Abstract: Systems and methods for sloppy routing are provided. A client transmits a DNS query corresponding to a requested resource to a content delivery network (CDN) service provider. In some embodiments, the CDN service provider processes the DNS query to determine whether a threshold content delivery bandwidth has been exceeded by data links at cache servers. In other embodiments, additionally or alternatively, the CDN service provider determines whether a content provider has exceeded a threshold network usage that indicates a price at which the CDN service provider to provide content on behalf of the content provider. Using both or either of these thresholds, the CDN service provider can further process the DNS query by providing an alternative resource identifier or a cache IP address, both associated with an alternative POP. In some embodiments, the CDN service provider determines a routing mode for the response to the DNS query.

Abstract: The present disclosure generally relates to a first network device in a primary region that can failover network traffic into a second network device in a failover region. The first network device can receive routing criteria identifying how traffic originating in the primary region should be routed. The first network device can transmit this routing criteria to the second network device in the failover region. Based on determining the occurrence of a failover event, the first network device may transmit network traffic originating in the primary region to the second network device in the failover region. The second network device can determine how to route the network traffic based on the routing criteria of the primary region. In some embodiments, the second network device can determine how to route the network traffic based on the routing criteria of the failover region.

Abstract: Systems and methods are described for communications between computing devices via a stateless high-volume network address translation (“NAT”) service. The stateless high-volume NAT service manages high volumes of connections between networks by encoding at least part of the information needed to manage a connection in an encoded IPv6 address, which is then used by a NAT device or application as its sending address when relaying data from a source to a destination. The encoded IPv6 address may contain information such as the IPv4 address of the source, the IPv4 address of the destination, the protocol used to communicate, the source and destination ports, and the like. When the destination sends a response to the encoded IPv6 address, the NAT device decodes the IPv6 address to obtain the encoded information, and then uses that information to deliver the response to the source.

Abstract: Systems and methods for sloppy routing are provided. A client transmits a DNS query corresponding to a requested resource to a content delivery network (CDN) service provider. In some embodiments, the CDN service provider processes the DNS query to determine whether a threshold content delivery bandwidth has been exceeded by data links at cache servers. In other embodiments, additionally or alternatively, the CDN service provider determines whether a content provider has exceeded a threshold network usage that indicates a price at which the CDN service provider to provide content on behalf of the content provider. Using both or either of these thresholds, the CDN service provider can further process the DNS query by providing an alternative resource identifier or a cache IP address, both associated with an alternative POP. In some embodiments, the CDN service provider determines a routing mode for the response to the DNS query.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: Disclosed are various embodiments for time based network addresses. A network packet is received over a network by a first computing device from a second computing device. The network packet contains a time-dependent destination address for a third computing device, such as a time-dependent internet protocol version 6 (IPv6) address. The time-dependent destination address contains a time-dependent checksum based at least in part on a current time and an encryption key associated with the third computing device. The checksum is validated upon receipt. In response to a determination that the checksum is valid, the network packet is forwarded to the third computing device.

Abstract: Systems and methods are described to enable and manage the use of origin-facing points of presence (“POPs”) within a content delivery network (“CDN”). Origin-facing POPs can provide a second-tier caching mechanisms in a CDN, such that cache misses occurring at first-tier POPs may be processed by using information maintained at the origin-facing POPs, rather than requiring interaction with an origin server. Associations between origin-facing POPs and origin servers may be automatically created based on a distance between the respective origin-facing POPs and origin servers, such that an operator of the origin server is not required to specify a location of an origin facing POP. First-tier POPs may selectively retrieve content from origin-facing POPs in instances where the origin-facing POP is expected to provide the content more rapidly than the origin server.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point then forwards the traffic to the selected endpoint. In one embodiment, the access point applies network address translation to enable the traffic to be routed to the endpoint without terminating a connection at the endpoint. The access point may use a variety of techniques to ensure resiliency of the network and knowledge of available endpoints.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. Globalized network addresses can be divided among different pools, and each service can be associated with addresses of more than one pool. To increase resiliency, access points can advertise different pools of addresses to different neighboring devices, creating different pathways to reach the access point. If an error occurs on a neighboring network, a client can try to access the service via an address of a different pool, which can be expected to be routed through a different neighboring network, thus enabling the client to reach the access point.

Abstract: Systems and methods are described to enable management of redundant route announcements in an access point including multiple packet processors. Route controllers are described that can generate routing information distributing incoming packets to the access point among the packet processors. The route controllers can operate redundantly, such that a failure of a single controller does not cause a complete failure of the access point. To avoid different announcements by different route controllers (particularly under partial failure scenarios), the route controllers utilize a strongly consistent data store to store routing information. So long as a record within the data store contains valid information, it is considered authoritative and routing information from the record is announced by all route controllers. If the information is invalid, the route controllers attempt to overwrite the information with new, higher priority routing information.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. The access points enable rapid use of connection-oriented communication sessions by conducting an initialization phase of the sessions locally on the access point. Session context information is then handed off to an endpoint for the service, which can provide the service through the already-established sessions. To avoid breaking sessions due to changes in network routing, each access point can apply a uniform selection criteria for endpoints, such that if client traffic is routed to a different access point, that access point redirects the traffic to the same endpoint previously servicing the traffic via an established session.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point is responsive to scaling that might occur at endpoints by periodically retrieving updated configuration information for the endpoints, enabling the access point to nimbly respond to changes in endpoints for the service.

Abstract: Systems and methods are described to enable management of redundant route announcements in an access point including multiple packet processors. Route controllers are described that can generate routing information distributing incoming packets to the access point among the packet processors. The route controllers can operate redundantly, such that a failure of a single controller does not cause a complete failure of the access point. To avoid different announcements by different route controllers (particularly under partial failure scenarios), the route controllers utilize a strongly consistent data store to store routing information. So long as a record within the data store contains valid information, it is considered authoritative and routing information from the record is announced by all route controllers. If the information is invalid, the route controllers attempt to overwrite the information with new, higher priority routing information.

Abstract: Various methods and apparatus for load balancing traffic via dynamic DNS record time-to-live values (“TTLs”) are described. In at least some embodiments, a DNS layer of a DNS load-balanced system receives performance metrics corresponding to a plurality of server instances. If the DNS layer detects a performance metric imbalance for a server instance, it adjusts the TTL value for the DNS records associated with that instance. For example, the DNS layer can lower the TTL value in the DNS records associated with the server instance. This means that clients that have DNS record associated with this server instance will make more frequent DNS queries, thus resulting in at least some of those clients receiving IP addresses for other server instances. In some embodiments, the DNS layer can implement a load balancing scheme that determines which network address(es) to include in a DNS response based on the received performance metrics.

Abstract: Systems and methods for sloppy routing are provided. A client transmits a DNS query corresponding to a requested resource to a content delivery network (CDN) service provider. In some embodiments, the CDN service provider processes the DNS query to determine whether a threshold content delivery bandwidth has been exceeded by data links at cache servers. In other embodiments, additionally or alternatively, the CDN service provider determines whether a content provider has exceeded a threshold network usage that indicates a price at which the CDN service provider to provide content on behalf of the content provider. Using both or either of these thresholds, the CDN service provider can further process the DNS query by providing an alternative resource identifier or a cache IP address, both associated with an alternative POP. In some embodiments, the CDN service provider determines a routing mode for the response to the DNS query.

Abstract: Systems and methods for sloppy routing are provided. A client transmits a DNS query corresponding to a requested resource to a content delivery network (CDN) service provider. In some embodiments, the CDN service provider processes the DNS query to determine whether a threshold content delivery bandwidth has been exceeded by data links at cache servers. In other embodiments, additionally or alternatively, the CDN service provider determines whether a content provider has exceeded a threshold network usage that indicates a price at which the CDN service provider to provide content on behalf of the content provider. Using both or either of these thresholds, the CDN service provider can further process the DNS query by providing an alternative resource identifier or a cache IP address, both associated with an alternative POP. In some embodiments, the CDN service provider determines a routing mode for the response to the DNS query.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. Globalized network addresses can be divided among different pools, and each service can be associated with addresses of more than one pool. To increase resiliency, access points can advertise different pools of addresses to different neighboring devices, creating different pathways to reach the access point. If an error occurs on a neighboring network, a client can try to access the service via an address of a different pool, which can be expected to be routed through a different neighboring network, thus enabling the client to reach the access point.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point then forwards the traffic to the selected endpoint. In one embodiment, the access point applies network address translation to enable the traffic to be routed to the endpoint without terminating a connection at the endpoint. The access point may use a variety of techniques to ensure resiliency of the network and knowledge of available endpoints.

Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. The access points enable rapid use of connection-oriented communication sessions by conducting an initialization phase of the sessions locally on the access point. Session context information is then handed off to an endpoint for the service, which can provide the service through the already-established sessions. To avoid breaking sessions due to changes in network routing, each access point can apply a uniform selection criteria for endpoints, such that if client traffic is routed to a different access point, that access point redirects the traffic to the same endpoint previously servicing the traffic via an established session.