Abstract: Metadata indicating that an action implementation node and a routing decision master node have been assigned to a virtual traffic hub programmatically associated with one or more isolated networks is stored. The routing decision master node determines a first action to be implemented for packets of a network flow using state information of the isolated networks, and provides a representation of a first action to the first action implementation node. Based on performing the first action at the action implementation node, contents of a data packet received from one isolated network are transmitted to another isolated network.

Abstract: An isolated packet processing cell of a packet processing service, comprising an action implementation node and a decision master node, is assigned to an application. An indication of processing rules of the application is transmitted to the decision master node. In response to receiving a particular packet, the action implementation node obtains a representation of an action (which is based on the processing rules) from the decision master node and executes the action.

Abstract: Network pathways are identified to transfer packets between a pair of regional virtual traffic hubs of a provider network. At a first hub of the pair, a first action is performed, resulting in a transmission of a packet received from a first isolated network to the second hub along a pathway selected using dynamic routing parameters. At the second hub, a second action is performed, resulting in the transmission of the packet to a destination within a second isolated network.

Abstract: At an action implementation layer of a virtual traffic hub, a packet is obtained from a first isolated network. A first action, generated at a decision making layer of the hub based on a first route table of the hub, is performed, resulting in transmission of at least one network packet to a first destination. In response to a second packet, obtained at the action implementation layer from a source outside the first isolated network, a second action is performed, resulting in transmission of at least one packet to a second destination. The second action is generated based on a second route table of the hub.

Abstract: Configuration operations to enable connectivity, using a virtual traffic hub, between a plurality of isolated networks including a first isolated network with a first private address range, are initiated. The hub includes a plurality of nodes including a decision master node responsible for determining routing actions for packets received at the hub. At the decision master node, a translation mapping is obtained for a second private address range of a second isolated network, which overlaps with the first private address range. At a particular node of the hub, using the mapping, a header of a network packet received from the second isolated network and directed to a destination outside the second isolated network is modified.

Abstract: At an action implementation layer of a virtual traffic hub, a packet is obtained from a first isolated network. A first action, generated at a decision making layer of the hub based on a first route table of the hub, is performed, resulting in transmission of at least one network packet to a first destination. In response to a second packet, obtained at the action implementation layer from a source outside the first isolated network, a second action is performed, resulting in transmission of at least one packet to a second destination. The second action is generated based on a second route table of the hub.

Abstract: Network pathways are identified to transfer packets between a pair of regional virtual traffic hubs of a provider network. At a first hub of the pair, a first action is performed, resulting in a transmission of a packet received from a first isolated network to the second hub along a pathway selected using dynamic routing parameters. At the second hub, a second action is performed, resulting in the transmission of the packet to a destination within a second isolated network.

Abstract: Packets of a network flow are received at a virtual traffic hub, which includes an action implementation layer at which routing actions generated at a decisions layer are performed. One or more properties of one or more packets of the flow are analyzed at the virtual traffic hub. An indication of an anomaly of the flow, detected based at least in part on the analysis, is provided to one or more destinations.

Abstract: Metadata indicating that an action implementation node and a routing decision master node have been assigned to a virtual traffic hub programmatically associated with one or more isolated networks is stored. The routing decision master node determines a first action to be implemented for packets of a network flow using state information of the isolated networks, and provides a representation of a first action to the first action implementation node. Based on performing the first action at the action implementation node, contents of a data packet received from one isolated network are transmitted to another isolated network.

Abstract: Metadata indicating that a virtual traffic hub enabling connectivity between a plurality of isolated networks has been established is stored. A determination is made that a first entry of a first isolated network attached to the hub is to be represented in a second routing table of a second isolated network attached to the hub, e.g., to enable network packets originating at resources of the second isolated network to be transmitted via the hub to the first isolated network. A new entry corresponding to the first entry is included in the second routing table.

Abstract: An isolated packet processing cell of a packet processing service, comprising an action implementation node and a decision master node, is assigned to an application. An indication of processing rules of the application is transmitted to the decision master node. In response to receiving a particular packet, the action implementation node obtains a representation of an action (which is based on the processing rules) from the decision master node and executes the action.

Abstract: Configuration operations to enable connectivity, using a virtual traffic hub, between a plurality of isolated networks including a first isolated network with a first private address range, are initiated. The hub includes a plurality of nodes including a decision master node responsible for determining routing actions for packets received at the hub. At the decision master node, a translation mapping is obtained for a second private address range of a second isolated network, which overlaps with the first private address range. At a particular node of the hub, using the mapping, a header of a network packet received from the second isolated network and directed to a destination outside the second isolated network is modified.

Abstract: Connectivity is enabled between a first and second isolated network using a virtual traffic hub that includes a decision master node responsible for determining a routing action for a packet received at the hub. At the hub, a determination is made that a particular domain name system (DNS) message being directed to a first resource in the first isolated network is to include an indication of a second resource in the second isolated network. The second resource is assigned a network address within a private address range of the second isolated network, which overlaps with a private address range being used in the first isolated network. The hub causes a transformed version of the network address to be included in the DNS message delivered to the first resource.

Abstract: The embodiments herein allow importation of a disk image (real or virtual) into a compute service environment. Any imported disk image can be reconfigured into a geometry compatible with the compute service environment into which it is imported. The reconfiguration can be accomplished through modifying the C, H, and S address values in the master boot record in order to match the virtualized disk environment.

Abstract: A first network packet directed from one VPN endpoint to a second VPN endpoint is received at an intermediary network processing component. Metadata indicating that the first network packet is a candidate for monitoring is stored. In response to determining that a second packet received at the intermediary comprises an acknowledgement to the first packet, a traffic quality metric is stored at a location accessible to a VPN traffic analyzer. The VPN traffic analyzer responses to a traffic quality query using the metrics collected at the intermediary.

Abstract: Techniques and solutions for performing packet duplication in a packet-switched network are described. For example, duplicates of a network packet can be created and sent to a destination via different network paths. Packet duplication can be performed by a computer that is creating and sending network packets. Packet duplication can also be performed by another type of computing device such as a router that receives network packets and creates duplicates that are then sent to the destination via different network paths. Network packets can be encapsulated using encapsulation packets that include network path indicators that indicate use of different network paths. Multiple copies of a network packet can be received and processed.

Abstract: Techniques and solutions for performing packet duplication in a packet-switched network are described. For example, duplicates of a network packet can be created and sent to a destination via different network paths. Packet duplication can be performed by a computer that is creating and sending network packets. Packet duplication can also be performed by another type of computing device such as a router that receives network packets and creates duplicates that are then sent to the destination via different network paths. Network packets can be encapsulated using encapsulation packets that include network path indicators that indicate use of different network paths. Multiple copies of a network packet can be received and processed.

Abstract: Methods and apparatus for efficient priority queues using single-index tables are disclosed. In response to a request to generate an instance of a priority queue using a database that permits no more than one index per table, an identifier-indexed table and a priority-indexed table are set up. In response to a request to insert a queue entry with a given identifier and a given priority, one tuple is inserted into each table. In response to a request to remove an entry with a specified identifier, a tuple with the specified identifier is removed from the identifier-indexed table, while the removal of the corresponding tuple from the priority-indexed table may be deferred.