Abstract: Connectivity is enabled between a first and second isolated network using a virtual traffic hub that includes a decision master node responsible for determining a routing action for a packet received at the hub. At the hub, a determination is made that a particular domain name system (DNS) message being directed to a first resource in the first isolated network is to include an indication of a second resource in the second isolated network. The second resource is assigned a network address within a private address range of the second isolated network, which overlaps with a private address range being used in the first isolated network. The hub causes a transformed version of the network address to be included in the DNS message delivered to the first resource.

Abstract: Systems and methods are provided for evaluation of networks and changes thereto using automated analysis of network models. The automated analysis can be used to determine how to implement and mutate networks efficiently and effectively, to determine whether and why network resources are unable to communicate with each other, and the like. Automated analysis can allow users (e.g., network administrators) to define networks and pose changes to networks using high-level policies (e.g., written in a declarative language), have those polices automatically translated to lower-level implementation operations for analysis, and in some cases have results of the analysis presented back to the users in an easy-to-understand form.

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.

Abstract: Systems and methods are provided for management of network segments that cross geographic regions and/or other types of network divisions in a cloud-based network environment. A cloud-based network provider's geographically-dispersed network infrastructure may serve as the core of a client's private wide area network, and the client may define isolated segments to which other networks (virtual private clouds, virtual private networks, etc.) may be attached. The various segments may remain logically isolated from each other even when implemented across some or all of the same regions—and using the same physical and/or virtual routing components—as other segments of the same client and/or other clients.

Abstract: Connectivity is enabled between a first and second isolated network using a virtual traffic hub that includes a decision master node responsible for determining a routing action for a packet received at the hub. At the hub, a determination is made that a particular domain name system (DNS) message being directed to a first resource in the first isolated network is to include an indication of a second resource in the second isolated network. The second resource is assigned a network address within a private address range of the second isolated network, which overlaps with a private address range being used in the first isolated network. The hub causes a transformed version of the network address to be included in the DNS message delivered to the first resource.

Abstract: A pair of virtual routers is configured. In response to programmatic requests, dynamic transfer of routing information between the routers in accordance with configuration settings indicated by a client is enabled. The routing information is associated with a set of isolated networks to which the virtual routers are attached. A network packet originating at an address in a first isolated network is transmitted to an address in a second isolated network using a route determined from routing information transmitted between the virtual routers according to the configuration settings.

Abstract: Systems and methods are provided for management of network segments that cross geographic regions and/or other types of network divisions in a cloud-based network environment. Gateway may manage traffic across regions using routing metadata that includes a segment identifier. The gateways may also signal their routes across regions based on segment data, and implement the signaled routes using segment-based routing policies. Route selection may be performed using optimization data.

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

Abstract: This disclosure describes techniques for configuring and managing scalable global private networks associated with a service provider. Different input mechanisms, such as an API, a UI, or a CLI may be utilized to configure, and manage a global private network that spans across the cloud in different geographic locations and connects to different stand-alone networks. The user may proactively use the input mechanisms to configure and query different network resources to reactively configure settings for reacting to one or more events. The input mechanisms may also be utilized to define the network resources to be modeled within the global private network as well as connections within the global network. A user may configure events/metrics to be monitored, tasks/workflows to be performed, and the like. In some configurations, a network management service (NMS) may perform health monitoring and reachability monitoring to identify possible issues in the global network.

Abstract: An indication of a set of premises between which network traffic is to be routed via a private fiber backbone of a provider network is obtained. Respective virtual routers are configured for a first premise and a second premise, and connectivity is established between the virtual routers and routing information sources at the premises. Contents of at least one network packet originating at the first premise are transmitted to the second premise via the private fiber backbone using routing information obtained at the virtual routers from the routing information source at the second premise.

Abstract: Systems and methods are provided to enable packets of network traffic to be hashed to available network gateway. Each packet can include a route table with a pool of network gateways as a next-hop of the packet. A network device may intercept the packet and hash the packet to a network gateway of the pool of network gateways. The network gateway can correspond to a stateful network router and the stateful network router can transmit the packet to a network appliance. The network device can monitor and perform health-checks on the network gateways, the stateful network routers, and the network appliances. The network device can remove components that are no longer healthy or available and can add components that subsequently become healthy.

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.

Abstract: Network pathways are identified to transfer packets between a pair of regional virtual traffic hubs of a provider network. At a first hub of the pair, a first action is performed, resulting in a transmission of a packet received from a first isolated network to the second hub along a pathway selected using dynamic routing parameters. At the second hub, a second action is performed, resulting in the transmission of the packet to a destination within a second isolated network.

Abstract: An indication of a set of premises between which network traffic is to be routed via a private fiber backbone of a provider network is obtained. Respective virtual routers are configured for a first premise and a second premise, and connectivity is established between the virtual routers and routing information sources at the premises. Contents of at least one network packet originating at the first premise are transmitted to the second premise via the private fiber backbone using routing information obtained at the virtual routers from the routing information source at the second premise.

Abstract: Systems and methods are provided to enable packets of network traffic to be hashed to available network gateway. Each packet can include a route table with a pool of network gateways as a next-hop of the packet. A network device may intercept the packet and hash the packet to a network gateway of the pool of network gateways. The network gateway can correspond to a stateful network router and the stateful network router can transmit the packet to a network appliance. The network device can monitor and perform health-checks on the network gateways, the stateful network routers, and the network appliances. The network device can remove components that are no longer healthy or available and can add components that subsequently become healthy.

Abstract: This disclosure describes techniques for configuring and managing scalable global private networks associated with a service provider. Different input mechanisms, such as an API, a UI, or a CLI may be utilized to configure, and manage a global private network that spans across the cloud in different geographic locations and connects to different stand-alone networks. The user may proactively use the input mechanisms to configure and query different network resources to reactively configure settings for reacting to one or more events. The input mechanisms may also be utilized to define the network resources to be modeled within the global private network as well as connections within the global network. A user may configure events/metrics to be monitored, tasks/workflows to be performed, and the like. In some configurations, a network management service (NMS) may perform health monitoring and reachability monitoring to identify possible issues in the global network.

Abstract: A pair of virtual routers is configured. In response to programmatic requests, dynamic transfer of routing information between the routers in accordance with configuration settings indicated by a client is enabled. The routing information is associated with a set of isolated networks to which the virtual routers are attached. A network packet originating at an address in a first isolated network is transmitted to an address in a second isolated network using a route determined from routing information transmitted between the virtual routers according to the configuration settings.

Abstract: An indication of a set of premises between which network traffic is to be routed via a private fiber backbone of a provider network is obtained. Respective virtual routers are configured for a first premise and a second premise, and connectivity is established between the virtual routers and routing information sources at the premises. Contents of at least one network packet originating at the first premise are transmitted to the second premise via the private fiber backbone using routing information obtained at the virtual routers from the routing information source at the second premise.

Abstract: A message indicating an auxiliary task associated with traffic transmitted via a virtual router between a pair of isolated networks is received at an offloading device. A stack multiplexer at the offloading device selects a protocol stack instance to process the message. A result of the auxiliary task is obtained by the multiplexer from the selected protocol stack instance and transmitted to the virtual router, where it is used to transmit a packet between the isolated networks.

Abstract: Network pathways are identified to transfer packets between a pair of regional virtual traffic hubs of a provider network. At a first hub of the pair, a first action is performed, resulting in a transmission of a packet received from a first isolated network to the second hub along a pathway selected using dynamic routing parameters. At the second hub, a second action is performed, resulting in the transmission of the packet to a destination within a second isolated network.