Abstract: A technology is described for a managed NAT (Network Address Translation) system. An example method of the NAT system may include receiving a request to launch a NAT system for a computing network that includes a number of computing devices. The NAT system may be used to allocate network addresses and ports for computing instances executing on one or more host computing devices according to a NAT policy. The NAT policy may include specifications that may be obtained and used to determine allocation of network addresses to the computing instances. The NAT system may then be associated with the computing devices included in the computing network and the NAT policy may be applied among the computing devices.

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

Abstract: A customer may request a service endpoint for a service in their virtual network on a provider network. In response, a service endpoint is generated in the customer's virtual network, a local IP address in the IP address range of the customer's virtual network is assigned to the service endpoint, and a DNS name is assigned to the service endpoint. Resources on the customer's virtual network resolve the DNS name of the service endpoint to obtain the local IP address of the service endpoint and send service requests for the service to the local IP address of the service endpoint. The service endpoint adds routing information to the service requests and sends the service requests over the network substrate to be routed to the service.

Abstract: Techniques are described for managing customer-specified routing policies for network-accessible computing resources. In some situations, the customer-specified routing policies may be based at least in part on DNS (“Domain Name System”) information specified by a customer, such as if the customer specifies one or more target destinations to use with an indicated DNS domain name that are different from the destination IP address(es) provided for that DNS domain name by DNS servers—if so, the managing of such a DNS-based routing policy for that customer may include identifying when network-accessible computing resources provided to the customer send electronic communications to that DNS domain name, and causing those electronic communications to be redirected to the customer-specified target destination(s). Such customer-specified target destinations may include, in different situations, final destinations, intermediate destinations, etc., as well as identify particular routes.

Abstract: The invention is directed to isolated renal cells, including tubular and erythropoietin (EPO)-producing kidney cell populations, and methods of isolating and culturing the same, as well as methods of treating a subject in need with the cell populations.

Abstract: Methods and apparatus for remapping IP addresses of a network to endpoints within a different network. A provider network may allocate IP addresses and resources to a customer. The provider network may allow the customer to remap an IP address to an endpoint on the customer's network. When a packet is received from a client addressed to the IP address, the provider network may determine that the IP address has been remapped to the endpoint. The provider network may translate the source and destination addresses of the packet and encode the packet for transmission over a private communications channel. The encoded packet may be sent to the endpoint via the private communications channel over an intermediate network. Response traffic may be routed to the client through the provider network, or may be directly routed to the client by the customer network.

Abstract: A power distribution system includes two or more power components that distribute power to one or more electrical components. At least some of the power components send and receive signals over power transmission lines to upstream or downstream power components in the power distribution system. The signals include information about power components in the power distribution system.

Abstract: Techniques are described for managing customer-specified routing policies for network-accessible computing resources. In some situations, the customer-specified routing policies may be based at least in part on DNS (“Domain Name System”) information specified by a customer, such as if the customer specifies one or more target destinations to use with an indicated DNS domain name that are different from the destination IP address(es) provided for that DNS domain name by DNS servers—if so, the managing of such a DNS-based routing policy for that customer may include identifying when network-accessible computing resources provided to the customer send electronic communications to that DNS domain name, and causing those electronic communications to be redirected to the customer-specified target destination(s). Such customer-specified target destinations may include, in different situations, final destinations, intermediate destinations, etc., as well as identify particular routes.

Abstract: A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the first interface group to the client-side components. In response to a detection of an unhealthy state of the first compute instance, the first VNI is attached to a different compute instance by the control-plane component.

Abstract: Methods and apparatus that allow clients to connect resource instances to virtual networks in provider network environments via private IP. Via private IP linking methods and apparatus, a client of a provider network can establish private IP communications between the client's resource instances on the provider network and the client's resource instances provisioned in the client's virtual network via links from the private IP address space of the virtual network to the private IP address space of the provider network. The provider network client resource instances remain part of the client's provider network implementation and may thus also communicate with other resource instances on the provider network and/or with entities on external networks via public IP while communicating with the virtual network resource instances via private IP.

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

Abstract: In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service.

Abstract: A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the first interface group to the client-side components. In response to a detection of an unhealthy state of the first compute instance, the first VNI is attached to a different compute instance by the control-plane component.

Abstract: Functionality is disclosed herein for regulating bandwidth that is available for network traffic flowing through a data communications network. In response to attack traffic being detected, one or more traffic regulators are set to control an available bandwidth to be used by the attack traffic. The one or more traffic regulators are adjusted until an attack is no longer detected. After the attack ends, the traffic regulator may be disabled or set to a different mode of operation.

Abstract: Methods and apparatus that allow clients to connect resource instances to virtual networks in provider network environments via private IP. Via private IP linking methods and apparatus, a client of a provider network can establish private IP communications between the client's resource instances on the provider network and the client's resource instances provisioned in the client's virtual network via links from the private IP address space of the virtual network to the private IP address space of the provider network. The provider network client resource instances remain part of the client's provider network implementation and may thus also communicate with other resource instances on the provider network and/or with entities on external networks via public IP while communicating with the virtual network resource instances via private IP.

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

Abstract: In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service.

Abstract: The present invention concerns enriched heterogeneous mammalian renal cell populations characterized by biomarkers, and methods of making and using the same.

Abstract: Processes and systems are disclosed for leasing a producer virtual machine on behalf of a consumer virtual machine in an overlay network. The consumer host of the consumer virtual machine can communicate with a set of leasing agents to obtain the identity of a number of producer virtual machines capable of providing the consumer virtual machine with access to a service. When the consumer virtual machine attempts to communicate with a producer system, the consumer host can identify a producer host that hosts a target producer virtual machine and redirect a service request to the producer host.

Abstract: Functionality is disclosed herein for dynamically deploying an upstream network traffic filter in a network. The upstream network filter is dynamically deployed in a location that is closer to an entry point of an attack such that attack traffic reaches the upstream network filter before reaching a network traffic filter that is configured to perform network traffic filtering for a computing resource that is under attack. The upstream network traffic filter includes rules that are based on at least a portion of the rules that are applied by the network traffic filter.