Abstract: Connectivity is enabled between a first and second isolated network using a virtual traffic hub that includes a decision master node responsible for determining a routing action for a packet received at the hub. At the hub, a determination is made that a particular domain name system (DNS) message being directed to a first resource in the first isolated network is to include an indication of a second resource in the second isolated network. The second resource is assigned a network address within a private address range of the second isolated network, which overlaps with a private address range being used in the first isolated network. The hub causes a transformed version of the network address to be included in the DNS message delivered to the first resource.

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.

Abstract: A virtual private network (VPN) endpoint node is implemented on multiple virtual machines in a provider network. One or more virtual machines execute a packet aggregator. One or more other virtual machines implement cryptographic units. The packet aggregator is configured to distribute incoming encrypted packets from a secure tunnel across the plurality of cryptographic units. Each cryptographic unit is configured to decrypt incoming encrypted packets from the packet aggregator and to encrypt outgoing plaintext packets for transmission across the secure tunnel. The packet aggregator also may assign a sequence number to an outgoing plaintext packet, create a tunneled packet including the sequence number in a header of the tunneled packet and including the plaintext packet in tunneled packet, select one of the cryptographic units, and forward the tunneled packet to the selected cryptographic unit.

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

Abstract: Embodiments presented herein disclose a VPN service which includes a cluster of VPN appliances that requires only an eventually consistent database to share VPN session data among cluster nodes. Doing so provides a VPN service that can scale both horizontally (i.e., the VPN service can support large numbers of VPN appliances) as well as geographically (i.e., nodes of the cluster do not need to be physically proximate to one another in order to satisfy latency requirements). Thus, the VPN service can provide regional endpoints to VPN clients that do not share common points of failure or administrative burdens.

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

Abstract: A forwarding engine of a fleet of forwarding engines forwards packets received from outside a provider network via a direct physical link to a resource within the provider network. A virtual router of a fleet of virtual routers obtains routing metadata from a client-side networking device outside the provider network via a routing information exchange protocol and transmits the routing metadata to the forwarding engine, which uses the metadata to forward the packets. In response to a first trigger, the number of forwarding engines in the fleet is modified. In response to a second trigger, the number of virtual routers in the fleet is modified.

Abstract: The embodiments herein allow importation of a disk image (real or virtual) into a compute service environment. Any imported disk image can be reconfigured into a geometry compatible with the compute service environment into which it is imported. The reconfiguration can be accomplished through modifying the C, H, and S address values in the master boot record in order to match the virtualized disk environment.

Abstract: Techniques are described for facilitating sharing and reuse of executable software images between multiple execution environments. In at least some situations, the executable software images are virtual machine images (e.g., images that are bootable or otherwise loadable by a virtual machine in a particular virtualization environment, and that each include operating system software and/or software for one or more application programs, optionally along with one or more hard disks or other representations of stored data). The described techniques may include use of an image conversion tool that is configured to support interactions with multiple distinct types of source execution environments to extract executable software images from those environments, and to modify extracted software images for execution in one or more distinct types of destination execution environments, optionally as directed by one or more users via a GUI provided by the image conversion tool.

Abstract: A control-plane component of a virtualization-based packet processing service determines (a) a performance goal for a first category of packet processing operations to be implemented using compute instances of a virtual computing service and (b) one or more packet processing rules. The control-plane component assigns one or more compute instances as nodes of a packet processing cluster designated to perform the requested operations. The control-plane component provides metadata to the client, to be used to establish connectivity between the cluster and one or more sources of the traffic whose packets are to be processed.

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

Abstract: Systems and method for the management of virtual machine instances are provided. A network data transmission analysis system can host virtual machine networks. A component of a hosted virtual machine network is configured in a manner to receive commands directed towards a simulated network device. The component may then execute a process or processes on the hosted virtual machine network which correspond to the received command.

Abstract: Systems and method for the management of virtual machine instances are provided. A network data transmission analysis system can host virtual machine networks. A component of a hosted virtual machine network is configured in a manner to receive commands directed towards a simulated network device. The component may then execute a process or processes on the hosted virtual machine network which correspond to the received command.

Abstract: A request to establish a VPN connection between a customer data center and a set of resources of a provider network is received. A new isolated virtual network (IVN) is established to implement a virtual private gateway to be used for the connection. One or more protocol processing engines (PPEs) are instantiated within the IVN, and a respective VPN tunnel is configured between each of the PPEs and the customer data center. Routing information pertaining to the set of resources is provided to the customer data center via at least one of the VPN tunnels, enabling routing of customer data to the set of resources within the provider network from the customer data center.

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

Abstract: Techniques are described for facilitating sharing and reuse of executable software images between multiple execution environments. In at least some situations, the executable software images are virtual machine images (e.g., images that are bootable or otherwise loadable by a virtual machine in a particular virtualization environment, and that each include operating system software and/or software for one or more application programs, optionally along with one or more hard disks or other representations of stored data). The described techniques may include use of an image conversion tool that is configured to support interactions with multiple distinct types of source execution environments to extract executable software images from those environments, and to modify extracted software images for execution in one or more distinct types of destination execution environments, optionally as directed by one or more users via a GUI provided by the image conversion tool.

Abstract: Techniques are described for facilitating sharing and reuse of executable software images between multiple execution environments. In at least some situations, the executable software images are virtual machine images (e.g., images that are bootable or otherwise loadable by a virtual machine in a particular virtualization environment, and that each include operating system software and/or software for one or more application programs, optionally along with one or more hard disks or other representations of stored data). The described techniques may include use of an image conversion tool that is configured to support interactions with multiple distinct types of source execution environments to extract executable software images from those environments, and to modify extracted software images for execution in one or more distinct types of destination execution environments, optionally as directed by one or more users via a GUI provided by the image conversion tool.

Abstract: Systems and method for the management of virtual machine instances are provided. A network data transmission analysis system can host virtual machine networks. A component of a hosted virtual machine network is configured in a manner to receive commands directed towards a simulated network device. The component may then execute a process or processes on the hosted virtual machine network which correspond to the received command.

Abstract: Techniques are described for facilitating sharing and reuse of executable software images between multiple execution environments. In at least some situations, the executable software images are virtual machine images (e.g., images that are bootable or otherwise loadable by a virtual machine in a particular virtualization environment, and that each include operating system software and/or software for one or more application programs, optionally along with one or more hard disks or other representations of stored data). The described techniques may include use of an image conversion tool that is configured to support interactions with multiple distinct types of source execution environments to extract executable software images from those environments, and to modify extracted software images for execution in one or more distinct types of destination execution environments, optionally as directed by one or more users via a GUI provided by the image conversion tool.

Abstract: Architectures and techniques for uploading virtual machine (VM) images to a network-accessible computing platform from a client device while simultaneously performing error detection of the VM images at the client device. One technique can include transmitting a request from the client device to upload VM images. The technique can further include receiving an application from the computing platform and using the application to reconstitute the VM images from a first stream at the client device while performing error detection. The technique also includes using the application to upload the VM images from a second stream at the client device to the computing platform while performing the error detection.