Patents by Inventor Richard H. GALLIHER
Richard H. GALLIHER has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230188598Abstract: Techniques are described that enable users to configure the mirroring of network traffic sent to or received by computing resources associated with a virtual network of computing resources at a service provider network. The mirrored network traffic can be used for many different purposes including, for example, network traffic content inspection, forensic and threat analysis, network troubleshooting, data loss prevention, and the like. Users can configure such network traffic mirroring without the need to manually install and manage network capture agents or other such processes on each computing resource for which network traffic mirroring is desired. Users can cause mirrored network traffic to be stored at a storage service in the form of packet capture (or “pcap”) files, which can be used by any number of available out-of-band security and monitoring appliances including other user-specific monitoring tools and/or other services of the service provider network.Type: ApplicationFiled: January 30, 2023Publication date: June 15, 2023Applicant: Amazon Technologies, Inc.Inventors: Anoop DAWANI, Nishant MEHTA, Richard H. GALLIHER, Lee Spencer DILLARD, Joseph Elmar MAGERRAMOV
-
Patent number: 11659058Abstract: A first service of a provider network obtains an identification of one or more substrate addressable devices included in an extension of the provider network. Based on the identification, a launch of one or more compute instances within the provider network is initiated. The one or more compute instances are to connect the provider network to the extension of the provider network across at least a third-party network by receiving a first control plane message directed to a first substrate addressable device of the one or more substrate addressable devices, by updating a message state data store based at least in part on the first control plane message, and by sending a second control plane message to the first substrate addressable device via a secure tunnel.Type: GrantFiled: June 28, 2019Date of Patent: May 23, 2023Assignee: Amazon Technologies, Inc.Inventors: Anthony Nicholas Liguori, Eric Samuel Stone, Richard H. Galliher, David James Goodell, Patrick John Lawrence, Yang Lin, William Ashley, Steven Anthony Kady
-
Patent number: 11595113Abstract: Satellites provide communication between devices such as user terminals (UTs) and ground stations that are connected to points-of-presence (PoP) connected to other networks, such as the Internet. The PoP accepts downstream data addressed to the UT. A representation of the communication resources that are expected to be used to pass the downstream data from the PoP to the UT is determined and executed on one or more processors. The representations may include representations of traffic shapers, modems, and so forth at different points in the network. The representations may consider real-world and simulated feedback data. Within the representation, traffic shaping is employed to determine preshaped data that includes resource metadata designating the communication resources to be used. The preshaped data is passed along to the actual communication resources for subsequent delivery. The preshaping substantially improves performance of constrained communication resources.Type: GrantFiled: September 1, 2020Date of Patent: February 28, 2023Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Andrew B. Dickinson, Daniel T. Cohn, Richard H. Galliher
-
Patent number: 11570244Abstract: Techniques are described that enable users to configure the mirroring of network traffic sent to or received by computing resources associated with a virtual network of computing resources at a service provider network. The mirrored network traffic can be used for many different purposes including, for example, network traffic content inspection, forensic and threat analysis, network troubleshooting, data loss prevention, and the like. Users can configure such network traffic mirroring without the need to manually install and manage network capture agents or other such processes on each computing resource for which network traffic mirroring is desired. Users can cause mirrored network traffic to be stored at a storage service in the form of packet capture (or “pcap”) files, which can be used by any number of available out-of-band security and monitoring appliances including other user-specific monitoring tools and/or other services of the service provider network.Type: GrantFiled: December 11, 2018Date of Patent: January 31, 2023Assignee: Amazon Technologies, Inc.Inventors: Anoop Dawani, Nishant Mehta, Richard H. Galliher, Lee Spencer Dillard, Joseph Elmar Magerramov
-
Patent number: 11516050Abstract: Technologies are disclosed for monitoring network traffic using traffic mirroring. According to some examples, traffic mirroring allows customers to monitor traffic at different sources within a VPC. For example, a source may be any Elastic Network Interface (ENI) in their VPC, including elastic network interfaces (ENIs) on virtual machine instances, Network Address Translation (NAT) Gateways, Load Balancers, VPC endpoints, Internal Gateways, Transit Gateways, and more. Filters can be utilized to determine the network traffic to mirror. A customer may also configure to monitor real-time traffic with a monitoring appliance of their choice. With traffic mirroring, data traffic may be identified and sent to one or more target devices. Customers may monitor traffic within a VPC for content inspection, forensic analysis, troubleshooting, record keeping, and the like.Type: GrantFiled: September 23, 2019Date of Patent: November 29, 2022Assignee: Amazon Technologies, Inc.Inventors: Anoop Dawani, Joseph Elmar Magerramov, Zachary Brandes, Apoorv Mittal, Bharadwaj Avva, Ryan James Schaefer, Kiran Venkat Sayeeram Karpurapu, Ajay Jha, Steven Bruce Richards, Richard H Galliher
-
Patent number: 11411771Abstract: Techniques for networking in provider network substrate extensions are described. A compute instance of an isolated virtual network is hosted by an extension of a provider network that is in communication with the provider network via a secure tunnel through a customer network. A request to establish communications between the isolated virtual network and the customer network is received at an interface to the provider network. A message to cause a gateway of the extension to route traffic between the isolated virtual network and the customer network is sent via the secure tunnel.Type: GrantFiled: June 28, 2019Date of Patent: August 9, 2022Assignee: Amazon Technologies, Inc.Inventors: Anoop Dawani, Joseph Elmar Magerramov, David James Goodell, Richard H. Galliher
-
Patent number: 11374789Abstract: A first message of a first type and having a first destination address is received in a provider network. The first destination address is associated with a virtual network address of the provider network and an address of a first device in an extension of the provider network, the extension of the provider network in communication with the provider network via at least a third-party network. A message state data store is updated based on at least a portion of the first message. A first payload of the first message is sent to the first device a first secure tunnel through the third-party network.Type: GrantFiled: June 28, 2019Date of Patent: June 28, 2022Assignee: Amazon Technologies, Inc.Inventors: Anthony Nicholas Liguori, Eric Samuel Stone, Richard H. Galliher, David James Goodell, Patrick John Lawrence, Yang Lin, William Ashley, Steven Anthony Kady
-
Patent number: 11303553Abstract: A reverse network tracing mechanism is described. In an embodiment, a network information request is received that is addressed to a predetermined destination. It is determined that the network information request has an expired timer and a message is returned indicating that a return network path routing procedure has been initiated. After determining that the network information request has an unexpired timer, contents of the network information request are modified to enable identification of at least a portion of the return path from the predetermined destination to a source address of the network information request.Type: GrantFiled: October 11, 2018Date of Patent: April 12, 2022Assignee: Amazon Technologies, Inc.Inventors: Jeremy R. Volkman, Richard H. Galliher, III, Thomas Bradley Scholl
-
Patent number: 10892984Abstract: Techniques for routing media streams in a provider network are described. A media routing service is disclosed that comprises one or more virtual media routers for routing media streams from one or more media sources to one or more downstream devices coupled to the provider network. The media routing service provides external entities (e.g., users) of the provider network with the ability to request for a virtual media router for routing media content and determines the appropriate set of computing resources necessary to provision and launch the virtual media router in the provider network. In certain embodiments, the media routing service processes routing commands generated by a client, generates routing information comprising source to destination mappings based on the routing commands, and securely distributes media content to identified downstream devices based on the routing information.Type: GrantFiled: June 27, 2019Date of Patent: January 12, 2021Assignee: Amazon Technologies, Inc.Inventors: Evan Statton, Michael Coleman, Alan Judge, Richard H. Galliher
-
Publication number: 20200412577Abstract: A first message of a first type and having a first destination address is received in a provider network. The first destination address is associated with a virtual network address of the provider network and an address of a first device in an extension of the provider network, the extension of the provider network in communication with the provider network via at least a third-party network. A message state data store is updated based on at least a portion of the first message. A first payload of the first message is sent to the first device a first secure tunnel through the third-party network.Type: ApplicationFiled: June 28, 2019Publication date: December 31, 2020Inventors: Anthony Nicholas LIGUORI, Eric Samuel STONE, Richard H. GALLIHER, David James GOODELL, Patrick John LAWRENCE, Yang LIN, William ASHLEY, Steven Anthony KADY
-
Publication number: 20200412824Abstract: A first service of a provider network obtains an identification of one or more substrate addressable devices included in an extension of the provider network. Based on the identification, a launch of one or more compute instances within the provider network is initiated. The one or more compute instances are to connect the provider network to the extension of the provider network across at least a third-party network by receiving a first control plane message directed to a first substrate addressable device of the one or more substrate addressable devices, by updating a message state data store based at least in part on the first control plane message, and by sending a second control plane message to the first substrate addressable device via a secure tunnel.Type: ApplicationFiled: June 28, 2019Publication date: December 31, 2020Inventors: Anthony Nicholas LIGUORI, Eric Samuel STONE, Richard H. GALLIHER, David James GOODELL, Patrick John LAWRENCE, Yang LIN, William ASHLEY, Steven Anthony KADY
-
Publication number: 20200403826Abstract: Technologies are disclosed for monitoring network traffic using traffic mirroring. According to some examples, traffic mirroring allows customers to monitor traffic at different sources within a VPC. For example, a source may be any Elastic Network Interface (ENI) in their VPC, including elastic network interfaces (ENIs) on virtual machine instances, Network Address Translation (NAT) Gateways, Load Balancers, VPC endpoints, Internal Gateways, Transit Gateways, and more. Filters can be utilized to determine the network traffic to mirror. A customer may also configure to monitor real-time traffic with a monitoring appliance of their choice. With traffic mirroring, data traffic may be identified and sent to one or more target devices. Customers may monitor traffic within a VPC for content inspection, forensic analysis, troubleshooting, record keeping, and the like.Type: ApplicationFiled: September 23, 2019Publication date: December 24, 2020Inventors: Anoop Dawani, Joseph Elmar Magerramov, Zachary Brandes, Apoorv Mittal, Bharadwaj Avva, Ryan James Schaefer, Kiran Venkat Sayeeram Karpurapu, Ajay Jha, Steven Bruce Richards, Richard H Galliher
-
Publication number: 20200186600Abstract: Techniques are described that enable users to configure the mirroring of network traffic sent to or received by computing resources associated with a virtual network of computing resources at a service provider network. The mirrored network traffic can be used for many different purposes including, for example, network traffic content inspection, forensic and threat analysis, network troubleshooting, data loss prevention, and the like. Users can configure such network traffic mirroring without the need to manually install and manage network capture agents or other such processes on each computing resource for which network traffic mirroring is desired. Users can cause mirrored network traffic to be stored at a storage service in the form of packet capture (or “pcap”) files, which can be used by any number of available out-of-band security and monitoring appliances including other user-specific monitoring tools and/or other services of the service provider network.Type: ApplicationFiled: December 11, 2018Publication date: June 11, 2020Inventors: Anoop DAWANI, Nishant MEHTA, Richard H. GALLIHER, Lee Spencer DILLARD, Joseph Elmar MAGERRAMOV
-
Patent number: 10243790Abstract: A dynamic configuration system can manage and configure switches or other network devices that come online in a network. When the dynamic configuration system determines that a network device has come online, the dynamic configuration system can identify the network device (e.g., based on its network location, neighbors, fingerprint, identifier, address or the like), select the appropriate configuration data for the network based on the desired network topology, and transmit the configuration data to the network device. The network device can then load the configuration data and function as a component of the desired network topology.Type: GrantFiled: August 12, 2016Date of Patent: March 26, 2019Assignee: Amazon Technologies, Inc.Inventors: Richard H. Galliher, III, Justin O. Pietsch, Frederick David Sinn, Mark N. Kelly, Colin J. Whittaker, Rachit Chawla, Richendra Khanna
-
Patent number: 10103962Abstract: A reverse network tracing mechanism is described. In an embodiment, a network information request is received that is addressed to a predetermined destination. It is determined that the network information request has an expired timer and a message is returned indicating that a return network path routing procedure has been initiated. After determining that the network information request has an unexpired timer, contents of the network information request are modified to enable identification of at least a portion of the return path from the predetermined destination to a source address of the network information request.Type: GrantFiled: April 20, 2016Date of Patent: October 16, 2018Assignee: Amazon Technologies, Inc.Inventors: Jeremy R. Volkman, Richard H. Galliher, III, Thomas Bradley Scholl
-
Publication number: 20160352569Abstract: A dynamic configuration system can manage and configure switches or other network devices that come online in a network. When the dynamic configuration system determines that a network device has come online, the dynamic configuration system can identify the network device (e.g., based on its network location, neighbors, fingerprint, identifier, address or the like), select the appropriate configuration data for the network based on the desired network topology, and transmit the configuration data to the network device. The network device can then load the configuration data and function as a component of the desired network topology.Type: ApplicationFiled: August 12, 2016Publication date: December 1, 2016Inventors: Richard H. Galliher, III, Justin O. Pietsch, Frederick David Sinn, Mark N. Kelly, Colin J. Whittaker, Rachit Chawla, Richendra Khanna
-
Patent number: 9419842Abstract: A dynamic configuration system can manage and configure switches or other network devices that come online in a network. When the dynamic configuration system determines that a network device has come online, the dynamic configuration system can identify the network device (e.g., based on its network location, neighbors, fingerprint, identifier, address or the like), select the appropriate configuration data for the network based on the desired network topology, and transmit the configuration data to the network device. The network device can then load the configuration data and function as a component of the desired network topology.Type: GrantFiled: October 4, 2011Date of Patent: August 16, 2016Assignee: Amazon Technologies, Inc.Inventors: Richard H. Galliher, III, Justin O. Pietsch, Frederick David Sinn, Mark N. Kelly, Colin J. Whittaker, Rachit Chawla, Richendra Khanna
-
Patent number: 9344320Abstract: A reverse network tracing mechanism is described. In an embodiment, a network information request is received that is addressed to a predetermined destination. It is determined that the network information request has an expired timer and a message is returned indicating that a return network path routing procedure has been initiated. After determining that the network information request has an unexpired timer, contents of the network information request are modified to enable identification of at least a portion of the return path from the predetermined destination to a source address of the network information request.Type: GrantFiled: October 18, 2012Date of Patent: May 17, 2016Assignee: Amazon Technologies, Inc.Inventors: Jeremy R. Volkman, Richard H. Galliher, III, Thomas Bradley Scholl