Abstract: When one actor or network within a broader system of networks is announcing numerous routes or otherwise performing “poorly,” the neighboring networks can suffer because of the strain that the poorly performing network puts on resources. Typically, in order to counteract the effects of a poorly performing neighboring network, a router may simply stop accepting changes or stop accepting packets from the poorly performing neighbor. Some network participants may only temporarily be acting poorly and straining its neighbors' resources, however. Therefore, in some of the embodiments, a reputation score or level for a network participant may be determined based on its actions over time. This reputation may be used to determine whether, when, and how to act on the network request from the participant.

Abstract: Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network, including for communications involving computing nodes of the managed virtual computer network that use an alternative addressing scheme to direct network packets and other network communications to intended destination locations by using textual network node monikers instead of numeric IP addresses to represent computing nodes at a layer 3 or “network layer” of a corresponding computer networking stack in use by the computing nodes. The techniques are provided without modifying or configuring the network devices of the substrate computer network, by using configured modules to manage and modify communications from the logical edge of the substrate network.

Abstract: Systems, methods, and computer-readable media for network routing metering are disclosed. In some embodiments, various changes to the routes, and other actions requested by a computer system, physical or virtual, can be metered. Those actions may be performed and later rated in order to determine what amount, if any, to charge an account associated with the requesting network participant system. The network participant system can be billed based on the activities performed on its behalf. Therefore, even if a network is performing poorly and requires more resources that would normally be allowed by a neighboring router, if the network owner pays to have these requests performed, then the embodiments herein can allocate more resources to supporting the network's rapidly changing network.

Abstract: In response to a request to duplicate a network, the network is duplicated. The duplicate network includes one or more virtual devices that correspond to one or more devices in the network being duplicated. The devices of the duplicate network are communicatively arranged in a manner consistent with a topology of the network being duplicated. Once the duplicate network is created, access to the duplicate network is provided.

Abstract: Various aspects of a data volume or other shared resource are determined and updated dynamically for purposes such as to provide guaranteed qualities of service. For example, the number of partitions in a data volume and/or the way in which data is stored across those partitions can be updated dynamically without significantly impacting the customer using the volume. The data stored to the volume can be striped or otherwise distributed across a number of logical areas, which then can be distributed across the partitions. Separate mappings can be used for the data in each logical area, and the logical areas in each partition, such that when moving a logical area only a single mapping has to be updated, regardless of the amount of data in that logical area. Further, logical areas can be moved between partitions without the need to repartition or redistributed the data in the data volume.

Abstract: Patterns of access and/or behavior can be analyzed and persisted for use in pre-fetching data from a physical storage device. In at least some embodiments, data can be aggregated across volumes, instances, users, applications, or other such entities, and that data can be analyzed to attempt to determine patterns for any of those entities. The patterns and/or analysis can be persisted such that the information is not lost in the event of a reboot or other such occurrence. Further, aspects such as load and availability across the network can be analyzed to determine where to send and/or store data that is pre-fetched from disk or other such storage in order to reduce latency while preventing bottlenecks or other such issues with resource availability.

Abstract: Usage of shared resources can be managed by enabling users to obtain different types of guarantees at different times for various types and/or levels of resource capacity. A user can select to have an amount or rate of capacity dedicated to that user. A user can also select reserved capacity for at least a portion of the requests, tasks, or program execution for that user, where the user has priority to that capacity but other users can utilize the excess capacity during other periods. Users can alternatively specify to use the excess capacity or other variable, non-guaranteed capacity. The capacity can be for any appropriate functional aspect of a resource, such as computational capacity, throughput, latency, bandwidth, and storage. Users can submit bids for various types and combinations of excess capacity, and winning bids can receive dedicated use of the excess capacity for at least a period of time.

Abstract: A set of virtualized computing services may include multiple types of virtualized data store differentiated by characteristics such as latency, throughput, durability and cost. A sequence of captures of a data set from one data store to another may be scheduled to achieve a variety of virtualized computing service user and provider goals such as lowering a probability of data loss, lowering costs, and computing resource load leveling. Data set captures may be scheduled according to policies specifying fixed and flexible schedules and conditions including flexible scheduling windows, target capture frequencies, probability of loss targets and/or cost targets. Capture lifetimes may also be managed with capture retention policies, which may specify fixed and flexible lifetimes and conditions including cost targets. Such data set capture policies may be specified with a Web-based administrative interface to a control plane of the virtualized computing services.

Abstract: The effects on networking systems of attacks on vulnerabilities, such as vulnerable modules in a webserver, SYN flooding, etc, can be devastating to a network environment. In various embodiments, a first, quick, or inexpensive analysis is performed on incoming network flows. If an intrusion issue or other problem is suspected based on the first, rapid, or an inexpensive analysis, then the flow can be flagged for redirection to another process, virtual machine, or physical computer module that will perform a deeper, more expensive analysis on the network flow. If there are no issues detected in the second, deeper analysis, then the network flow can be forwarded to its intended recipient. If an issue is detected in the second, deeper analysis, then the network flow can be throttled, quarantined, ignored, sent to an un-trusted portion of the system, sent for more analysis, or otherwise handled or flagged.

Abstract: Various aspects of a data volume or other shared resource are determined and updated dynamically for purposes such as to provide guaranteed qualities of service. For example, the number of partitions in a data volume and/or the way in which data is stored across those partitions can be updated dynamically without significantly impacting the customer using the volume. The data stored to the volume can be striped or otherwise distributed across a number of logical areas, which then can be distributed across the partitions. Separate mappings can be used for the data in each logical area, and the logical areas in each partition, such that when moving a logical area only a single mapping has to be updated, regardless of the amount of data in that logical area. Further, logical areas can be moved between partitions without the need to repartition or redistributed the data in the data volume.

Abstract: Input and output (I/O) operations performed by a data storage device are managed dynamically to balance aspects such as throughput and latency. Sequential read and write requests are sent to a data storage device whereby the corresponding operations are performed without time delay due to extra disk revolutions. In order to minimize latency, particularly for read operations, random read and write requests are held in a queue upstream of an I/O controller of the data storage device until the buffer of the data storage device is empty. The queued requests can be reordered when a higher priority request is received, improving the overall latency for specific requests. An I/O scheduler of a data server is still able to use any appropriate algorithm to order I/O requests, such as by prioritizing reads over writes as long as the writes do not back up in the I/O queue beyond a certain threshold.

Abstract: A system, method and computer-readable medium for the determination of a transit route by a computing system distinct from a router are provided. By pre-determining routes for content within a routing environment, routers on the network forward communications according to the pre-determined route. Specifically, by distributing at least some of the route calculations functionality and/or routing entries storage/maintenance from router components (e.g., edge routers), the processing and memory requirements of such router components within the routing environment can be reduced. In one aspect, the distribution of at least a portion of the routing calculation function and routing entry storage/maintenance within a routing environment facilitates the use of lower-capability, cheaper commodity-based routers.

Abstract: Techniques, including systems and methods, for capturing data sets include performing a client-side two-phase commit to ensure one or more data consistency conditions. A logical volume may represent a data set that is distributed among a plurality of physical storage devices. One or more client devices are instructed to block at least acknowledgment of write operations. When the one or more client devices have blocked at least acknowledgment of write operations, one or more servers in communication with the physical storage devices are instructed to capture corresponding portions of the data set. When the servers have been instructed to capture corresponding portions of the data set, the client devices are instructed to resume at least acknowledgment of write operations.

Abstract: With the advent of virtualization technologies, networks and routing for those networks can now be simulated using commodity hardware rather than actual routers. For example, virtualization technologies such as those provided by VMWare, XEN, or User-Mode Linux can be adapted to allow a single physical computing machine to be shared among multiple virtual networks by providing each virtual network user with one or more virtual machines hosted by the single physical computing machine, with each such virtual machine being a software simulation acting as a distinct logical computing system that provides users with the illusion that they are the sole operators and administrators of a given hardware computing resource. In addition, routing can be accomplished through software, providing additional routing flexibility to the virtual network in comparison with traditional routing. As a result, in some implementations, supplemental information other than packet information can be used to determine network routing.

Abstract: With the advent of virtualization technologies, networks and routing for those networks can now be simulated using commodity hardware rather than actual routers. For example, virtualization technologies such as those provided by VMWare, XEN, or User-Mode Linux can be adapted to allow a single physical computing machine to be shared among multiple virtual networks by providing each virtual network user with one or more virtual machines hosted by the single physical computing machine, with each such virtual machine being a software simulation acting as a distinct logical computing system that provides users with the illusion that they are the sole operators and administrators of a given hardware computing resource. In addition, routing can be accomplished through software, providing additional routing flexibility to the virtual network in comparison with traditional routing. As a result, in some implementations, supplemental information other than packet information can be used to determine network routing.

Abstract: Disclosed are various embodiments for replication of machine instances in a computing environment. A clone machine instance is instantiated from a machine image associated with an original machine instance. A stored execution state of the original machine instance is applied to the clone machine instance. At least a portion of a series of stored events received by the original machine instance is applied to the clone machine instance.

Abstract: With the advent of virtualization technologies, networks and routing for those networks can now be simulated using commodity hardware rather than actual routers. For example, virtualization technologies such as those provided by VMWare, XEN, or User-Mode Linux can be adapted to allow a single physical computing machine to be shared among multiple virtual networks by providing each virtual network user with one or more virtual machines hosted by the single physical computing machine, with each such virtual machine being a software simulation acting as a distinct logical computing system that provides users with the illusion that they are the sole operators and administrators of a given hardware computing resource. In addition, routing can be accomplished through software, providing additional routing flexibility to the virtual network in comparison with traditional routing. As a result, in some implementations, supplemental information other than packet information can be used to determine network routing.

Abstract: Input and output (I/O) operations performed by a data storage device are managed dynamically to balance aspects such as throughput and latency. Sequential read and write requests are sent to a data storage device whereby the corresponding operations are performed without time delay due to extra disk revolutions. In order to minimize latency, particularly for read operations, random read and write requests are held in a queue upstream of an I/O controller of the data storage device until the buffer of the data storage device is empty. The queued requests can be reordered when a higher priority request is received, improving the overall latency for specific requests. An I/O scheduler of a data server is still able to use any appropriate algorithm to order I/O requests, such as by prioritizing reads over writes as long as the writes do not back up in the I/O queue beyond a certain threshold.

Abstract: A group of computers is configured to implement a block storage service. The block storage service includes a block-level storage for storing data from a set of distinct computing instances for a set of distinct users. An interface is configured to allow the set of distinct users to specify respective destinations for storing backup copies of respective data stored in the block-level storage for the distinct users. At least some of the respective destinations are for different storage systems remote from one another. A backup copy function is provided for creating backup copies of data stored in the block-level storage by the set of distinct computing instances for the set of distinct users. The backup copies are stored in different destination locations specified by respective ones of the plurality of distinct users via the interface.

Abstract: Techniques are described for managing access of executing programs to non-local block data storage. In some situations, a block data storage service uses multiple server storage systems to reliably store network-accessible block data storage volumes that may be used by programs executing on other physical computing systems. A group of multiple server block data storage systems that store block data volumes may in some situations be co-located at a data center, and programs that use volumes stored there may execute on other physical computing systems at that data center. If a program using a volume becomes unavailable, another program (e.g., another copy of the same program) may in some situations obtain access to and continue to use the same volume, such as in an automatic manner in some such situations.