Many companies and other organizations operate computer networks that interconnect numerous computing systems to support their operations, such as with the computing systems being co-located (e.g., as part of a local network) or instead located in multiple distinct geographical locations (e.g., connected via one or more private or public intermediate networks). For example, data centers housing significant numbers of interconnected computing systems have become commonplace, such as private data centers that are operated by and on behalf of a single organization, and public data centers that are operated by entities as businesses to provide computing resources to customers. Some public data center operators provide network access, power, and secure installation facilities for hardware owned by various customers, while other public data center operators provide “full service” facilities that also include hardware resources made available for use by their customers.
The advent of virtualization technologies for commodity hardware has provided benefits with respect to managing large-scale computing resources for many customers with diverse needs, allowing various computing resources to be efficiently and securely shared by multiple customers. For example, virtualization technologies may allow a single physical virtualization host to be shared among multiple users by providing each user with one or more “guest” virtual machines hosted by the single virtualization host. Each such virtual machine may represent a software simulation acting as a distinct logical computing system that provides users with the illusion that they are the sole operators of a given hardware computing resource, while also providing application isolation and security among the various virtual machines. Instantiating several different virtual machines on the same host may also help increase the overall hardware utilization levels at a data center, leading to higher returns on investment. As demand for virtualization-based services at provider networks has grown, more and more networking and interconnectivity-related features, including support for multiple network addresses for a single virtual machine, may have to be added to meet the requirements of applications being implemented using the services.
While embodiments are described herein by way of example for several embodiments and illustrative drawings, those skilled in the art will recognize that embodiments are not limited to the embodiments or drawings described. It should be understood, that the drawings and detailed description thereto are not intended to limit embodiments to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope as defined by the appended claims. The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description or the claims. As used throughout this application, the word “may” is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words “include,” “including,” and “includes” mean including, but not limited to. When used in the claims, the term “or” is used as an inclusive or and not as an exclusive or. For example, the phrase “at least one of x, y, or z” means any one of x, y, and z, as well as any combination thereof. Unless otherwise explicitly stated, articles such as “a” or “an” should generally be interpreted to include one or more described items throughout this application. Accordingly, phrases such as “a device configured to” are intended to include one or more recited devices. Such one or more recited devices can also be collectively configured to carry out the stated recitations. For example, “a processor configured to carry out recitations A, B and C” can include a first processor configured to carry out recitation A working in conjunction with a second processor configured to carry out recitations B and C.
The present disclosure relates to methods and apparatus for the efficient propagation of routing information at a virtualized computing service of a cloud provider network at which individual compute instances may be assigned large numbers (e.g., millions) of network addresses of one or more address families. The disclosure also relates to methods and apparatus for enabling clients of the virtualized computing service to proactively reserve blocks (contiguous ranges) of network addresses for client-selected operation categories including such large-scale address assignments. Simple interfaces to manage network address ranges of Internet Protocol version 4 (IPv4) addresses and/or ranges of IP version 6 (IPv6) addresses, at the per-subnet level, as well as at the per-network-interface and per-compute instance level, are implemented. Routing information for directing network packets to a compute instance is distributed using a very small number of messages, even if the compute instance is assigned thousands or millions of addresses. Furthermore, the maximum number of lookups (within routing tables or other structures at edge routers and other networking infrastructure devices) that are required to forward such packets to the compute instance, e.g., is kept low, making routing much faster than in scenarios in which repeated lookups may be required to find the longest matching prefix for a destination address. Address range management techniques are tightly integrated with existing mechanisms for managing isolated virtual networks (IVNs) of the virtualized computing service (VCS)—for example, IVN network security rules (e.g., rules governing allowed types of incoming and outgoing traffic) can be specified at the granularity of address ranges if desired.
One or more IVNs can be set up on behalf of a client of the VCS, with each IVN comprising one or more compute instances (such as guest virtual machines run at hosts managed by the VCS) and/or other resources configured with addresses within one or blocks of addresses selected by the client for the IVN. The resources of an IVN are logically isolated from (and by default, inaccessible from) resources allocated for other clients in other IVNs. IVNs are also referred to a virtual private clouds. The client on whose behalf an IVN is established is granted substantial flexibility regarding network configuration for the resources of the IVN. For example, one or more subnets can be set up by the client within an IVN, each with a block of Internet Protocol version 4 (IPv4) addresses (and/or a block of IP version 6 (IPv6) addresses) selected by the client from within the IVN's range(s) of addresses. Within a given subnet, a given compute instance can be assigned individual IPv4 addresses, individual IPV6 addresses, ranges of IPV4 addresses, and/or ranges of IPV6 addresses chosen from the subnet's blocks of address ranges. The addresses or address ranges can be assigned to virtual network interfaces (VNIs), which are then programmatically attached or associated with compute instances or other resources. A given VNI can be programmatically detached from one compute instance and attached to another compute instance, thus transferring a set of networking properties between the instances without having to reconfigure hardware network interface cards (NICs) of the hosts at which the compute instances run. The attachment or detachment of a VNI to/from a compute instance can trigger the efficient propagation of routing information, with in some cases a single message being transmitted to inform a routing device how to forward packets whose destination addresses can be any of the thousands or millions of addresses assigned to the VNI. A given VNI, and hence the compute instance to which the VNI is programmatically attached, can have one or more ranges of IPV4 and IPV6 address assigned to it concurrently. As a result, packets of either address family can be routed from a given routing device to the same compute instance. Applications can seamlessly migrate from using IPv4 to using IPV6 without requiring routing information updates at the routing devices of the provider network.
As one skilled in the art will appreciate in light of this disclosure, certain embodiments may be capable of achieving various advantages, including some or all of the following: (a) improving the performance of applications involving high rates of network traffic directed to/from compute instances of a provider network, (b) reducing the amount of resources (e.g., including memory, storage, computing resources and network bandwidth) required at routing devices and/or (c) facilitating the migration of applications from IPv4 to IPV6, thus simplifying administration for applications that require large numbers of network addresses for a given application component. Applications in which numerous software containers requiring respective network addresses are launched within a given compute instance, as well as telecommunication applications in which a given virtualized network function implementation program communicates with thousands of end user devices represent examples of the kinds of applications which can benefit substantially from the proposed techniques.
According to some embodiments, a system may comprise a virtual network interface, a routing device, a compute instance to which the virtual network interface is programmatically attached, and one or more computing devices (such as control plane servers) which implement at least a portion of a virtualized computing service managing the compute instance. The virtualized computing service may assign, to the virtual network interface in response to one or more or programmatic requests received from a client, (a) a first range of network addresses of a first address family (e.g., IPv4) and (b) a second range of network addresses of a second address family (e.g., IPV6). A first routing information entry may be propagated to the routing device for routing packets to destination addresses within the first range, and a second routing information entry may be propagated to the routing device for routing packets to destination addresses within the second range in various embodiments. The propagated routing information entries may be stored at the routing device, e.g., as part of a set of tables or other data structures. Distinct routing information entries corresponding to each of the individual addresses of the first range and the second range may not be propagated to the routing device in at least some embodiments.
The compute instance (one example of a program execution environment) to which the virtual network interface is programmatically attached or associated may receive packets of both network families routed by the routing device in various embodiments. For example, one packet with a destination address within the first range may be routed by the routing device (a) using the first routing information entry and (b) without using a longest prefix matching (LPM) algorithm. The packet may be delivered to the compute instance after verifying that the packet satisfies a security setting, associated with the first range of network addresses, of an isolated virtual network within which the compute instance is configured in at least some embodiments. Similarly, a second packet with a destination address within the second range may be routed by the routing device (a) using the second routing information entry and also (b) without using a longest prefix matching (LPM) algorithm. The second packet may be delivered to the compute instance after verifying that the second packet satisfies a security setting, associated with the second range of network addresses, of the isolated virtual network. In at least some embodiments, respective (and in some cases different) security settings may be specified programmatically by a client for each of the address ranges (or individual addresses) assigned to a VNI or compute instance within a given isolated virtual network. Packets with other destination addresses within the first range may also be routed using the first routing information entry to the compute instance, and packets with other destinations within the second range may be routed using the second routing information entry to the compute instance. In one embodiment, after a range of addresses of a given address family is assigned to a virtual network interface at the request of a client, the client may, if desired, submit additional programmatic requests to make one or more addresses of the range accessible from the public Internet.
According to some embodiments, a client may submit a programmatic request to assign a range of network addresses (or multiple ranges) to a VNI or a compute instance without actually specifying the range(s)—instead, for example, a client may simply indicate the address family from which a range of addresses is to be assigned, and/or the total number of desired addresses. The VCS may select the address range(s) in such embodiments, e.g., based on the unused addresses (or reserved addresses) available at a subnet or an IVN in which the VNI is configured. Clients may specify the address ranges in the programmatic range assignment requests, i.e., without relying on the VCS to choose the ranges in various embodiments.
In some embodiments, clients may only be allowed to specify ranges of one or a few discrete sizes, expressed using respective CIDR (Classless Inter-Domain Routing) blocks or prefixes, for each address family. For example, in one embodiment, for IPV4, only address ranges expressed as/28 CIDR blocks may be permitted, while for IPV6, only address ranged expressed as/80 CIDR blocks may be permitted. In other embodiments, ranges of multiple sizes may be supported for one or more address families. Restricting the range sizes may help to make lookups of routing information more efficient in various embodiments, as the routing devices only have to search for routing information entries once for each range size if an exact match on a destination address fails.
When a routing device received a packet with a destination address that falls within an address range assigned to a VNI, in at least some embodiments the routing device may first try to find, within its collection of routing information for the address family indicated in the packet, a routing information entry for the full destination address. This operation may be referred to as an exact match lookup. If such an exact match entry is found, the exact match entry may be used to forward or route the packet towards its destination. If such an exact match entry is not found, in an embodiment in which only a single address range length is permitted, the routing device may perform a single prefix-based lookup in at least some embodiments. For example, in a scenario in which only/28 address ranges are permitted for IPV4, the routing device may mask the last four bits of the 32-bit IPv4 destination address to find the/28 prefix of the destination address, and then determine whether an entry for that/28 prefix is present in its collection of routing information. In various embodiments, before assigning a range of addresses to a VNI, a VCS may ensure that that range is assigned only once within the isolated virtual network (IVN) to which the VNI belongs, such that there is no overlap with another address range assignment within the IVN. As a result, in such embodiments, the maximum number of lookups that a routing device may have to perform for a given packet's destination address may be two: one exact-match lookup, and one prefix lookup. In embodiments in which address ranges of multiple sizes (e.g., /28 and/30 for IPV4) can be assigned, the upper bound on the total number of lookups may be based on the number of distinct sizes permitted.
In an embodiment in which a given compute instance is assigned (via an attached VNI) at least one IPv4 address and at least one IPv6 address and the corresponding routing information entries for both address families have been propagated to the appropriate routing devices, applications may detect that addresses of both address families are available, and initiate a transition from one address family to another if desired. For example, a notification packet formatted in accordance with one address family (such as IPv4) may be sent from an application component running at the compute instance to a peer application component running at some other execution environment (e.g., a non-virtualized server at a client premise external to the provider network). The notification packet may indicate that the compute instance is configured to receive IPV6 packets, and may provide the IPV6 address(es) assigned to the compute instance. Subsequently, the peer application component may send one or more IPV6 packets to the application component running at the compute instance. Since the IPV6 routing information has already been propagated, no additional routing information updates may be required to transmit the IPV6 packets instead of the IPv4 packets between the two application components in such embodiments.
In at least some embodiments, individual ones of the addresses of a range of addresses assigned to a VNI may in turn be utilized for respective software containers launched within a compute instance to which the VNI is attached. Thousands of containers, some lasting just a few seconds while others last for minutes or hours, may be launched at a single compute instance or execution environment over time, and respective unused addresses from an assigned range of (for example) IPV6 addresses may be chosen by a container management service for each such container.
According to at least one embodiment, compute instances optimized for implementing telecommunications or radio-based applications (such as private or public 5G (fifth generation) cellular network applications) may be launched at VCS-managed servers located at premises external to the provider network's data centers (e.g., at premises close to cells comprising telecommunication company antennas). Such compute instances may, for example, comprise programs that implement virtualized network functions (VNFs) of the corresponding telecommunication stack, such as functions for mobility management, subscriber tracking, session management and the like. A single compute instance comprising a VNF program may have to handle packets associated with tens of thousands of end-user mobile devices in some embodiments, for each of which a respective address of an address range assigned to a VNI attached to the compute instance may be selected. Contents of packets forwarded by routing devices to which range-based routing information entries have been propagated may be processed by the VNF programs in such embodiments.
In response to detection of a failure at a first execution environment to which a range of network addresses is assigned, a message may be propagated to a routing device in various embodiments, indicating that packets with destination addresses within range are to be routed to a second execution environment to which the applications of the first execution environment have been failed over. Respective messages indicating that packets directed to individual destination addresses within the range are to be routed to the second execution environment may not have to be propagated to the routing device, thereby speeding up failover operations.
According to some embodiments, a system may comprise one or more control plane servers implementing a virtualized computing service. The control plane servers may be configured to store, e.g., in response to receiving a reservation request, metadata indicating that a sub-range of a range of network addresses of a subnet established within an isolated virtual network (IVN) is reserved for fulfilling requests of at least a particular category of a set of request categories. Each such request category may comprise requests for a particular type of operation. The set of request categories may for example include (a) bulk address assignment (e.g., assignment of multiple contiguous addresses represented using a CIDR block) and (b) client-requested individual address assignment in some embodiments. In one embodiment, a client may use programmatic interfaces of the VCS to define a custom category of requests or operations for which one or more address sub-ranges are to be reserved. In at least some embodiments, a portion of the range of network addresses of the subnet may be kept un-reserved, e.g., to be used by default for requests of categories that do not belong to the set of request categories. Subnet address sub-ranges of one or more address families (e.g., IPv4, IPV6 etc.) may be reserved in various embodiments in response to client-submitted reservation requests.
The VCS (e.g., via its control plane servers) may reject an address assignment request in some embodiments if (a) assignment of a particular address of a reserved sub-range is required and (b) the address assignment request does not belong to the particular category for which the sub-range was reserved. Such as address assignment request may, for example, be received and rejected during a time interval in which the particular address is not in use within the isolated virtual network. In some cases, such an address assignment request may be received as a result of a submission, by a client, of a service request direct to a provider network service which requires the assignment of a network address, but does not specify the address. For example, a client of a provider network may in some cases request the execution of a task by a server-less dynamically-provisioned computing service which implements a functional programming methodology. In order to execute the task or function, or communicate its results, an IP address within a subnet of an IVN of the client may be needed, and such an address may in some implementations be chosen at random from among the addresses of the subnet. In such cases, which may be referred to as “auto-assignment” of addresses, the randomly-selected address may lie within a reserved sub-range, resulting in the rejection of the corresponding address assignment request.
In response to receiving an address assignment request which does belong to the particular category for which the reservation was made, one or more addresses of the sub-range may be assigned by the VCS in various embodiments. For example, a group of contiguous IPv4 addresses represented by a /28 CIDR block may be assigned by the VCS from among the reserved addresses of a subnet. In some cases in which such bulk address assignments are performed, the client may not necessarily specify the particular address range to be assigned; instead, for example, the client may simply indicate the size and address family of the to-be-assigned group of addresses, and/or a specific reservation from which the group of addresses should be selected. In some embodiments, a set of reserved addresses need not necessarily be utilized or assigned after the set is reserved; that is, if desired, a client may simply prevent the use of a particular range or group of addresses (for example, by the VCS or other services of the provider network) at least temporarily by reserving that range or group. At the time that a client submits a reservation request, the client may not be required to specify any particular request category or operation category for which the reserved addresses are to be used in one embodiment. In some embodiments, a client may submit a reservation request without specifying a request category, and then later submit another programmatic request indicating the request category or categories for which the reserved addresses can be used. In at least one embodiment, a client may modify the request category or categories for which an address range was reserved earlier.
According to one embodiment, one or more metrics associated with subnet address reservations may be presented to a VCS client on whose behalf the addresses were reserved. For example, a count of the number of in-use addresses of a reserved set of addresses may be provided, or a list of in-use reserved addresses may be provided with respect to various time periods. (e.g., which addresses of a reserved block were in use between 3:00 PM and 3:15 PM on a specified date).
Multiple sub-ranges of the addresses of the same subnet may be reserved in some embodiments, e.g., for different categories of operations or for the same categories. Reservations may be released or freed after they are created in at least one embodiment; as a result of such a release, addresses within the previously-reserved block may be assigned to requests for any category of operations.
In at least some embodiments, as indicated above, a VCS may be implemented as part of a cloud provider network. A cloud provider network (sometimes referred to simply as a “cloud”) refers to a pool of network-accessible computing resources (such as compute, storage, and networking resources, applications, and services), which may be virtualized or bare-metal. The cloud can provide convenient, on-demand network access to a shared pool of configurable computing resources that can be programmatically provisioned and released in response to customer commands. These resources can be dynamically provisioned and reconfigured to adjust to variable load. Cloud computing can thus be considered as both the applications delivered as services over a publicly accessible network (e.g., the Internet or a cellular communication network) and the hardware and software in cloud provider data centers that provide those services.
A cloud provider network can be formed as a number of regions, where a region is a separate geographical area in which the cloud provider clusters data centers. Such a region may also be referred to as a provider network-defined region, as its boundaries may not necessarily coincide with those of countries, states, etc. Each region can include two or more availability zones connected to one another via a private high speed network, for example a fiber communication connection. An availability zone (also known as an availability domain, or simply a “zone”) refers to an isolated failure domain including one or more data center facilities with separate power, separate networking, and separate cooling from those in another availability zone. A data center refers to a physical building or enclosure that houses and provides power and cooling to servers of the cloud provider network. Preferably, availability zones within a region are positioned far enough away from one other that the same natural disaster should not take more than one availability zone offline at the same time. Customers can connect to availability zones of the cloud provider network via a publicly accessible network (e.g., the Internet, a cellular communication network) by way of a transit center (TC). TCs can be considered as the primary backbone locations linking customers to the cloud provider network, and may be collocated at other network provider facilities (e.g., Internet service providers, telecommunications providers) and securely connected (e.g. via a VPN or direct connection) to the availability zones. Each region can operate two or more TCs for redundancy. Regions are connected to a global network connecting each region to at least one other region. The cloud provider network may deliver content from points of presence outside of, but networked with, these regions by way of edge locations and regional edge cache servers (points of presence, or PoPs). This compartmentalization and geographic distribution of computing hardware enables the cloud provider network to provide low-latency resource access to customers on a global scale with a high degree of fault tolerance and stability.
The cloud provider network may implement various computing resources or services, which may include a virtualized compute service (VCS) of the kind mentioned above, data processing service(s) (e.g., map reduce, data flow, and/or other large scale data processing techniques), data storage services (e.g., object storage services, block-based storage services, or data warehouse storage services), network function virtualization services or packet processing services, and/or any other type of network based services (which may include various other types of storage, processing, analysis, communication, event handling, visualization, and security services). The resources required to support the operations of such services (e.g., compute and storage resources) may be provisioned in an account associated with the cloud provider, in contrast to resources requested by users of the cloud provider network, which may be provisioned in user accounts.
Various network-accessible services may be implemented at one or more data centers of the provider network in different embodiments. Network-accessible computing services can include an elastic compute cloud service (referred to in various implementations as an elastic compute service, a virtual machines service, a computing cloud service, a compute engine, or a cloud compute service). This service may offer compute instances of the kind discussed above (also referred to as virtual machines, or simply “instances”) with varying computational and/or memory resources, which are managed by a compute virtualization service (referred to in various implementations as an elastic compute service, a virtual machines service, a computing cloud service, a compute engine, or a cloud compute service). In one embodiment, each of the virtual compute instances may correspond to one of several instance types or families. An instance type may be characterized by its hardware type, computational resources (e.g., number, type, and configuration of central processing units (CPUs or CPU cores), memory resources (e.g., capacity, type, and configuration of local memory), storage resources (e.g., capacity, type, and configuration of locally accessible storage), network resources (e.g., characteristics of its network interface and/or network capabilities), and/or other suitable descriptive characteristics (such as a “burstable” instance type that has a baseline performance guarantee and the ability to periodically burst above that baseline, or a non-burstable or dedicated instance type that is allotted and guaranteed a fixed quantity of resources). Each instance type can have a specific ratio of processing, local storage, memory, and networking resources, and different instance families may have differing types of these resources as well. Multiple sizes of these resource configurations can be available within a given instance type. Using instance type selection functionality, an instance type may be selected for a customer, e.g., based (at least in part) on input from the customer. For example, a customer may choose an instance type from a predefined set of instance types. As another example, a customer may specify the desired resources of an instance type and/or requirements of a workload that the instance will run, and the instance type selection functionality may select an instance type based on such a specification. A suitable host for the requested instance type can be selected based at least partly on factors such as collected network performance metrics, resource utilization levels at different available hosts, and so on.
The computing services of a provider network can also include a container orchestration and management service (referred to in various implementations as a container service, cloud container service, container engine, or container cloud service). A container represents a logical packaging of a software application that abstracts the application from the computing environment in which the application is executed. For example, a containerized version of a software application includes the software code and any dependencies used by the code such that the application can be executed consistently on any infrastructure hosting a suitable container engine (e.g., the Docker® or Kubernetes® container engine). Compared to virtual machines (VMs), which emulate an entire computer system, containers virtualize at the operating system level and thus typically represent a more lightweight package for running an application on a host computing system. Existing software applications can be “containerized” by packaging the software application in an appropriate manner and generating other artifacts (e.g., a container image, container file, or other configurations) used to enable the application to run in a container engine. A container engine can run on a virtual machine instance in some implementations, with the virtual machine instance selected based at least partly on the described network performance metrics. Other types of network-accessible services, such as packet processing services, database services, wide area networking (WAN) services and the like may also be implemented at the cloud provider network in some embodiments.
The traffic and operations of the cloud provider network may broadly be subdivided into two categories in various embodiments: control plane operations carried over a logical control plane and data plane operations carried over a logical data plane. While the data plane represents the movement of user data through the distributed computing system, the control plane represents the movement of control signals through the distributed computing system. The control plane generally includes one or more control plane components distributed across and implemented by one or more control servers. Control plane traffic generally includes administrative operations, such as system configuration and management (e.g., resource placement, hardware capacity management, diagnostic monitoring, or system state information). The data plane includes customer resources that are implemented on the cloud provider network (e.g., computing instances, containers, block storage volumes, databases, or file storage). Data plane traffic generally includes non-administrative operations such as transferring customer data to and from the customer resources. Certain control plane components (e.g., tier one control plane components such as the control plane for a virtualized computing service) are typically implemented on a separate set of servers from the data plane servers, while other control plane components (e.g., tier two control plane components such as analytics services) may share the virtualized servers with the data plane, and control plane traffic and data plane traffic may be sent over separate/distinct networks.
Control-plane components 105 of a VCS may include networking metadata distribution managers 106, automated address assignment managers 107, as well as address reservation managers 108 in some embodiments. Each of these components may be implemented using some combination of hardware and software at one or more computing devices. The control-plane of the VCS may also include several other types of components not shown in
Data-plane traffic may also flow between the client premise-networks and compute instances (CIs) set up within the VCS in the depicted embodiment, e.g., via virtual private network (VPN) connections and the like. A set of external traffic routing devices 134 (also referred to as edge routing devices) may be responsible for routing network packets between compute instances of the VCS and endpoints outside the VCS (including devices at other services of the provider network such as storage devices 152 of storage service 151, servers within the client-premise networks, etc.) in the depicted embodiment, Traffic between resources within the VCS (e.g., compute instances in different IVNs) may be routed by intra-VCS routing devices 132 in at least some embodiments.
In the scenario depicted in
In some embodiments, a network address or range of network addresses may be assigned to a CI by (a) attaching a VNI to which those addresses have been assigned earlier or (b) changing the addresses of a pre-attached VNI. Such assignments of addresses to a CI may in turn cause networking metadata distribution managers 106 to propagate routing information to one or more routing devices 130 (such as intra-VCS routing devices 132 and/or external traffic routing devices 134), so that inbound packets directed to the CI can be routed correctly. In at least some embodiments, while assignment of an address range may in effect assign hundreds, thousands or even millions of addresses to a given CI, only a single routing information entry may be propagated for the entire range to any given routing device. To determine the CI to which a given inbound packet is to be forwarded, a routing device 132 or 134 may have to perform at most two lookups in some embodiments in which assignment of only a single size of range is permitted per address family: one for an exact match with a destination address of a particular address family indicated in the packet, and a prefix-based lookup for the range. For example, if the IPv4 addresses which can be assigned to a given VNI or CI are restricted to /28 CIDR blocks, and an IPV4 packet with a destination address within a given IVN is received, the routing device may first attempt an exact match for the complete destination address within the routing information entries maintained at the routing device. If that lookup fails, the /28 prefix corresponding to the destination address may be computed, and a lookup for that prefix may be conducted. If an entry is also not found for the /28 prefix, the routing device may drop the packet in some embodiments, and/or notify a networking metadata distribution manager that a routing information entry for the packet could not be found in some embodiments. Algorithms like longest prefix matching (LPM), which in some cases may take numerous lookups for a single packet's routing information, may not be utilized at routing devices 130 in at least some embodiments, making routing more efficient.
If the exact match lookup succeeds or the prefix lookup succeeds, the packet may be forwarded to the compute instance to which the exact match address or the range address is assigned, as long as the packet satisfies security rules defined at the IVN for inbound packets in various embodiments. According to at least some embodiments, such security rules may be specified at various granularities by clients on whose behalf the IVN is set up. For example, different security rules may be defined for respective address ranges assigned to CIs within the IVN in some embodiments, and/or for individual addresses. In a scenario in which both an IPV4 address range R1 and an IPv6 address range R2 is assigned to the same VNI attached to a given CI, a routing information entry for R1 may be stored at a routing device and used to route IPv4 packets with a destination address within R1 to CI. A different routing information entry for R2 may be used by the same routing device to route IPv6 packets with a destination address within R2 to CI. Security rules applicable to the address range R1 may be enforced/applied for the IPv4 packets prior to delivery to verify that the delivery of the IPV4 packets is permitted in various embodiments. Similarly, security rules applicable to the address range R2 (which may differ from the IPV4 security rules) may be enforced for the IPV6 packets. In some embodiments, security rules (e.g., restrictions on the source addresses of packets which can be received, or restrictions on destination addresses of packets which can be sent) set up for the resources of an IVN may be applied at virtualization management components of the servers at which the CIs of the IVN are run. In other embodiments, at least some of the security rules may be enforced at the routing devices 130.
In some embodiments, individual addresses of a range of network addresses assigned to a given CI may be utilized for respective software containers launched at the CI. The address range may, for example, be provided to a container deployment manager 156 of the provider network's container management service 155, and the container deployment manager may choose the particular address to be used for a given container. In at least one embodiment, individual addresses of a range assigned to a given CI may be utilized for communicating with respective end-users by a program implementing virtualized network functions of a telecommunications or radio-based application, such as a 5G application or an Internet-of-things (IOT) application. Programs implementing such virtualized network functions may, for example, be run at compute instances set up by the VCS at premises external to the provider network 101, e.g., at a premise close to a cell tower or close to a set of IoT sensor devices. If and when an execution environment (such as a CI set up for running virtualized network functions) to which ranges of addresses are assigned fails, all of the addresses assigned may be quickly transferred to a replacement or failover execution environment in at least some embodiments, without requiring routing updates at a per-address granularity to be propagated to routing devices.
In some embodiments, the concurrent assignment of IPV4 and IPV6 address ranges to a single compute instance may facilitate a migration from IPv4 to IPV6 for an application which requires large numbers of addresses to be assigned to at least some application components. For example, a component Comp1 of an application running at a CI with both IpV4 and IPv6 addresses assigned may communicate initially with a peer application component Comp2 at a remote device using IPv4. A message indicating that IPV6 addresses are also usable for communication with Comp1 may be sent using IPv4 to Comp2. If Comp2 also has an IPV6 address, or some other remote component of the application has an IPV6 address, further communications with Comp1 may be implemented using IPv6 in some embodiments.
In at least some embodiments, some addresses of a given subnet within an IVN may be utilized to execute tasks for which requests have been received at a server-less dynamically provisioned computing service 157. Such a service may implement a functional programming model, in which clients indicate logic or functions to be executed on their behalf (without acquiring resources such as compute instances in advance), and the service chooses computing resources for executing the logic, causes the logic to be executed and provides the results of the logic to a destination indicated by the client. In at least one embodiment, the functions requested by a given client may be executed using resources within a corresponding IVN subnet, and addresses of that subnet may be chosen by task execution managers 158 of the server-less dynamically provisioned computing service in order to enable communication between programs implementing the functions and the destinations to which results are to be sent. The specific IP addresses used by the server-less computing service may, by default, be chosen at random from the currently-unused addresses of a subnet in some embodiments. Addresses may also be chosen from within a subnet's address block in some embodiments in which a client does not specify a particular address which is to be used for a given CI launched on the client's behalf. For example, an automated address assignment manager 107 of the VCS control plane may choose a randomly-selected unused address from a subnet for a CI for which a client does not indicate a desired address. The address block of a given subnet may become fragmented, with randomly selected addresses being used from its address block.
If a client wishes to use large blocks of contiguous addresses for one or more purposes, the client may utilize an address reservation mechanism implemented at the VCS in some embodiments. Such a client may utilize programmatic interfaces 177 to submit address reservation requests. A given reservation request may indicate a sub-range of a range of addresses of a subnet which is to be reserved for fulfilling requests or performing operations of at least one category indicated in the request in various embodiments. Such categories of requests or operations may, for example, include bulk address assignments (e.g., when the client requests a range of addresses to be assigned to a VNI), client-requested individual address assignments, and the like. In at least some embodiments, a client may use programmatic interfaces 177 to define custom categories of operations, and then designate that reserved address sub-ranges be restricted to operations of such a custom category. For example, a client may indicate that a custom category Cat1 of requests includes requests received from a specified range of users associated with the client account.
In response to receiving a reservation request and performing one or more verification tests, an address reservation manager 108 of the VCS may store metadata indicating the details of the reservation, e.g., in a repository maintained at the control plane of the VCS. In some embodiments, the verification tests may ensure that addresses of the sub-range are not currently in use (e.g., that none of the addresses is assigned to a currently-active CI) and are not currently reserved.
After the metadata of a reservation for a portion of a subnet's addresses is stored, the VCS may take the reservations into account when responding to subsequent requests that require addresses of the subnet to be assigned. For example, the VCS may reject an address assignment request in response to determining that (a) assignment of a particular address of a reserved sub-range of an IVN's subnet is requested and (b) the address assignment request does not belong to the particular category of operations or requests for which the sub-range was reserved. Such an address assignment request may be received and rejected by the VCS during a time interval in which the address is not in use within the IVN. In contrast, in response to an address assignment request which belongs to the category for which the sub-range was reserved, one or more addresses of the reserved sub-range may be assigned in various embodiments.
The amount of detail provided by a client when requesting assignment of a range of addresses to a VNI or a CI may vary in some embodiments. In some address range assignment requests, for example, a client may simply indicate the size of the range and the address family (e.g., that 16 addresses corresponding to a /28 block of IPV4 addresses are to be reserved, that 64 addresses corresponding to a /26 block of IPV4 addresses are to be reserved, or 2{circumflex over ( )}48 addresses corresponding to /80 block of IPV6 addresses be reserved), and the VCS may choose an unused range of the appropriate size for fulfilling the request. In other address range assignment requests, a client may specify the range. Similarly, in some address reservation requests, a client may simply specify the subnet, the sub-range size and the address family, and the VCS may choose the sub-range of the subnet's range of addresses to be reserved. Multiple address ranges of one or more address families may be assigned to a given VNI or CI in at least some embodiments. Similarly, in at least one embodiment, multiple sub-range address reservations may be made for a given subnet. Reservations of address sub-ranges may be freed in response to client requests in various embodiments, enabling addresses of the previously-reserved sub-ranges to be utilized for requests whose categories were not listed among the permitted request categories during the time that the sub-range was reserved.
In at least some embodiments a virtual network interface (VNI) may represent a collection of networking-related attributes that can be dynamically associated with or disassociated from compute instances or virtual machines via “attach” and “detach” operations respectively.
When a new VNI is created, e.g., in response to a programmatic request from a client of a VCS, a new interface identifier 201 may be generated for it in the depicted embodiment. In some implementations, a description/tags field 202 may be filled in by the client that requested the creation of the VNI, e.g., “Interface 554 for client group CG-X of file storage service”. As discussed earlier, a VCS within which the VNI is to be used may comprise a plurality of IVNs in some embodiments. The attributes 290 may contain an IVN identifier 203 (indicating an IVN within which the VNI is configured) in such embodiments.
Any of several types of network addressing-related fields may be included within the set of attributes of a VNI in different embodiments. One or more private IP addresses 205, or ranges of such addresses, may be specified in some embodiments, for example. Such private IP addresses, also referred to herein as non-public addresses, may be used internally for routing within the provider network, and may not be directly accessible from outside the provider network (or within other IVNs) by default in various embodiments. In some embodiments, at least some non-public IP addresses associated with a VNI may not be IP addresses; that is, addressed formatted according to a proprietary protocol of the provider network may be used, or addresses formatted according to a different public-domain protocol may be used. In general, zero or more public IP addresses 206 may also be associated with VNIs in some embodiments; these IP addresses may be visible outside the provider network, e.g., to various routing devices of the public Internet or peer networks of the provider network. Individual addresses and/or addresses ranges of the IPV4 address family, the IPV6 address family, or both address families may be assigned to a given VNI in various embodiments.
One or more subnet identifiers 225 may be included within attributes 290 in some embodiments, such as identifiers of subnets set up by a client within an IVN in which the VNI is to be used. In one embodiment an identification of a Domain Name Server (DNS) responsible for propagating address(es) associated with the VNI, or other DNS-related information 227, may be included in the attributes 290 as well.
In some embodiments the attributes 290 may include security-related properties 235. Some provider networks may allow users to specify rules, including for example firewall-related rules, for the types of incoming and/or outgoing traffic allowed at compute instances to which a VNI may be attached. Such rules may be termed “security groups” and identified via security group(s) fields 245. Security groups may be applied at any of several different granularities in some embodiments: e.g., to a VNI as a whole, to a given range of addresses of the VNI, or to individual addresses of a VNI. Various port and protocol restrictions may be enforced using security groups in some embodiments, and multiple rules may be associated with each VNI. For example, a client may use security groups to ensure that only HTTP and HTTPs outgoing or incoming traffic is allowed, to limit the set of TCP or UDP ports to which traffic is permitted, to filter incoming and outgoing traffic according to various policies, and so on.
In some implementations an attacher list 247 may be specified, indicating which users or entities are allowed to request attachments of the VNI to compute instances or other execution environments. In some cases a separate detacher list may be used to specify which entities can detach the VNI, while in other cases a single list such as attacher list 247 may be used to identify authorized attachers and detachers. The collection of users or entities that are allowed to set or modify IP addresses or address ranges (e.g., public IP addresses 206 and/or private IP addresses 205) of the VNI may be provided in IP address setter list 249, and the set of users or entities that own (or can modify various other fields of) the VNI may be specified in owner/modifier field 253 in some embodiments. For example, an owner/modifier identified in field 253 may be permitted to change the attacher list 247 or the IP address setter list in some implementations, thus changing the set of entities permitted to attach or detach the VNI or modify its IP address(es). While the term “list” has been used for fields 247, 249, and 253, logical data structures other than lists (such as arrays, hash tables, sets and the like) may be used to represent the groups of entities given various security privileges, roles and/or capabilities in various embodiments.
In some embodiments, users of the VCS of a provider network may be allowed to terminate execution environments, such as CIs to which VNIs can be attached, programmatically. For example, a client may set up CIs, attach VNIs to the CIs, run a desired set of computations on the CIs, and then issue a request to terminate the instances when the desired computations are complete. In such embodiments, a DeleteOnTerminate setting 251 may be used to specify what happens to attached VNIs when a CI is terminated. If DeleteOnTerminate is set to “true” for a VNI attached to the CI being terminated, the VNI may be deleted (e.g., a persistent record comprising attributes 290 for the VNI may be removed from the repository in which it was being stored). If DeleteOnTerminate is set to “false”, the VNI may be retained, so that for example it may be attached again to some other CI or other computing platforms. In one embodiment, when a VNI is attached to a CI, an attachment record separate from the VNI attributes 290 may be created to represent that relationship, and the DeleteOnTerminate property may be associated with the attachment record instead of or in addition to being associated with the VNI itself. In such an embodiment, the VNI's attributes 290 may include a reference or pointer to the attachment record or records for each of the attachments in which the VNI is currently involved, and different values of “DeleteOnTerminate” may be set for each attachment record.
The interface status field 268 may be used to indicate a current state of the VNI e.g., whether the VNI is “available”, “disabled”, or “in-repair”. Similarly, the attachment status field 269 may be used to indicate whether the VNI is currently attached, detached or in the process of being attached or detached in some embodiments. In one implementation, as described above, a record of an attachment may be created at the time the corresponding attachment operation is performed, and an identifier or identifiers of the current attachments of the VNI may be stored in attachment id field 271. Identifiers of the CIs to which the VNI is currently attached may be stored in attached-to instance field 273, and the user or entity that requested the attachment may be identified via attachment owner field 275 in some embodiments. In one embodiment, a list of identifiers of the physical network interface card (NIC) or NICs currently usable for traffic directed to/from the IP addresses of the VNI may be maintained, e.g., in the form of a MAC address(es) field 277. In some implementations, monitoring information 279, such as statistics about the amount of traffic flowing to or from the IP addresses of the VNI, may also be retained among attributes 290. In one embodiment, a reservation information field 280 may indicate whether an address assigned to a VNI is part of a reserved sub-range of a subnet. Other fields not shown in
In one embodiment, some of the fields shown in
Later, one or more requests to programmatically detach VNI 320 from CI 310A, and attach VNI 320 to CI 310B may be received from the client at the VCS. In response, the metadata stored at the VCS may be modified to indicate the dissociation of VNI 320 from CI 310A, and the association of VNI 320 with CI 310B in the depicted embodiment. These changes in turn may trigger routing information update distributions 350B (for the dissociation) and 350C (for the association) in at least some embodiments. Even though the range of IP addresses may contain millions of distinct addresses (e.g., 2{circumflex over ( )}48 addresses in the case of a /80 IPv6 prefix), only a single message per association/dissociation event may be propagated in at least some embodiments.
The total number and individual lifetimes of the containers 440 launched at CI 430 may vary substantially in some embodiments. In some cases, thousands of containers may be launched within the CI, e.g., to handle respective requests from end users of the application running at the CI. Some containers may only be needed for a few seconds, while other may run for hours. For example, containers 440A, 440B and 440C may be launched at some point in time, and containers 440D, 440E and 440F may be launched later. At some point thereafter, containers 440B and 440D may have terminated, and containers 440G, 440H and 440J may have been launched. The container networking manager 422 may keep track of which of the addresses are in use by currently-running containers, and re-use addresses of containers that have terminated execution if needed. Network packets directed to the containers 440 may be routed by routing devices in the depicted embodiment using the per-address-range routing information entries described above. The propagation of a single routing information entry for the entire range 432 may substantially simplify the management of networking for applications which require large numbers of containers to be executed in various embodiments.
Each compute instance 525 may in turn comprise one or more virtualized network function (VNF) implementation programs 528, such as VNF implementation programs 528A at CI 525A and VNF implementation programs 528B at CI 525B. A given VNF may, for example, include logic for subscriber session management, mobility management and the like of a telecommunication application serving large numbers of end-user devices 577 such as cell phones, IoT devices and the like. A given VNF implementation program may have to communicate with tens of thousands of end user devices at a time, e.g., via respective network tunnels set up for the individual end user devices. In the embodiment depicted in
In at least some embodiments, the telecommunication application processing servers (TAPS) used for executing CIs with VNF implementation programs may be configured by the provider network operator with the appropriate hardware (which may in some cases include custom hardware devices optimized for telecommunication applications), software and firmware and then shipped to the VESs. In some embodiments, at least some of the TAPS may be run at data centers of the provider network.
In response to programmatic requests from clients of the provider network, via network paths which do not include the TAPSs themselves, instance launch managers of the VCS (e.g., components of the resource managers 507) may launch one or more CIs at the TAPSs on behalf of the clients in the depicted embodiment. Connectivity between the TAPSs and resources and services of the provider network data centers 501, including control plane resources 541 and data plane resources such as resources within IVN 515, may be managed by a set of extension traffic intermediaries (ETIs) 578 in the depicted embodiment. ETIs 578, implemented using one or more computing devices, which may be kept logically (and/or physically) separated from the servers and devices of the VCS control plane, may be used to transmit administrative commands from the VCS control plane to the TAPSs using secure networking channels in various embodiments. ETIs 578 may be configured, e.g., by setting properties of virtual network interfaces appropriately, so as to ensure that administrative messages cannot be directed back to the VCS control plane from the VESs via the secure networking channels in various embodiments, thus preventing administrative operations that could affect other customers from being initiated at a VES.
At a high level, in various embodiments, VCS extension sites may be supported to provide secure data plane functionality of the VCS (e.g., the ability to instantiate compute instances identical to, or at least very similar to, those that can be set up within provider network data centers) at any location selected by a VCS customer that is capable of hosting at least a small amount of hardware equipment and has Internet connectivity. A number of techniques may be used to ensure that the quality of virtualized computing and other functionality that is provided at VESs (including aspects such as security, performance, availability, and the like) meets the standards of the VCS and the provider network in different embodiments. The provider network operator may, for example, ensure that TAPSs comprise a number of hardware, software and/or firmware elements that are especially designed to enable remotely generated virtualization-related administrative commands to be executed in a safe and secure manner, without for example requiring messages to be sent back to the sources (such as control plane resources 541) from which the command were originally issued. In some embodiments, such elements may include offloaded virtualization management components (OVMCs) that include trusted platform modules (TPMs) or other security modules, tamper-resistant storage devices whose contents can only be decrypted as long as the storage devices are physically attached to a particular TAPSs, a low-overhead virtualization management software stack, and so on. In at least some embodiments, a TAPS may comprise a VCS control plane agent that does not make outbound calls and implements an API for inbound commands that is protected using TLS (Transport Layer Security) sessions. Such an API may have strong authorization, authentication and accounting-related controls in various embodiments. In at least some embodiments, no shared secrets associated with virtualization management may be stored within a TAPS itself.
At a point in time corresponding to the left portion of
In order to take advantage of the far larger numbers of addresses available when IPV6 is used, designers/owners of the application programs may wish to migrate their applications from IPv4 to IPV6 in the depicted embodiment. In some cases, an application program 620A may notify (e.g., using one or more IPv4 messages) its communication peers that IPv6 addresses can also be used to communicate with the program 620A if desired. Gradually, more and more peer application programs may migrate to using IPv6 addresses to communicate with CI 630 in the depicted embodiment, as shown in the right portion of
At a routing device 750 (similar to intra-VCS routing devices 132 of
A client 810 may submit a CreateVNI request 814 to create a virtual network interface in the depicted embodiment. In response, metadata comprising information corresponding to at least some fields shown in
As AssignSpecifiedAddressRangesToVNI request 817 may be used by a client to specify a particular address range (expressed for example as a CIDR block), or multiple address ranges, to be assigned to a VNI. In response to such a request, the metadata stored for the VNI may be updated to include the address range(s), and an ARsAssigned message 819 may be sent to the client.
In some scenarios a client may not necessarily wish to choose the exact address range for a VNI (as this may require ensuring that the chosen address range does not overlap with other already-in-use address ranges), and may instead submit an AssignVCSSelectedAddressRangeToVNI request 821, allowing the VCS to choose an address range within a specified address family from among the available addresses of the IVN or subnet in which the VNI is configured. In at least one embodiment, the client 810 may indicate the size of the address range desired (which may for example be expressed using a CIDR block size indicator such as /28 or /80), thus informing the VCS about the number of contiguous addresses desired, without specifying the actual address range. In one embodiment, the client may not have to specify the size or number of addresses, as the VCS may use a default range size permitted for the specified address family. In response to the AssignVCSSelectedAddressRangeToVNI, the VCS may choose a range of the appropriate size (after verifying that none of the addresses of the range are currently assigned within the IVN), assign it to the specified VNI, and send a VSARsAssigned response message 823 to the client.
In addition to or instead of assigning ranges of addresses to VNIs, a client 810 may assign individual addresses of one or more address families to a given VNI in some embodiments, e.g., by submitting an AssignIndividualAddressToVNI request 825. The indicated address (if it is not in use) may be assigned by the VCS to the VNI, and an AddressAssigned message 827 may be sent to the client. Note that in some embodiments, instead of using separate requests to create a VNI and then assign ranges of addresses or individual address to it, parameters indicating the desired address range, range sizes or individual addresses may be included in the request to create the VNI.
A client 810 may send an AttachVNIToComputeInstance request 829 to attach a VNI to a CI in some embodiments. The VNI may be programmatically attached to the specified CI, and a VNIAttached message 831 may be sent to the client. In some embodiments, a VNI may be automatically created and attached to a CI in response to a response to launch the CI, and the launch request for the CI may indicate the address(es) to be assigned to the VNI and hence to the CI.
In at least one embodiment, a client may specify security settings, at one or more granularities, to be applied to a VNI, e.g., by submitting an ApplySecuritySettings request 833. The security settings (e.g., security groups or rules indicating permitted destinations and sources for inbound and outbound traffic) may, for example, be specified at the address range level, at an individual address level, or collectively for all the addresses of the VNI. In some embodiments, a common set of security settings may be specified for all the VNIs within a given subnet or a given IVN. Different security settings may be specified for individual address ranges or addresses of a given VNI in at least some embodiments. Metadata indicating the security settings may be stored at the VCS, e.g., as part of the metadata stored for an IVN within which the VNI is being used, and a Security SettingsApplied message 835 may be sent to the client in at least one embodiment. Before delivering a packet to a CI to which the VNI is attached, the VCS may ensure that the security settings of the VNI would not be violated by the delivery in various embodiments. Similarly, before delivering an outbound packet originating at a CI to which the VNI is attached, the VCS may ensure that the security settings of the VNI would not be violated by the delivery.
According to some embodiments, a client 810 may request that an address range assigned to a VNI or a CI be transferred (e.g., in an atomic operation) to another VNI or CI, by submitting a TranferAddressRange request 837. The address range may be transferred as requested, and an AddressRangeTranferred response message 839 may be sent to the client in some embodiments. It is noted that programmatic interactions other than those shown in
To a set of routing devices (RDs) (e.g., edge routing devices and/or intra-VCS routing devices) configured for directing inbound packets to an execution environment (e.g., a compute instance (CI)) with which the VNI is associated), a single entry of routing information per range of assigned addresses may be propagated in the depicted embodiment (element 904) (as opposed, for example, to one entry of routing information for each address of each range). The total number of bytes of routing information that is propagated is thus proportional to the number of distinct ranges assigned, and not to the total number of distinct addresses assigned.
A routing device RD1 may receive a packet P1 of address family AF1 with a destination address DA1 within the IVN in the depicted embodiment (element 907). At most two lookups may be performed at RD1 to identify a next hop to which P1 should be directed. The first lookup may be an exact match lookup, in which the entire destination address DA1 may be matched against the individual addresses stored in a database of routing information maintained at RD1. If an exact match routing entry is not found for DA1 (as detected in element 910), RD1 may attempt a prefix-match lookup, in which depending on the address family, the /28 or /80 prefix corresponding to DA1 is looked up in the database. If neither lookup results in a match (elements 910 and 913), RD1 may drop or discard the packet P1 in at least some embodiments (element 916).
If either of the lookups succeed, RD1 may cause P1 to be transmitted along a path in the routing entry found in the lookup (element 919). P1 may be received at its intended destination execution environment or CI, if permitted by security settings associated with the address or address range in the routing information entry used in the depicted embodiment. The execution environment may also receive packets of the other address family whose address range is assigned to the VNI, e.g., after the packets are routed by RD1 or other RDs, as long as the other packets also satisfy the security settings.
An event requiring or triggering a failover of the application to a different execution environment may be detected in the depicted embodiment (element 1004). Networking failures, hardware failures, and/or software errors/hangs may represent examples of such events, which may for example be detected by a health monitoring tool (HMT) implemented at the VCS control plane in some embodiments.
The HMT may configure, assign or select a different execution environment EE2 to run the application (element 1007). A single routing information entry update may be required for AR1, indicating EE2 as the destination for all addresses within AR1. The update may be propagated to each of the relevant routing devices (element 1010); as such, routing information updates per individual address of AR1 which is in use may not be needed. After the routing update is propagated, traffic directed to numerous addresses of AR1 may be sent to EE2 by the routing devices (element 1013). Such efficient propagation of routing updates may be particularly beneficial for telecommunication applications and other applications in which failovers may have to meet stringent latency constraints. For example, it may take just a few milliseconds to update the routing information if the updates are performed at via one message per range rather than one message per address, while it may take several hundreds of seconds if tens of thousands of individual per-address updates are required.
For subnet 1115A of IVN 1101, the client has indicated an IPV4 CIDR address block 1116A, representing a range of IPV4 addresses that can be assigned to resources such as compute instances (CIs) 1120A or 1120B within the subnet. The client has also indicated an IPV6 CIDR address block 1118A for subnet 1115A, representing a range of IPV4 addresses that can be assigned to resources such as CIs 1120A or 1120B. For subnet 1115B, the client has chosen to specify a single IPv4 address range CIDR block 1116B, from which addresses can be assigned to resources such as CI 1120K configured within subnet 1115B. For subnet 1115C, the client has chosen to specify only an IPV6 address range CIDR block 1118B, to be used for resources such as CI 1120. In some embodiments, the VCS may limit the sizes of the address ranges that a client can choose for an IVN or for an individual subnet within an IVN—e.g., a an IVN may be set up with a client-selected /16 IPv4 address range, and as subnet within an IVM may be set up with a client-selected /20 IPv4 address range.
Some types of operations performed at a VCS may require network addresses within an IVN to be assigned automatically, i.e., without the explicit specification of the addresses by the clients on whose behalf the operations are performed. For example, to execute computations or functions requested by client C1 from a server-less dynamically provisioned computing service, network addresses within a subnet set up by C1 may be chosen and assigned to the resources (such as service-created CIs) used for the computations, without requiring C1 to specify any network addresses. Such “auto-assigned” addresses may be selected at random from within a subnet address range 1216 of the client, thus resulting in fragmentation of the subnet's address space. Addresses may also be randomly selected and auto-assigned from within a subnet for other purposes in various embodiments, such as for extension traffic intermediaries set up for communications with VCS extension sites of the kind shown in
In the embodiment depicted in
According to at least some embodiments, hierarchical reservations of network addresses may be supported for at least some subnets of an isolated virtual network. A client C1 of a VCS may request a top-level reservation for a sub-range SR1 of a subnet's address range for fulfilling requests for one or more categories of operations from a set of authorized users UserSet1, where the permitted categories of operations include making additional reservations for a portion of sub-range R1. An authorized user U1 of UserSet1 may submit a second-level reservation request, causing the VCS to store metadata indication that a sub-range SR2 of SR1 has been reserved for one or more categories of operations requested by a set of authorized users UserSet2. In some embodiments, when making such a second level reservation, only the types of operations that were permitted in the first-level reservation (or a subset of those types) may be allowed for the second-level reservation, and the set of users (UserSet2 in the above example) authorized to use the second-level reservation may be required to be a subset of the set of users authorized to use the first-level reservation (UserSet1 in the above example). In other embodiments, such constraints may not apply, e.g., any desired types of supported operations may be permitted for second-level reservations, and/or any desired set of users may be permitted to use the second-level reservations. Multiple levels of reservations may be supported in some embodiments.
A client 1410 may submit a CreateSubnet request 1414 via the programmatic interfaces 1477, specifying the isolated virtual network (IVN) within which the subnet is to be created. In some cases the client may also specify one or more ranges of network addresses which can be assigned to devices within the subnet in the CreateSubnet request. For example, an IPV4 address range, an IPV6 address range, or address ranges in both address families may be specified for the subnet by the client using CIDR notation. In one embodiment, if the client does not specify an address range in the request to create a subnet, the VCS may choose an address range of one or both address families for the subnet. Metadata indicating the properties of the subnet (e.g., the name of the subnet and one or more address ranges of the subnet) may be stored at the VCS 1412, and a SubnetID message 1415 comprising an identifier of the created subnet may be sent to the client in some embodiments.
According to some embodiments, a client may define a customized category of requests for which reservations of subnet address subsets can be made, e.g., by submitting a DefineCustomRequestCategory request 1417 to the VCS. Such a custom request category may, for example, indicate a name selected for the custom request category, a set of users authorized to submit the custom requests, a subset of VNIs or compute instances of an IVN which can be assigned network addresses via requests of the custom category, and so on. The VCS may store a definition of the custom request category and send a Category Defined message 1419 to the client. Subsequently, when a reservation request for an address range is received, specifying a category of requests which can be fulfilled using a to-be-reserved address range, the VCS may verify that the category belongs to a set of pre-defined or default categories (e.g., bulk address assignment, client-requested individual address assignment, etc.) or to a set of custom categories defined earlier. When a request for an assignment of one or more addresses from a reserved range is received, the VCS may approve the request if it belongs to a category (either pre-defined or custom) which is permitted for the reservation.
A client 1410 may submit at least two types of reservation requests for address ranges within a subnet in the depicted embodiment. If the client wished to specify the sub-range of the subnet address space which is to be reserved, e.g., using CIDR notation for the address family for which the reservation is being requested, the client may submit a ReserveSpecifiedSubRangeForRequestCategory request 1421. If the client simply wishes to indicate that a certain number of consecutive addresses are to be reserved (e.g., using the portion of the CIDR notation which indicates the number of bits which are fixed for the sub-range, such as /24 for IPV4 or /80 for IPV6), but does not wish to indicate the exact range of addresses, a ReserveVCSSelectedSubRangeForRequestCategory request 1425 may be submitted. In either case, one or more request categories may be specified in the reservation request, indicating which type(s) of requests the VCS is permitted to fulfill, or which types of operations the VCS is permitted to perform, using the reserved range of addresses. In some embodiments, a client may also indicate a set of authorized users (e.g., with user identifiers associated with the client account for which the IVN and subnet were created) permitted to use the reserved address sub-range.
In response to a ReserveSpecifiedSubRangeForRequestCategory request 1421, the VCS may store metadata indicating that the specified sub-range of addresses has been reserved after verifying that (a) none of the addresses of the specified sub-range are currently in use and (b) none of the addresses of the specified sub-range are currently reserved in various embodiments. If either of these conditions do not hold, the VCS may reject the reservation request in at least some embodiments. In one embodiment, a message indicating the reasons why the reservation request was rejected (e.g., due to an address being in-use, or due to a conflicting reservation) may be provided to the client. If the reservation request is successful, an SRReserved message 1423 confirming the reservation may be sent to the client in some embodiments.
In response to a ReserveVCSSelectedSubRangeForRequestCategory request 1425, the VCS may first try to find an un-reserved and currently un-used address sub-range of a size indicated in the request (or, if the client does not specify the sub-range size, a default sub-range size for the address family indicated in the request). If such a sub-range is available in the subnet, it may be selected by the VCS to fulfil the request; if such a sub-range is not available, an error message indicating that the reservation request failed may be sent to the client. In the scenario in which an appropriate sub-range is found, the VCS may store metadata indicating that the selected sub-range of addresses has been reserved for the request category or categories specified, and a VSSRReserved message 1427 indicating the reserved sub-range may be sent to the client.
A client may view the address sub-range reservations currently in effect for a specified subnet or subnets of an IVN by submitting a ShowReservations request 1429 in some embodiments. A list of the reservations made for address sub-ranges of the IVN, indicating the specific sub-ranges reserved, may be presented to the client via a ReservationsList message 1431 in the depicted embodiment.
The VCS may collect various types of metrics pertaining to address-range reservations in some embodiments, such as the total number of reservations made per subnet during various time intervals, the fraction of the subnet address space which is reserved in one or more address families during the time intervals, the fraction of the address sub-range of each reservation which is in use during the time intervals, the total number of addresses of a reserved sub-range which are in use during the time intervals, and so on. In response to a submitted ShowReservationMetrics request 1433, some or all of the collected metrics for one or more reservations indicated by the client or associated with the client may be provided via one or more MetricSet messages 1435 in the embodiment depicted in
A client may change one or more parameters of a previously-created reservation by submitting a ModifyReservation request 1437 in the embodiment shown in
A client may release or cancel an existing reservation by submitting a ReleaseReservation request 1441 in some embodiments. In response, metadata indicating the reservation may be marked for deletion or deleted at the VCS, a ReservationReleased message 1443 may be sent to the client, and subsequent requests for addresses from the previously reserved sub-range may no longer be checked to verify that they do not violate the reservation. For example, a request for an assignment of an address Addr1, which was rejected earlier because its request category was not among the categories for which a reservation was made, may be accepted if it is re-submitted after the reservation is released. It is noted that programmatic interactions other than those shown in
In response to the reservation request, the VCS may perform one or more checks to verify that the reservation is feasible—e.g., whether an unused sub-range of the desired size indicated in the reservation request is available, or whether the exact sub-range of addresses indicated in the reservation request is available, and so on. If the results of the checks or verification operations indicate that a reservation that would satisfy the reservation request is feasible, given the current usage of the subnet's addresses (as detected in operations corresponding to element 1507) metadata indicative of a successfully made reservation may be stored at the VCS (element 1511). If the reservation is not feasible, in various embodiments the reservation request may be rejected (element 1527). Note that when checking whether the requested reservation is feasible, the VCS may have to take into account address that are currently assigned to devices such as VNIs within the subnet, and also any existing reservations which might conflict with the requested reservation. If the decision to accept or approve the reservation is made, metadata indicating that a sub-range SR1 of a subnet's address range is reserved for one or more categories of subsequent operations, such as bulk-address assignment, client-requested individual address assignment by specified clients, etc. may be stored in various embodiments. SR1 may be specified by a client in a reservation request, or may be selected by the VCS if left unspecified by the client (e.g., if the client only specifies the size of the desired reserved sub-range, but does not specify the exact address sub-range to be reserved). The category or categories of subsequent requests or operations for which the reserved sub-range may be used may be indicated in the reservation request in at least some embodiments. In the depicted embodiments, multiple reservations at the same subnet may be made for future requests of a given set of one or more request categories, e.g., in response to respective reservation requests. In various embodiments, respective reservations at the same subnet may be made for different categories of requests or operations—e.g., one sub-range of a subnet S1's address range may be reserved for subsequent bulk address assignments, another sub-range of S1's address range may be reserved for client-requested individual address assignments, a third sub-range of S1's address range may be reserved for a custom request category created by the client, and so on.
A request Req1 for an operation that requires or includes assignment of at least one address Addr1 within the reserved sub-range SR1 may be received at the VCS (element 1514) at some point after the reservation is made. If the requested operation does not belong to the category of operation for which SR1 was reserved, or Req1 does not belong to a category of requests for whose fulfillment SR1 was reserved (as determined in operations corresponding to element 1517), Req1 may be rejected in various embodiments even if Addr1 is currently not in use within the parent IVN of the subnet (element 1520). As such, Req1 may be received and rejected during a time interval in which Addr1 is not in use and is hence available for at least other requests. If the VCS is able to find an alternative address or addresses (e.g., unreserved addresses within the same subnet) that could be used to fulfill Req1, in some embodiments the VCS may notify the submitter of Req1 accordingly—e.g., by providing an unreserved and unused address Addr2 that can be used instead of Addr1. In some cases, assignment of a particular address such as Addr1 from within SR1 may be requested by another service of the provider network as part of an auto-assignment operation of the kind discussed in the content of
If the requested operation belongs to the category of operation for which SR1 was reserved, or Req1 belongs to a category of requests for whose fulfillment SR1 was reserved (as also determined in operations corresponding to element 1517), and if Addr1 is not in use, Addr1 may be assigned to one or more devices (e.g., a VNI and/or a compute instance or virtual machine) in accordance with Req1 in the depicted embodiment (element 1523). If Addr1 is in use, or if at least some addresses of a requested range of addresses indicated in Req1 are in use, Req1 may also be rejected in various embodiments. Note that requests for bulk address assignment (assignment of ranges of contiguous addresses to a VNI or a compute instance, with the range being specified by a client or chosen by the VCS), requests for client-requested single address assignments, as well as requests of custom categories defined by the client, may all be processed at the VCS while taking reservations into account. The requests such as Req1 may be for addresses or address ranges of any of the address families (such as IPv4 or IPv6) whose addresses are assigned to the subnet, e.g., at the time of subnet creation.
It is noted that in various embodiments, some of the operations shown in
In at least some embodiments, a server that implements the types of techniques described herein (e.g., various functions of a VCS or other services of a provider network), may include a general-purpose computer system that includes or is configured to access one or more computer-accessible media.
In various embodiments, computing device 9000 may be a uniprocessor system including one processor 9010, or a multiprocessor system including several processors 9010 (e.g., two, four, eight, or another suitable number). Processors 9010 may be any suitable processors capable of executing instructions. For example, in various embodiments, processors 9010 may be general-purpose or embedded processors implementing any of a variety of instruction set architectures (ISAs), such as the x86, PowerPC, SPARC, ARM, or MIPS ISAs, or any other suitable ISA. In multiprocessor systems, each of processors 9010 may commonly, but not necessarily, implement the same ISA. In some implementations, graphics processing units (GPUs) and or field-programmable gate arrays (FPGAs) may be used instead of, or in addition to, conventional processors.
System memory 9020 may be configured to store instructions and data accessible by processor(s) 9010. In at least some embodiments, the system memory 9020 may comprise both volatile and non-volatile portions; in other embodiments, only volatile memory may be used. In various embodiments, the volatile portion of system memory 9020 may be implemented using any suitable memory technology, such as static random access memory (SRAM), synchronous dynamic RAM or any other type of memory. For the non-volatile portion of system memory (which may comprise one or more NVDIMMs, for example), in some embodiments flash-based memory devices, including NAND-flash devices, may be used. In at least some embodiments, the non-volatile portion of the system memory may include a power source, such as a supercapacitor or other power storage device (e.g., a battery). In various embodiments, memristor based resistive random access memory (ReRAM), three-dimensional NAND technologies, Ferroelectric RAM, magnetoresistive RAM (MRAM), or any of various types of phase change memory (PCM) may be used at least for the non-volatile portion of system memory. In the illustrated embodiment, program instructions and data implementing one or more desired functions, such as those methods, techniques, and data described above, are shown stored within system memory 9020 as code 9025 and data 9026.
In one embodiment, I/O interface 9030 may be configured to coordinate I/O traffic between processor 9010, system memory 9020, and any peripheral devices in the device, including network interface 9040 or other peripheral interfaces such as various types of persistent and/or volatile storage devices. In some embodiments, I/O interface 9030 may perform any necessary protocol, timing or other data transformations to convert data signals from one component (e.g., system memory 9020) into a format suitable for use by another component (e.g., processor 9010). In some embodiments, I/O interface 9030 may include support for devices attached through various types of peripheral buses, such as a variant of the Peripheral Component Interconnect (PCI) bus standard or the Universal Serial Bus (USB) standard, for example. In some embodiments, the function of I/O interface 9030 may be split into two or more separate components, such as a north bridge and a south bridge, for example. Also, in some embodiments some or all of the functionality of I/O interface 9030, such as an interface to system memory 9020, may be incorporated directly into processor 9010.
Network interface 9040 may be configured to allow data to be exchanged between computing device 9000 and other devices 9060 attached to a network or networks 9050, such as other computer systems or devices as illustrated in
In some embodiments, system memory 9020 may represent one embodiment of a computer-accessible medium configured to store at least a subset of program instructions and data used for implementing the methods and apparatus discussed in the context of
Various embodiments may further include receiving, sending or storing instructions and/or data implemented in accordance with the foregoing description upon a computer-accessible medium. Generally speaking, a computer-accessible medium may include storage media or memory media such as magnetic or optical media, e.g., disk or DVD/CD-ROM, volatile or non-volatile media such as RAM (e.g. SDRAM, DDR, RDRAM, SRAM, etc.), ROM, etc., as well as transmission media or signals such as electrical, electromagnetic, or digital signals, conveyed via a communication medium such as network and/or a wireless link.
The various methods as illustrated in the Figures and described herein represent exemplary embodiments of methods. The methods may be implemented in software, hardware, or a combination thereof. The order of method may be changed, and various elements may be added, reordered, combined, omitted, modified, etc.
Various modifications and changes may be made as would be obvious to a person skilled in the art having the benefit of this disclosure. It is intended to embrace all such modifications and changes and, accordingly, the above description to be regarded in an illustrative rather than a restrictive sense.
Number | Name | Date | Kind |
---|---|---|---|
8127003 | Glaeser et al. | Feb 2012 | B2 |
9143430 | Beshai et al. | Sep 2015 | B2 |
9143441 | Basso et al. | Sep 2015 | B2 |
9270592 | Sites | Feb 2016 | B1 |
9497113 | Dispensa et al. | Nov 2016 | B2 |
9537772 | Scott et al. | Jan 2017 | B2 |
9722922 | Kamath et al. | Aug 2017 | B2 |
9948557 | Fan et al. | Apr 2018 | B2 |
10326801 | Xu | Jun 2019 | B2 |
10848431 | Schultze et al. | Nov 2020 | B2 |
20060268681 | Raza | Nov 2006 | A1 |
20170134340 | Janakiraman | May 2017 | A1 |
20200014589 | Xu et al. | Jan 2020 | A1 |
20200092193 | Tillotson | Mar 2020 | A1 |
Entry |
---|
“Alias IP ranges overview,” VPC, Google Cloud, https://cloud.google.vpc/docs/alias-ip, last updated Aug. 19, 2021, pp. 1-17 downloaded on Aug. 23, 2021. |
U.S. Appl. No. 17/491,287, filed Sep. 30, 2021, David James Goodell. |