Patents by Inventor Andrew Bruce Dickinson
Andrew Bruce Dickinson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240097939Abstract: In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service.Type: ApplicationFiled: September 11, 2023Publication date: March 21, 2024Applicant: Amazon Technologies, Inc.Inventors: Kevin Christopher Miller, Richard Alexander Sheehan, Douglas Stewart Laurence, Marwan Salah El-Din Oweis, Andrew Bruce Dickinson
-
Patent number: 11792116Abstract: Disclosed are various embodiments of a stateful network router. In one embodiment, a network data connection is intercepted between a first host and a second host on a network. First data packets from the network data connection sent by the first host to the second host are routed to a target network appliance. Second data packets from the network data connection sent by the second host to the first host are also to the target network appliance.Type: GrantFiled: August 4, 2021Date of Patent: October 17, 2023Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Andrew Bruce Dickinson, Anoop Dawani, Joseph Elmar Magerramov, Nishant Mehta, Lee Spencer Dillard
-
Patent number: 11792041Abstract: In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service.Type: GrantFiled: November 19, 2020Date of Patent: October 17, 2023Assignee: Amazon Technologies, Inc.Inventors: Kevin Christopher Miller, Richard Alexander Sheehan, Douglas Stewart Laurence, Marwan Salah El-Din Oweis, Andrew Bruce Dickinson
-
Patent number: 11770364Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.Type: GrantFiled: January 8, 2021Date of Patent: September 26, 2023Assignee: Amazon Technologies, Inc.Inventors: Bashuman Deb, Andrew Bruce Dickinson, Christopher Ian Hendrie
-
Patent number: 11671365Abstract: Route tables may be associated with ingress traffic for logically isolated networks. A routing device at the edge of a logically isolated network may receive a route to include in a route table that is associated with ingress traffic to the logically isolated network to forward the ingress traffic to a network appliance hosted in the logically isolated network. Network packets received at the edge routing device may have a destination of a computing resource hosted in the logically isolated network. The edge routing device may identify the route in the route table to override the destination in the network packet with the network appliance and forward the network packet to the network appliance according to the route.Type: GrantFiled: November 9, 2020Date of Patent: June 6, 2023Assignee: Amazon Technologies, Inc.Inventor: Andrew Bruce Dickinson
-
Publication number: 20230171188Abstract: Methods and apparatus that allow clients to connect resource instances to virtual networks in provider network environments via private IP. Via private IP linking methods and apparatus, a client of a provider network can establish private IP communications between the client's resource instances on the provider network and the client's resource instances provisioned in the client's virtual network via links from the private IP address space of the virtual network to the private IP address space of the provider network. The provider network client resource instances remain part of the client's provider network implementation and may thus also communicate with other resource instances on the provider network and/or with entities on external networks via public IP while communicating with the virtual network resource instances via private IP.Type: ApplicationFiled: November 21, 2022Publication date: June 1, 2023Applicant: Amazon Technologies, Inc.Inventors: Kevin Christopher Miller, Andrew Bruce Dickinson, Eric Wayne Schultze, Ian Roger Searle, Shane Ashley Hall, Deepak Mohan, David Brian Lennon
-
Patent number: 11509577Abstract: Methods and apparatus that allow clients to connect resource instances to virtual networks in provider network environments via private IP. Via private IP linking methods and apparatus, a client of a provider network can establish private IP communications between the client's resource instances on the provider network and the client's resource instances provisioned in the client's virtual network via links from the private IP address space of the virtual network to the private IP address space of the provider network. The provider network client resource instances remain part of the client's provider network implementation and may thus also communicate with other resource instances on the provider network and/or with entities on external networks via public IP while communicating with the virtual network resource instances via private IP.Type: GrantFiled: August 2, 2019Date of Patent: November 22, 2022Assignee: Amazon Technologies, Inc.Inventors: Kevin Christopher Miller, Andrew Bruce Dickinson, Eric Wayne Schultze, Ian Roger Searle, Shane Ashley Hall, Deepak Mohan, David Brian Lennon
-
Patent number: 11115322Abstract: Disclosed are various embodiments of a stateful network router. In one embodiment, a stateful network router intercepts a network data connection between a first host and a second host on a network. The stateful network router routes first data packets from the network data connection sent by the first host to the second host to a target. The stateful network router also routes second data packets from the network data connection sent by the second host to the first host to the target.Type: GrantFiled: March 27, 2019Date of Patent: September 7, 2021Assignee: Amazon Technologies, Inc.Inventors: Andrew Bruce Dickinson, Anoop Dawani, Joseph Elmar Magerramov, Nishant Mehta, Lee Spencer Dillard
-
Publication number: 20210160218Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.Type: ApplicationFiled: January 8, 2021Publication date: May 27, 2021Applicant: Amazon Technologies, Inc.Inventors: Bashuman Deb, Andrew Bruce Dickinson, Christopher Ian Hendrie
-
Publication number: 20210152392Abstract: In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service.Type: ApplicationFiled: November 19, 2020Publication date: May 20, 2021Applicant: Amazon Technologies, Inc.Inventors: Kevin Christopher Miller, Richard Alexander Sheehan, Douglas Stewart Laurence, Marwan Salah El-Din Oweis, Andrew Bruce Dickinson
-
Publication number: 20210135991Abstract: Route tables may be associated with ingress traffic for logically isolated networks. A routing device at the edge of a logically isolated network may receive a route to include in a route table that is associated with ingress traffic to the logically isolated network to forward the ingress traffic to a network appliance hosted in the logically isolated network. Network packets received at the edge routing device may have a destination of a computing resource hosted in the logically isolated network. The edge routing device may identify the route in the route table to override the destination in the network packet with the network appliance and forward the network packet to the network appliance according to the route.Type: ApplicationFiled: November 9, 2020Publication date: May 6, 2021Applicant: Amazon Technologies, Inc.Inventor: Andrew Bruce Dickinson
-
Patent number: 10893024Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.Type: GrantFiled: January 25, 2019Date of Patent: January 12, 2021Assignee: Amazon Technologies, Inc.Inventors: Bashuman Deb, Andrew Bruce Dickinson, Christopher Ian Hendrie
-
Patent number: 10868758Abstract: Bypass flow may be enabled for network traffic between devices. A source device may include a flow identifier in an outbound packet that is sent to a destination device. An inbound packed sent from the destination device may include information that describes a network path between the source device and the destination device. Subsequent outbound packets bound for the destination device may be rewritten based on the information describing the network path to bypass one or more network devices in the network path.Type: GrantFiled: September 20, 2018Date of Patent: December 15, 2020Assignee: Amazon Technologies, Inc.Inventors: Brett Steven Nash, Andrew Bruce Dickinson, Rajagopal Subramaniyan, Avik Kumar Saha, Todd Freed
-
Patent number: 10862709Abstract: A flow policy service that allows clients to define policies for packet flows to, from, and within their virtual networks on a provider network. Logic may be embedded in a flow policy that dictates what happens to a packet as it enters the network, or after the packet leaves an appliance. Via the service, a client may define conditional rules that specify different paths that packets should follow on the provider network according to conditional evaluations of information about the packets, for example source and/or destination endpoints of the packets, or output codes from appliances that process the packets.Type: GrantFiled: January 18, 2017Date of Patent: December 8, 2020Assignee: Amazon Technologies, Inc.Inventors: Andrew Bruce Dickinson, Kevin Christopher Miller, Eric Wayne Schultze
-
Patent number: 10862796Abstract: A flow policy service that allows clients to define policies for packet flows to, from, and within their virtual networks on a provider network. Via the service, a client may define rules that specify appliances that inbound, outbound, and/or internal virtual network traffic should flow through. The rules may, for example, be attached to the virtual network, to subnets within the virtual network, and/or to resource instances within the virtual network. The rules may be specified in a descriptive, domain-specific language. The service determines how and where on the provider network to implement the rules in order to apply the specified policy. Thus, the actual implementation of the policy may be hidden from the client. The service may generate flow reports that may be used to confirm that traffic to, from, or within a virtual network is flowing through the correct network appliances according to the policy.Type: GrantFiled: January 18, 2017Date of Patent: December 8, 2020Assignee: Amazon Technologies, Inc.Inventors: Andrew Bruce Dickinson, Kevin Christopher Miller, Eric Wayne Schultze
-
Patent number: 10848346Abstract: In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service.Type: GrantFiled: April 5, 2019Date of Patent: November 24, 2020Assignee: Amazon Technologies, Inc.Inventors: Kevin Christopher Miller, Richard Alexander Sheehan, Douglas Stewart Laurence, Marwan Salah EL-Din Oweis, Andrew Bruce Dickinson
-
Patent number: 10833992Abstract: Route tables may be associated with ingress traffic for logically isolated networks. A routing device at the edge of a logically isolated network may receive a route to include in a route table that is associated with ingress traffic to the logically isolated network to forward the ingress traffic to a network appliance hosted in the logically isolated network. Network packets received at the edge routing device may have a destination of a computing resource hosted in the logically isolated network. The edge routing device may identify the route in the route table to override the destination in the network packet with the network appliance and forward the network packet to the network appliance according to the route.Type: GrantFiled: December 14, 2018Date of Patent: November 10, 2020Assignee: Amazon Technologies, Inc.Inventor: Andrew Bruce Dickinson
-
Patent number: 10812384Abstract: Techniques are described for managing customer-specified routing policies for network-accessible computing resources. In some situations, the customer-specified routing policies may be based at least in part on DNS (“Domain Name System”) information specified by a customer, such as if the customer specifies one or more target destinations to use with an indicated DNS domain name that are different from the destination IP address(es) provided for that DNS domain name by DNS servers—if so, the managing of such a DNS-based routing policy for that customer may include identifying when network-accessible computing resources provided to the customer send electronic communications to that DNS domain name, and causing those electronic communications to be redirected to the customer-specified target destination(s). Such customer-specified target destinations may include, in different situations, final destinations, intermediate destinations, etc., as well as identify particular routes.Type: GrantFiled: July 2, 2018Date of Patent: October 20, 2020Assignee: Amazon Technologies, Inc.Inventors: Kyle Tailor Akers, Chao Yuan, Kevin Christopher Miller, Andrew Bruce Dickinson, Michael Siaosi Voegele, Daniel Lee McCarriar, Yohanes Santoso, David Brian Lennon
-
Patent number: 10764168Abstract: Techniques are disclosed for determining for determining parameters for a Transmission Control Protocol (TCP) connection between two computing nodes before the connection is established. In embodiments, the latency of data transmission between two computing nodes and the throughput capacity of a network link are measured, and from this data, TCP parameters for a future network connection between two computing nodes are determined. This information is sent to a TCP stack that stores it in its route table. Then, the TCP stack uses TCP parameters based on the information stored in the route table.Type: GrantFiled: September 30, 2013Date of Patent: September 1, 2020Assignee: Amazon Technologies, Inc.Inventors: Andrew Bruce Dickinson, Matthew Shawn Wilson
-
Patent number: 10735499Abstract: A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the first interface group to the client-side components. In response to a detection of an unhealthy state of the first compute instance, the first VNI is attached to a different compute instance by the control-plane component.Type: GrantFiled: March 22, 2019Date of Patent: August 4, 2020Assignee: Amazon Technologies, Inc.Inventors: Tobias Lars-Olov Holgers, Kevin Christopher Miller, Andrew Bruce Dickinson, David Carl Salyers, Xiao Zhang, Shane Ashley Hall, Christopher Ian Hendrie, Aniket Deepak Divecha, Ralph William Flora