, the annotated graph for display within the GUI.
  • a computer-implemented method comprising: generating a graph of a global network that includes a stand-alone network and that spans across a first network that is hosted by a service provider network within a first geographic location and a second network that is hosted by the service provider network within a second geographic location; providing for display, to a computing device of a user of the service provider network, a graphical user interface (GUI) that includes a display of at least a portion of the graph and one or more user interface (UI) elements relating to configuring the global network; receiving, from the computing device of the user, configuration data associated with configuration of the global network via one or more of an interaction with the at least the portion of the graph and the one or more UI elements; identifying, based at least in part on the configuration data, an action to perform within one or more of the first network and the second network, wherein the action is selected from one or more of configuring one or more gateways, configuring he stand-alone network, and configuring one or more connections; and
  • VPCs virtual private clouds
  • VPNs virtual private networks
  • the computer-implemented method of any of clauses E1-H1, wherein causing the action to be performed includes transmitting instructions, to the stand-alone network, the first network, and the second network, to perform the action.
  • L1 The computer-implemented method of any of clauses E1-K1, further comprising: generating an annotated graph that reflects at least a portion of the first monitoring data and the second monitoring data; and providing, to the computing device of the user, the annotated graph for display within the GUI.
  • a system comprising: one or more processors associated with a service provider network; and one or more computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: generate a graph of a global network that includes a stand-alone network and that spans across a first network that is hosted by a service provider network within a first geographic location and a second network that is hosted by the service provider network within a second geographic location; provide for display, to a computing device of a user of the service provider network, a graphical user interface (GUI) that includes a display of at least a portion of the graph and one or more user interface (UI) elements relating to configuring the global network; receive, from the computing device of the user, configuration data associated with configuration of the global network via one or more of an interaction with the at least the portion of the graph and the one or more UI elements; identify, based at least in part on the configuration data, an action to perform within one or more of the first network, the second network, and
  • a system comprising: one or more processors; and one or more computer- readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: identify network endpoints within a global network to monitor for connectivity, wherein each of the network endpoints are at different locations within the global network, and wherein the global network includes stand-alone networks and spans across a first network that is hosted by a service provider network within a first geographic location and a second network that is hosted by the service provider network within a second geographic location; transmit instructions, to the stand-alone networks, the first network, and the second network, to cause monitoring of metrics to be performed for the network endpoints, wherein the metrics includes a flow metric that indicates a flow of data between a gateway that connects the first network and the second network; receive monitoring data that includes the metrics, from the stand-alone networks, the first network and the second network; identify, based on the monitoring data, a loss of network connectivity in a path between at least a first network
  • a computer-implemented method comprising: identifying network endpoints within a global network to monitor for connectivity, wherein the global network includes a stand-alone network and spans across a first network that is hosted by the service provider network within a first geographic location and a second network that is hosted by the service provider network within a second geographic location; identifying, based at least in part on monitoring data including metrics associated with the network endpoints, a loss of network connectivity for a path between at least a first network endpoint and a second network endpoint of the network endpoints; causing an action to be performed based, at least in part, on loss of the network connectivity, wherein the action is one or more of causing a workflow to be performed and providing network connectivity data to a computing device associated with a user of the service provider network.
  • I2. The computer-implemented method of any of clauses E2–H2, further comprising providing an input mechanism to specify at least a portion of the network endpoints, and metrics to monitor within the stand-alone network, the first network, and the second network, wherein the input mechanism is one or more of a graphical user interface (GUI), a command line interface (CLI), and an application programming interface (API) that expose functionality.
  • GUI graphical user interface
  • CLI command line interface
  • API application programming interface
  • the computer-implemented method of any of clauses E2–J2, wherein identifying network endpoints within the global network to monitor for connectivity comprises receiving, from the computing device of the user, network reachability data that identifies at least a portion of the network endpoints to monitor for connectivity. [0199] L2.
  • a system comprising: one or more processors associated with a service provider network; and one or more computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: identifying network endpoints within a global network to monitor for connectivity, wherein the global network includes a stand-alone network and spans across a first network that is hosted by the service provider network within a first geographic location and a second network that is hosted by the service provider network within a second geographic location; identifying, based at least in part on monitoring data associated with the network endpoints, a loss of network connectivity for a path between at least a first network endpoint and a second network endpoint of the network endpoints, wherein the monitoring data includes one or more of metrics data and events data; and causing an action to be performed based, at least in part, on the loss of network connectivity, wherein the action is one or more of causing a workflow to be performed and providing network connectivity data to a computing device associated with a user of the service provider
  • Q2 The system of any of clauses M2–P2, wherein the workflow, when performed, changes a path to utilize between the first network endpoint and the second network endpoint.
  • R2 The system of any of clauses M2–Q2, wherein the instructions further cause the one or more processors to provide one or more of a graphical user interface (GUI), a command line interface (CLI), and an application programming interface (API) that expose functionality for specifying the network endpoints, and metrics to monitor within the stand- alone network, the first network, and the second network.
  • GUI graphical user interface
  • CLI command line interface
  • API application programming interface
  • identifying the loss of network connectivity includes performing a static network reachability analysis that utilizes a mathematical representation of the global network and a dynamic network analysis that utilizes metrics data.
  • T2 The system of any of clauses M2–S2, wherein the instructions further cause the one or more processors to: generate a graph that includes network connectivity data indicating the network connectivity data for at least a portion of the global network; and provide, to the computing device of the user, the graph for display within a graphical user interface (GUI).
  • GUI graphical user interface
  • a system comprising: a monitoring service configured to monitor a global network that spans across a first geographic location and a second geographic location and that includes first stand-alone networks hosted by a service provider network and second stand-alone networks that are external from the service provider network; a workflow service configured to perform one or more workflows; an event service configured to generate events in response to a change to the global network; a metrics service configured to generate metrics that indicate a performance of gateways that connect different networks of the global network, virtual private clouds (VPCs), virtual private networks (VPNs), devices within the global network, connections to the first stand-alone networks, connections to the second stand-alone networks, and paths between different endpoints within the global network; one or more processors; and one or more computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: receive, from a computing device of a user of the service provider network, a request to monitor the global network for metrics associated with; transmit instructions, via the monitoring service to
  • receiving the request to monitor the global network for metrics includes receiving the request via an application programming interface (API), and wherein causing the action to be performed comprises transmitting, via the API, an instruction to the event service to perform the workflow to adjust the configuration of the global network, wherein adjusting the configuration of the global network includes to change one or more paths to use between at least two network endpoints within the global network.
  • API application programming interface
  • receiving the monitoring data includes receiving a first portion of the monitoring data from a first manager in the first network, receiving a second portion of the monitoring data from a second manager in the second network, and a third portion of the monitoring data from one or more computing device in the first and second stand-alone networks, and wherein providing the data, indicating the one or more of the occurrence of the event and the trigger of the alarm, to the computing device associated with the user includes utilizing an application programming interface (API) to provide the data.
  • API application programming interface
  • a computer-implemented method comprising: monitoring a global network to generate monitoring data that includes one or more of metrics associated with the performance of the global network and events that indicate a change to the global network, wherein the global network spans across a first geographic location and a second geographic location and includes a first stand-alone network hosted by a service provider network and a second stand-alone network that is external from the service provider network; receiving the monitoring data from the stand-alone networks, a first network within the first geographic location, and a second network within the second geographic location; identifying, based at least in part on the monitoring data, one or more of an occurrence of an event and a trigger of an alarm; and cause an action to be performed within the global network, wherein the action is one or more of causing a workflow to be performed within the service provider network and providing data, indicating one or more that the alarm is triggered and the occurrence of the event, to a computing device associated with a user of the service provider network.
  • VPCs virtual private clouds
  • VPNs virtual private networks
  • devices within the global network connections to one of more of the first and second stand-alone networks, and paths between different endpoints within the global network.
  • I3 The computer-implemented method of any of clauses E3–H3, further comprising transmitting instructions to the first and second stand-alone networks, the first network, and the second network to cause monitoring of the one or more metrics to be performed.
  • the computer-implemented method of any of clauses E3–K3, wherein providing the data, indicating that the alarm is triggered, to the computing device associated with the user includes utilizing an application programming interface (API) to provide the data.
  • API application programming interface
  • a system comprising: one or more processors associated with a service provider network; and one or more computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: monitor a global network to generate monitoring data indicating one or more of a change to the global network and a performance of the global network, wherein the global network spans across a first geographic location and a second geographic location and includes a first stand-alone network hosted by a service provider network and a second stand-alone network that is external from the service provider network; receive the monitoring data from the first and second stand-alone networks, a first network within the first geographic location, and a second network within the second geographic location; identify, based on the monitoring data, that one or more of an alarm is triggered, or an occurrence of an event; and cause an action to be performed within the global network, wherein the action includes causing a workflow to be performed within the global network.
  • the one or more metrics indicate a performance of one or more of gateways that connect different networks of the global network, virtual private clouds (VPCs) within the global network, virtual private networks (VPNs) within the global network, devices within the global network, connections to the first and second stand-alone networks, and paths between different endpoints within the global network.
  • VPCs virtual private clouds
  • VPNs virtual private networks
  • devices within the global network connections to the first and second stand-alone networks, and paths between different endpoints within the global network.
  • R3 The system of any of clauses N3–Q3, wherein the instructions further cause the one or more processors to transmit instructions to one or more computing devices associated with the stand-alone networks, the first network, and the second network to cause monitoring to identify the one or more metrics to be performed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Human Computer Interaction (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne des techniques permettant de configurer et de gérer des réseaux privés globaux évolutifs associés à un fournisseur de services. Différents mécanismes d'entrée, tels qu'une API, une UI ou une CLI, peuvent être utilisés pour configurer et gérer un réseau privé global qui s'étend à travers le nuage dans différents emplacements géographiques et se connecte à différents réseaux autonomes. L'utilisateur peut utiliser les mécanismes d'entrée de manière proactive pour configurer et interroger différentes ressources de réseau afin de configurer de manière réactive des paramètres permettant de réagir à un ou plusieurs événements. Les mécanismes d'entrée peuvent également être utilisés pour définir les ressources de réseau à modéliser dans le réseau privé global, ainsi que des connexions dans le réseau global. Un utilisateur peut configurer des événements/mesures à surveiller, des tâches/flux de travail à effectuer, et des éléments analogues. Dans certaines configurations, un service de gestion de réseau (NMS) peut effectuer une surveillance d'intégrité et une surveillance d'accessibilité afin identifier les problèmes éventuels dans le réseau global.
PCT/US2020/062347 2019-11-29 2020-11-25 Configuration et gestion de réseaux privés globaux évolutifs WO2021108652A1 (fr)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US16/699,431 US11729077B2 (en) 2019-11-29 2019-11-29 Configuration and management of scalable global private networks
US16/699,431 2019-11-29
US16/699,424 2019-11-29
US16/699,440 2019-11-29
US16/699,446 2019-11-29
US16/699,440 US10999169B1 (en) 2019-11-29 2019-11-29 Configuration and management of scalable global private networks
US16/699,424 US11533231B2 (en) 2019-11-29 2019-11-29 Configuration and management of scalable global private networks
US16/699,446 US11336528B2 (en) 2019-11-29 2019-11-29 Configuration and management of scalable global private networks

Publications (1)

Publication Number Publication Date
WO2021108652A1 true WO2021108652A1 (fr) 2021-06-03

Family

ID=73839129

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2020/062347 WO2021108652A1 (fr) 2019-11-29 2020-11-25 Configuration et gestion de réseaux privés globaux évolutifs

Country Status (1)

Country Link
WO (1) WO2021108652A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220272005A1 (en) * 2021-02-22 2022-08-25 Ordr Inc. Visualization system for private networks and devices
US11516088B1 (en) * 2021-10-28 2022-11-29 Microsoft Technology Licensing, Llc Network configuration verification in computing systems
US11513881B2 (en) * 2017-11-30 2022-11-29 Orange System and method for detecting, managing and relaying a multimedia communication problem and corresponding execution, checking and rule management entities

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016209317A1 (fr) * 2015-06-23 2016-12-29 Dell Products, L.P. Mise en service en un clic et mises à jour poussées vers un système de traitement d'informations distribué et à grande échelle
US20170085446A1 (en) * 2015-09-21 2017-03-23 Splunk Inc. Generating And Displaying Topology Map Time-Lapses Of Cloud Computing Resources
US20180018082A1 (en) * 2016-07-15 2018-01-18 Cisco Technology, Inc. Interface for network configuration via graphical representations of network topology and internetworking services
US10063427B1 (en) * 2015-09-14 2018-08-28 Amazon Technologies, Inc. Visualizing and interacting with resources of an infrastructure provisioned in a network
US20190268218A1 (en) * 2018-02-28 2019-08-29 Red Hat, Inc. Networking visualizations that update data model and deploy visualization
US10469304B1 (en) * 2013-01-16 2019-11-05 Amazon Technologies, Inc. Network visualization service

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10469304B1 (en) * 2013-01-16 2019-11-05 Amazon Technologies, Inc. Network visualization service
WO2016209317A1 (fr) * 2015-06-23 2016-12-29 Dell Products, L.P. Mise en service en un clic et mises à jour poussées vers un système de traitement d'informations distribué et à grande échelle
US10063427B1 (en) * 2015-09-14 2018-08-28 Amazon Technologies, Inc. Visualizing and interacting with resources of an infrastructure provisioned in a network
US20170085446A1 (en) * 2015-09-21 2017-03-23 Splunk Inc. Generating And Displaying Topology Map Time-Lapses Of Cloud Computing Resources
US20180018082A1 (en) * 2016-07-15 2018-01-18 Cisco Technology, Inc. Interface for network configuration via graphical representations of network topology and internetworking services
US20190268218A1 (en) * 2018-02-28 2019-08-29 Red Hat, Inc. Networking visualizations that update data model and deploy visualization

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11513881B2 (en) * 2017-11-30 2022-11-29 Orange System and method for detecting, managing and relaying a multimedia communication problem and corresponding execution, checking and rule management entities
US20220272005A1 (en) * 2021-02-22 2022-08-25 Ordr Inc. Visualization system for private networks and devices
US11863401B2 (en) * 2021-02-22 2024-01-02 Ordr Inc. Visualization system for private networks and devices
US11516088B1 (en) * 2021-10-28 2022-11-29 Microsoft Technology Licensing, Llc Network configuration verification in computing systems
US20230134981A1 (en) * 2021-10-28 2023-05-04 Microsoft Technology Licensing, Llc Network configuration verification in computing systems
US11824727B2 (en) * 2021-10-28 2023-11-21 Microsoft Technology Licensing, Llc Network configuration verification in computing systems

Similar Documents

Publication Publication Date Title
US11533231B2 (en) Configuration and management of scalable global private networks
US11729077B2 (en) Configuration and management of scalable global private networks
US11347806B2 (en) Discovery of containerized platform and orchestration services
US11089115B2 (en) Discovery of cloud-based infrastructure and resources
US11336528B2 (en) Configuration and management of scalable global private networks
US10749943B1 (en) Discovery and mapping of cloud-based resources
CN114338376B (zh) 为不同参考架构配置系统资源的方法和系统
US20200204449A1 (en) Discovery of hyper-converged infrastructure devices
US10970107B2 (en) Discovery of hyper-converged infrastructure
WO2021108652A1 (fr) Configuration et gestion de réseaux privés globaux évolutifs
US10152343B2 (en) Method and apparatus for managing IT infrastructure in cloud environments by migrating pairs of virtual machines
US20200328941A1 (en) Discovery and mapping of cloud-based resource modifications
US11115471B2 (en) Identifying and mitigating configuration item flapping
US20220083883A1 (en) Probabilistic Error Detection and Correction in Form-Based Input of a User Interface
US20220278898A1 (en) Guided configuration item class creation in a remote network management platform
US10999169B1 (en) Configuration and management of scalable global private networks
US10963314B2 (en) Discovery and mapping of a platform-as-a-service environment
US20210064420A1 (en) Computational instance batching and automation orchestration based on resource usage and availability
US10623474B2 (en) Topology graph of a network infrastructure and selected services status on selected hubs and nodes
US20230153725A1 (en) Techniques for determining service risks and causes
US11206175B1 (en) Path analysis service for identifying network configuration settings that block paths in virtual private clouds (VPCs)
US10027544B1 (en) Detecting and managing changes in networking devices
US11223534B2 (en) Systems and methods for hub and spoke cross topology traversal
US11799826B1 (en) Managing the usage of internet protocol (IP) addresses for computing resource networks
US11856064B1 (en) Proactive management of service connections

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20825078

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20825078

Country of ref document: EP

Kind code of ref document: A1