Patents by Inventor Andrew Bruce Dickinson

Andrew Bruce Dickinson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10075305
    Abstract: Methods and apparatus for remapping IP addresses of a network to endpoints within a different network. A provider network may allocate IP addresses and resources to a customer. The provider network may allow the customer to remap an IP address to an endpoint on the customer's network. When a packet is received from a client addressed to the IP address, the provider network may determine that the IP address has been remapped to the endpoint. The provider network may translate the source and destination addresses of the packet and encode the packet for transmission over a private communications channel. The encoded packet may be sent to the endpoint via the private communications channel over an intermediate network. Response traffic may be routed to the client through the provider network, or may be directly routed to the client by the customer network.
    Type: Grant
    Filed: April 17, 2017
    Date of Patent: September 11, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Andrew Bruce Dickinson
  • Patent number: 10050670
    Abstract: A power distribution system includes two or more power components that distribute power to one or more electrical components. At least some of the power components send and receive signals over power transmission lines to upstream or downstream power components in the power distribution system. The signals include information about power components in the power distribution system.
    Type: Grant
    Filed: November 9, 2015
    Date of Patent: August 14, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Peter J. Hill, Matthew D. Rehder, Joseph J. Lindsay, John William Eichelberg, Daniel J. Rohrabaugh, Andrew Bruce Dickinson, Thomas Bradley Scholl, Travis S. Pepper, Michael Phillip Czamara, Richard M. Lotz, Paul A. Stancik, Eduardo M. Parra, Samuel Joseph Mortimer
  • Patent number: 10015094
    Abstract: Techniques are described for managing customer-specified routing policies for network-accessible computing resources. In some situations, the customer-specified routing policies may be based at least in part on DNS (“Domain Name System”) information specified by a customer, such as if the customer specifies one or more target destinations to use with an indicated DNS domain name that are different from the destination IP address(es) provided for that DNS domain name by DNS servers—if so, the managing of such a DNS-based routing policy for that customer may include identifying when network-accessible computing resources provided to the customer send electronic communications to that DNS domain name, and causing those electronic communications to be redirected to the customer-specified target destination(s). Such customer-specified target destinations may include, in different situations, final destinations, intermediate destinations, etc., as well as identify particular routes.
    Type: Grant
    Filed: June 19, 2015
    Date of Patent: July 3, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Kyle Tailor Akers, Chao Yuan, Kevin Christopher Miller, Andrew Bruce Dickinson, Michael Siaosi Voegele, Daniel Lee McCarriar, Yohanes Santoso, David Brian Lennon
  • Publication number: 20180152503
    Abstract: A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the first interface group to the client-side components. In response to a detection of an unhealthy state of the first compute instance, the first VNI is attached to a different compute instance by the control-plane component.
    Type: Application
    Filed: January 26, 2018
    Publication date: May 31, 2018
    Applicant: Amazon Technologies, Inc.
    Inventors: TOBIAS LARS-OLOV HOLGERS, KEVIN CHRISTOPHER MILLER, ANDREW BRUCE DICKINSON, DAVID CARL SALYERS, XIAO ZHANG, SHANE ASHLEY HALL, CHRISTOPHER IAN HENDRIE, ANIKET DEEPAK DIVECHA, RALPH WILLIAM FLORA
  • Publication number: 20180083872
    Abstract: Methods and apparatus that allow clients to connect resource instances to virtual networks in provider network environments via private IP. Via private IP linking methods and apparatus, a client of a provider network can establish private IP communications between the client's resource instances on the provider network and the client's resource instances provisioned in the client's virtual network via links from the private IP address space of the virtual network to the private IP address space of the provider network. The provider network client resource instances remain part of the client's provider network implementation and may thus also communicate with other resource instances on the provider network and/or with entities on external networks via public IP while communicating with the virtual network resource instances via private IP.
    Type: Application
    Filed: November 27, 2017
    Publication date: March 22, 2018
    Applicant: Amazon Technologies, Inc.
    Inventors: KEVIN CHRISTOPHER MILLER, ANDREW BRUCE DICKINSON, ERIC WAYNE SCHULTZE, IAN ROGER SEARLE, SHANE ASHLEY HALL, DEEPAK MOHAN, DAVID BRIAN LENNON
  • Publication number: 20180054421
    Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.
    Type: Application
    Filed: October 30, 2017
    Publication date: February 22, 2018
    Applicant: Amazon Technologies, Inc.
    Inventors: Bashuman Deb, Andrew Bruce Dickinson, Christopher Ian Hendrie
  • Publication number: 20180034663
    Abstract: In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service.
    Type: Application
    Filed: October 9, 2017
    Publication date: February 1, 2018
    Applicant: Amazon Technologies, Inc.
    Inventors: Kevin Christopher Miller, Richard Alexander Sheehan, Douglas Stewart Laurence, Marwan Salah EL-Din Oweis, Andrew Bruce Dickinson
  • Patent number: 9882968
    Abstract: A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the first interface group to the client-side components. In response to a detection of an unhealthy state of the first compute instance, the first VNI is attached to a different compute instance by the control-plane component.
    Type: Grant
    Filed: December 9, 2014
    Date of Patent: January 30, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Tobias Lars-Olov Holgers, Kevin Christopher Miller, Andrew Bruce Dickinson, David Carl Salyers, Xiao Zhang, Shane Ashley Hall, Christopher Ian Hendrie, Aniket Deepak Divecha, Ralph William Flora
  • Patent number: 9847970
    Abstract: Functionality is disclosed herein for regulating bandwidth that is available for network traffic flowing through a data communications network. In response to attack traffic being detected, one or more traffic regulators are set to control an available bandwidth to be used by the attack traffic. The one or more traffic regulators are adjusted until an attack is no longer detected. After the attack ends, the traffic regulator may be disabled or set to a different mode of operation.
    Type: Grant
    Filed: April 30, 2014
    Date of Patent: December 19, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Joseph Paul Zipperer, Andrew Bruce Dickinson, Kirk Arlo Petersen
  • Patent number: 9832118
    Abstract: Methods and apparatus that allow clients to connect resource instances to virtual networks in provider network environments via private IP. Via private IP linking methods and apparatus, a client of a provider network can establish private IP communications between the client's resource instances on the provider network and the client's resource instances provisioned in the client's virtual network via links from the private IP address space of the virtual network to the private IP address space of the provider network. The provider network client resource instances remain part of the client's provider network implementation and may thus also communicate with other resource instances on the provider network and/or with entities on external networks via public IP while communicating with the virtual network resource instances via private IP.
    Type: Grant
    Filed: November 14, 2014
    Date of Patent: November 28, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Kevin Christopher Miller, Andrew Bruce Dickinson, Eric Wayne Schultze, Ian Roger Searle, Shane Ashley Hall, Deepak Mohan, David Brian Lennon
  • Patent number: 9807057
    Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.
    Type: Grant
    Filed: December 17, 2013
    Date of Patent: October 31, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Bashuman Deb, Andrew Bruce Dickinson, Christopher Ian Hendrie
  • Patent number: 9787499
    Abstract: In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service.
    Type: Grant
    Filed: September 19, 2014
    Date of Patent: October 10, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Kevin Christopher Miller, Richard Alexander Sheehan, Douglas Stewart Laurence, Marwan Salah El-Din Oweis, Andrew Bruce Dickinson
  • Patent number: 9780993
    Abstract: Processes and systems are disclosed for leasing a producer virtual machine on behalf of a consumer virtual machine in an overlay network. The consumer host of the consumer virtual machine can communicate with a set of leasing agents to obtain the identity of a number of producer virtual machines capable of providing the consumer virtual machine with access to a service. When the consumer virtual machine attempts to communicate with a producer system, the consumer host can identify a producer host that hosts a target producer virtual machine and redirect a service request to the producer host.
    Type: Grant
    Filed: June 26, 2013
    Date of Patent: October 3, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Vishal Parakh, Andrew Bruce Dickinson, Pradeep Vincent
  • Patent number: 9774611
    Abstract: Functionality is disclosed herein for dynamically deploying an upstream network traffic filter in a network. The upstream network filter is dynamically deployed in a location that is closer to an entry point of an attack such that attack traffic reaches the upstream network filter before reaching a network traffic filter that is configured to perform network traffic filtering for a computing resource that is under attack. The upstream network traffic filter includes rules that are based on at least a portion of the rules that are applied by the network traffic filter.
    Type: Grant
    Filed: March 11, 2014
    Date of Patent: September 26, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Joseph Paul Zipperer, Andrew Bruce Dickinson, Kirk Arlo Petersen
  • Patent number: 9762433
    Abstract: Systems and methods are described to provide fault tolerant folded Clos networks. A folded Clos network is disclosed including a set of tier 1 routers interconnected with a set of tier 2 routers. Tier 1 routers are configured to view a set of tier 2 routers as a single aggregate router. Accordingly, tier 1 routers are unaware of faults between tier 2 routers and additional tier 1 routers. A throwback router is connected to each tier 2 router to facilitate handling of data under such fault conditions. When a tier 2 router receives undeliverable data, the data is passed to a throwback router, which retransmits the data to an additional tier 2 router. Data that is retransmitted multiple times can be disregarded by the throwback router.
    Type: Grant
    Filed: October 26, 2015
    Date of Patent: September 12, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Thomas Bradley Scholl, Andrew Bruce Dickinson
  • Publication number: 20170222833
    Abstract: Methods and apparatus for remapping IP addresses of a network to endpoints within a different network. A provider network may allocate IP addresses and resources to a customer. The provider network may allow the customer to remap an IP address to an endpoint on the customer's network. When a packet is received from a client addressed to the IP address, the provider network may determine that the IP address has been remapped to the endpoint. The provider network may translate the source and destination addresses of the packet and encode the packet for transmission over a private communications channel. The encoded packet may be sent to the endpoint via the private communications channel over an intermediate network. Response traffic may be routed to the client through the provider network, or may be directly routed to the client by the customer network.
    Type: Application
    Filed: April 17, 2017
    Publication date: August 3, 2017
    Applicant: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Andrew Bruce Dickinson
  • Patent number: 9641434
    Abstract: Private network address obfuscation and verification methods and apparatus that may obfuscate private network source addresses embedded in packet header addresses when sending packets from private networks onto or over external, public networks, and that verify incoming packets to the private networks using the obfuscated private network addresses embedded in the incoming packet header destination addresses. Obfuscating the private network addresses embedded in outgoing packets and verifying incoming packets according to the obfuscated content embedded in the destination addresses may help keep the private network addresses of endpoints on the private network hidden in the packet header content on public networks and difficult to detect by entities on the public networks, which may, for example, make malicious activities such as denial of service (DoS) attacks on the private network impractical.
    Type: Grant
    Filed: December 17, 2014
    Date of Patent: May 2, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Douglas Stewart Laurence, Eric Jason Brandwine, Andrew Bruce Dickinson, James Christopher Sorenson, III
  • Patent number: 9602330
    Abstract: Techniques are disclosed for dividing a TCP handshake into multiple parts, in a system comprising an edge device, an intermediary computing node, and a destination computing node. A client sends a TCP SYN packet to the edge device, to establish a TCP connection with the destination computing node. The edge device performs the handshake, and then forwards an ACK packet to the intermediary computing node. The intermediary computing node uses that ACK packet to generate a second SYN packet, and uses that SYN packet to perform a TCP handshake with the destination computing node. Then, TCP sequence numbers are converted between what is expected by the client and destination in packets sent between the two.
    Type: Grant
    Filed: May 23, 2013
    Date of Patent: March 21, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Andrew Bruce Dickinson, Kirk Arlo Petersen
  • Patent number: 9491098
    Abstract: Methods and apparatus for transparent multipath utilization through encapsulation are disclosed. Respective encapsulation packets are generated for at least two different baseline packets transmitted between a source and destination linked by multiple network paths. Each encapsulation packet comprises contents of a corresponding baseline packet, and one or more data values selected in accordance with a path balancing policy. The data values added to one encapsulation packet may differ from those added to another. Different network paths to the destination may be selected for different encapsulation packets of a given transmission based at least in part on the added data values.
    Type: Grant
    Filed: November 18, 2013
    Date of Patent: November 8, 2016
    Assignee: Amazon Technologies, Inc.
    Inventors: Matthew Shawn Wilson, Andrew Bruce Dickinson, Justin Oliver Pietsch, Aaron C. Thompson, Frederick David Sinn, Alan Michael Judge, Jagwinder Singh Brar
  • Publication number: 20160173323
    Abstract: Systems and methods are described to provide fault tolerant folded Clos networks. A folded Clos network is disclosed including a set of tier 1 routers interconnected with a set of tier 2 routers. Tier 1 routers are configured to view a set of tier 2 routers as a single aggregate router. Accordingly, tier 1 routers are unaware of faults between tier 2 routers and additional tier 1 routers. A throwback router is connected to each tier 2 router to facilitate handling of data under such fault conditions. When a tier 2 router receives undeliverable data, the data is passed to a throwback router, which retransmits the data to an additional tier 2 router. Data that is retransmitted multiple times can be disregarded by the throwback router.
    Type: Application
    Filed: October 26, 2015
    Publication date: June 16, 2016
    Inventors: Thomas Bradley Scholl, Andrew Bruce Dickinson