Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: A system, method and computer-readable medium for data uploading based on points of presence (POPs) are provided. In response to a client's request for data uploading, the system provides routing information for POPs that may facilitate data communications between the client and a data storage service provider. The client may fragment the upload data and transmit the data fragments via data connections to POPs, which in turn may relay the received fragments to the data storage service provider. Upon receipt of necessary data fragments, the data storage service provider may merge the data fragments to reconstruct a copy of the upload data for storage.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point then forwards the traffic to the selected endpoint. In one embodiment, the access point applies network address translation to enable the traffic to be routed to the endpoint without terminating a connection at the endpoint. The access point may use a variety of techniques to ensure resiliency of the network and knowledge of available endpoints.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. Globalized network addresses can be divided among different pools, and each service can be associated with addresses of more than one pool. To increase resiliency, access points can advertise different pools of addresses to different neighboring devices, creating different pathways to reach the access point. If an error occurs on a neighboring network, a client can try to access the service via an address of a different pool, which can be expected to be routed through a different neighboring network, thus enabling the client to reach the access point.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. The access points enable rapid use of connection-oriented communication sessions by conducting an initialization phase of the sessions locally on the access point. Session context information is then handed off to an endpoint for the service, which can provide the service through the already-established sessions. To avoid breaking sessions due to changes in network routing, each access point can apply a uniform selection criteria for endpoints, such that if client traffic is routed to a different access point, that access point redirects the traffic to the same endpoint previously servicing the traffic via an established session.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point is responsive to scaling that might occur at endpoints by periodically retrieving updated configuration information for the endpoints, enabling the access point to nimbly respond to changes in endpoints for the service.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. Globalized network addresses can be divided among different pools, and each service can be associated with addresses of more than one pool. To increase resiliency, access points can advertise different pools of addresses to different neighboring devices, creating different pathways to reach the access point. If an error occurs on a neighboring network, a client can try to access the service via an address of a different pool, which can be expected to be routed through a different neighboring network, thus enabling the client to reach the access point.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point then forwards the traffic to the selected endpoint. In one embodiment, the access point applies network address translation to enable the traffic to be routed to the endpoint without terminating a connection at the endpoint. The access point may use a variety of techniques to ensure resiliency of the network and knowledge of available endpoints.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point is responsive to scaling that might occur at endpoints by periodically retrieving updated configuration information for the endpoints, enabling the access point to nimbly respond to changes in endpoints for the service.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. The access points enable rapid use of connection-oriented communication sessions by conducting an initialization phase of the sessions locally on the access point. Session context information is then handed off to an endpoint for the service, which can provide the service through the already-established sessions. To avoid breaking sessions due to changes in network routing, each access point can apply a uniform selection criteria for endpoints, such that if client traffic is routed to a different access point, that access point redirects the traffic to the same endpoint previously servicing the traffic via an established session.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: Systems and methods are described to enable routing of network communications in a content delivery system in a manner expected not to exceed the capacity of individual communication links of points of presence (POPs) within the content delivery system. Specifically, a route mapping service is disclosed that can determine the effect of potential DNS records on volumes of traffic expected to reach a POP through individual communication links, and that can alter DNS records such that the expected traffic does not exceed a capacity of those individual communication links. Illustratively, the DNS records may be altered at a level of individual DNS resolvers interacting with the content delivery system, and the volumes of traffic expected to reach a POP through individual communication links can be determined based on a volume of traffic of client computing devices associated with an individual DNS resolver.

Abstract: A system, method and computer-readable medium for data uploading based on points of presence (POPs) are provided. In response to a client's request for data uploading, the system provides routing information for POPs that may facilitate data communications between the client and a data storage service provider. The client may fragment the upload data and transmit the data fragments via data connections to POPs, which in turn may relay the received fragments to the data storage service provider. Upon receipt of necessary data fragments, the data storage service provider may merge the data fragments to reconstruct a copy of the upload data for storage.

Abstract: A system, method and computer-readable medium for data uploading based on points of presence (POPs) are provided. In response to a client's request for data uploading, the system provides routing information for POPs that may facilitate data communications between the client and a data storage service provider. The client may fragment the upload data and transmit the data fragments via data connections to POPs, which in turn may relay the received fragments to the data storage service provider. Upon receipt of necessary data fragments, the data storage service provider may merge the data fragments to reconstruct a copy of the upload data for storage.

Abstract: Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets are transmitted. Thereafter, the content delivery system may mitigate the attack based on the identified target. For example, where both targeted and non-targeted sets of content are associated with the attacked network addresses, traffic directed to these sets of content may be separated, e.g., in order to reduce the impact of the attack on the non-targeted sets of content or increase the computing resources available to the targeted content. Redirection of traffic may occur using either or both of resolution-based redirection or routing-based redirection.

Abstract: Systems and methods are described to enable routing of network communications in a content delivery system in a manner expected not to exceed the capacity of individual communication links of points of presence (POPs) within the content delivery system. Specifically, a route mapping service is disclosed that can determine the effect of potential DNS records on volumes of traffic expected to reach a POP through individual communication links, and that can alter DNS records such that the expected traffic does not exceed a capacity of those individual communication links. Illustratively, the DNS records may be altered at a level of individual DNS resolvers interacting with the content delivery system, and the volumes of traffic expected to reach a POP through individual communication links can be determined based on a volume of traffic of client computing devices associated with an individual DNS resolver.

Abstract: Systems and methods are described to enable identification of computing resources targeted in a network attack. Network attacks, such as denial of service attacks, are frequently directed to network addresses that host multiple sets of content, each representing a distinct potential target of the network attack. Aspects of this disclosure enable each set of content to be assigned a unique or semi-unique combination of network addresses at which the set of content is accessible. During a network attack, a hosting system can compare the network addresses under attack to those assigned to each set of content to determine which sets of content are potentially targeted by the attack. Where the combination of network addresses is associated with only a single set of content, that set of content can be identified as the target of the network attack.