Abstract: Systems and methods are described to enable the load-balanced use of globalized network addresses, addressable throughout a network to access a network-accessible service. A set of global access points are provided, which advertise availability of the globalized network addresses. On receiving a request to access a network-accessible service, a global access point can select an endpoint for the service from among a number of data centers, based on a desired distribution of traffic among the data centers. The access point is responsive to scaling that might occur at endpoints by periodically retrieving updated configuration information for the endpoints, enabling the access point to nimbly respond to changes in endpoints for the service.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: A system, method, and computer-readable medium for point of presence (POP) based traffic surge detection and mitigation are provided. The system detects a traffic surge for a target group of resources directed at a source POP based on the target group's rank shifts and volume changes among recent time intervals. The system mitigates the detected traffic surge by identifying destination POPs with spare capacity and routing at least a portion of incoming requests for the target group of resources to the destination POPs in accordance with their spare capacities.

Abstract: Systems and methods are described to enable routing of network communications in a content delivery system in a manner expected not to exceed the capacity of individual communication links of points of presence (POPs) within the content delivery system. Specifically, a route mapping service is disclosed that can determine the effect of potential DNS records on volumes of traffic expected to reach a POP through individual communication links, and that can alter DNS records such that the expected traffic does not exceed a capacity of those individual communication links. Illustratively, the DNS records may be altered at a level of individual DNS resolvers interacting with the content delivery system, and the volumes of traffic expected to reach a POP through individual communication links can be determined based on a volume of traffic of client computing devices associated with an individual DNS resolver.

Abstract: Systems and methods are described to enable and manage the use of origin-facing points of presence (“POPs”) within a content delivery network (“CDN”). Origin-facing POPs can provide a second-tier caching mechanisms in a CDN, such that cache misses occurring at first-tier POPs may be processed by using information maintained at the origin-facing POPs, rather than requiring interaction with an origin server. Associations between origin-facing POPs and origin servers may be automatically created based on a distance between the respective origin-facing POPs and origin servers, such that an operator of the origin server is not required to specify a location of an origin facing POP. First-tier POPs may selectively retrieve content from origin-facing POPs in instances where the origin-facing POP is expected to provide the content more rapidly than the origin server.

Abstract: Systems and methods are described to enable and manage the use of origin-facing points of presence (“POPs”) within a content delivery network (“CDN”). Origin-facing POPs can provide a second-tier caching mechanisms in a CDN, such that cache misses occurring at first-tier POPs may be processed by using information maintained at the origin-facing POPs, rather than requiring interaction with an origin server. Associations between origin-facing POPs and origin servers may be automatically created based on a distance between the respective origin-facing POPs and origin servers, such that an operator of the origin server is not required to specify a location of an origin facing POP. First-tier POPs may selectively retrieve content from origin-facing POPs in instances where the origin-facing POP is expected to provide the content more rapidly than the origin server.

Abstract: Systems and methods for sloppy routing are provided. A client transmits a DNS query corresponding to a requested resource to a content delivery network (CDN) service provider. In some embodiments, the CDN service provider processes the DNS query to determine whether a threshold content delivery bandwidth has been exceeded by data links at cache servers. In other embodiments, additionally or alternatively, the CDN service provider determines whether a content provider has exceeded a threshold network usage that indicates a price at which the CDN service provider to provide content on behalf of the content provider. Using both or either of these thresholds, the CDN service provider can further process the DNS query by providing an alternative resource identifier or a cache IP address, both associated with an alternative POP. In some embodiments, the CDN service provider determines a routing mode for the response to the DNS query.

Abstract: Systems and methods are described to enable routing of network communications in a content delivery system in a manner expected not to exceed the capacity of individual communication links of points of presence (POPs) within the content delivery system. Specifically, a route mapping service is disclosed that can determine the effect of potential DNS records on volumes of traffic expected to reach a POP through individual communication links, and that can alter DNS records such that the expected traffic does not exceed a capacity of those individual communication links. Illustratively, the DNS records may be altered at a level of individual DNS resolvers interacting with the content delivery system, and the volumes of traffic expected to reach a POP through individual communication links can be determined based on a volume of traffic of client computing devices associated with an individual DNS resolver.

Abstract: Systems and methods for sloppy routing are provided. A client transmits a DNS query corresponding to a requested resource to a content delivery network (CDN) service provider. In some embodiments, the CDN service provider processes the DNS query to determine whether a threshold content delivery bandwidth has been exceeded by data links at cache servers. In other embodiments, additionally or alternatively, the CDN service provider determines whether a content provider has exceeded a threshold network usage that indicates a price at which the CDN service provider to provide content on behalf of the content provider. Using both or either of these thresholds, the CDN service provider can further process the DNS query by providing an alternative resource identifier or a cache IP address, both associated with an alternative POP. In some embodiments, the CDN service provider determines a routing mode for the response to the DNS query.

Abstract: Systems and methods for sloppy routing are provided. A client transmits a DNS query corresponding to a requested resource to a content delivery network (CDN) service provider. In some embodiments, the CDN service provider processes the DNS query to determine whether a threshold content delivery bandwidth has been exceeded by data links at cache servers. In other embodiments, additionally or alternatively, the CDN service provider determines whether a content provider has exceeded a threshold network usage that indicates a price at which the CDN service provider to provide content on behalf of the content provider. Using both or either of these thresholds, the CDN service provider can further process the DNS query by providing an alternative resource identifier or a cache IP address, both associated with an alternative POP. In some embodiments, the CDN service provider determines a routing mode for the response to the DNS query.

Abstract: Systems and methods for sloppy routing are provided. A client transmits a DNS query corresponding to a requested resource to a content delivery network (CDN) service provider. In some embodiments, the CDN service provider processes the DNS query to determine whether a threshold content delivery bandwidth has been exceeded by data links at cache servers. In other embodiments, additionally or alternatively, the CDN service provider determines whether a content provider has exceeded a threshold network usage that indicates a price at which the CDN service provider to provide content on behalf of the content provider. Using both or either of these thresholds, the CDN service provider can further process the DNS query by providing an alternative resource identifier or a cache IP address, both associated with an alternative POP. In some embodiments, the CDN service provider determines a routing mode for the response to the DNS query.

Abstract: A system, method, and computer-readable medium for point of presence (POP) based traffic surge detection and mitigation are provided. The system detects a traffic surge for a target group of resources directed at a source POP based on the target group's rank shifts and volume changes among recent time intervals. The system mitigates the detected traffic surge by identifying destination POPs with spare capacity and routing at least a portion of incoming requests for the target group of resources to the destination POPs in accordance with their spare capacities.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: A system, method, and computer-readable medium for point of presence (POP) based traffic surge detection and mitigation are provided. The system detects a traffic surge for a target group of resources directed at a source POP based on the target group's rank shifts and volume changes among recent time intervals. The system mitigates the detected traffic surge by identifying destination POPs with spare capacity and routing at least a portion of incoming requests for the target group of resources to the destination POPs in accordance with their spare capacities.

Abstract: A system, method, and computer-readable medium for point of presence (POP) based traffic surge detection and mitigation are provided. The system detects a traffic surge for a target group of resources directed at a source POP based on the target group's rank shifts and volume changes among recent time intervals. The system mitigates the detected traffic surge by identifying destination POPs with spare capacity and routing at least a portion of incoming requests for the target group of resources to the destination POPs in accordance with their spare capacities.

Abstract: A system, method, and computer-readable medium for point of presence (POP) based traffic surge detection and mitigation are provided. The system detects a traffic surge for a target group of resources directed at a source POP based on the target group's rank shifts and volume changes among recent time intervals. The system mitigates the detected traffic surge by identifying destination POPs with spare capacity and routing at least a portion of incoming requests for the target group of resources to the destination POPs in accordance with their spare capacities.