Kevin Miller

Various systems and processes may be used to manage Internet Protocol (IP) addresses that are dynamically assigned. In particular implementations, systems and processes for managing IP addresses that are dynamically assigned may include the ability to determine whether an identifier for a web service has been received from a customer having one or more virtual machines in a service provider network, the web service being accessible by the customer's virtual machines over an external… Show more

Various systems and processes may be used to manage Internet Protocol (IP) addresses that are dynamically assigned. In particular implementations, systems and processes for managing IP addresses that are dynamically assigned may include the ability to determine whether an identifier for a web service has been received from a customer having one or more virtual machines in a service provider network, the web service being accessible by the customer's virtual machines over an external communication network. The systems and processes may also include the ability to determine a number of IP addresses for the web service, identify virtual machines of the customer that are allowed to communicate with the web service, generate one or more IP address lists for the identified virtual machines, and update security tables for the identified virtual machines with the IP address lists at server computers hosting the identified virtual machines. Show less

A customer may request a service endpoint for a service in their virtual network on a provider network. In response, a service endpoint is generated in the customer's virtual network, a local IP address in the IP address range of the customer's virtual network is assigned to the service endpoint, and a DNS name is assigned to the service endpoint. Resources on the customer's virtual network resolve the DNS name of the service endpoint to obtain the local IP address of the service endpoint and… Show more

A customer may request a service endpoint for a service in their virtual network on a provider network. In response, a service endpoint is generated in the customer's virtual network, a local IP address in the IP address range of the customer's virtual network is assigned to the service endpoint, and a DNS name is assigned to the service endpoint. Resources on the customer's virtual network resolve the DNS name of the service endpoint to obtain the local IP address of the service endpoint and send service requests for the service to the local IP address of the service endpoint. The service endpoint adds routing information to the service requests and sends the service requests over the network substrate to be routed to the service. Show less

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For… Show more

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable. Show less

Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by… Show more

Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network. Show less

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on… Show more

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on behalf of a client that has a dedicated physical link set up to connect to the first resource collection. In response to the request, the coordinator performs one or more configuration operations to enable traffic to flow from the client's network to the second resource collection over a logically isolated network path using the dedicated physical link. Show less

A participant in a network is configured to query a data storage system to determine whether there have been any changes to a network. The participant receives a response to the query and determines, based at least in part on the response, whether reconfiguration is necessary. If the network has changed (e.g., if the network topology has changed), as indicated in the response, the system performs one or more actions in accordance with the response. Multiple participants in the network may query… Show more

A participant in a network is configured to query a data storage system to determine whether there have been any changes to a network. The participant receives a response to the query and determines, based at least in part on the response, whether reconfiguration is necessary. If the network has changed (e.g., if the network topology has changed), as indicated in the response, the system performs one or more actions in accordance with the response. Multiple participants in the network may query the data storage system so that, collectively, network updates are initiated by changes to data in the data storage system. The network may be an overlay network that allows communication according to a communication protocol, such as multicast, that may not be completely supported by a physical network substrate. Show less

Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log… Show more

Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log information such that it is accessible to the customer. Additionally, the log information may be provided to other services such as a metrics service or intrusion detection service. Show less

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the… Show more

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information. Show less

A physical host agent receives configuration information from a virtual computer system service specifying network traffic information to be extracted from network traffic for one or more virtual machines. The agent extracts the specified network traffic information from the network traffic for the one or more virtual machines and aggregates the network traffic information into one or more data segments for storage in a repository. A publishing sub-system of the service obtains the one or more… Show more

A physical host agent receives configuration information from a virtual computer system service specifying network traffic information to be extracted from network traffic for one or more virtual machines. The agent extracts the specified network traffic information from the network traffic for the one or more virtual machines and aggregates the network traffic information into one or more data segments for storage in a repository. A publishing sub-system of the service obtains the one or more data segments and compiles the one or more data segments into data logs for delivery to an analytics service to make the network traffic information available to customers. Show less

A service implemented at a first isolated virtual network of a provider network is added to a database of privately-accessible services. Configuration changes that enable network packets to flow between the first isolated virtual network and a second isolated virtual network without utilizing a network address accessible from the public Internet are implemented. Service requests originating at the second isolated virtual network are transmitted to the first isolated virtual network via private… Show more

A service implemented at a first isolated virtual network of a provider network is added to a database of privately-accessible services. Configuration changes that enable network packets to flow between the first isolated virtual network and a second isolated virtual network without utilizing a network address accessible from the public Internet are implemented. Service requests originating at the second isolated virtual network are transmitted to the first isolated virtual network via private pathways of the provider network. Metrics corresponding to service requests directed from the second isolated network to the service are collected and provided to the respective owners of one or both isolated virtual networks. Show less

Methods and apparatus that allow clients to connect resource instances to virtual networks in provider network environments via private IP. Via private IP linking methods and apparatus, a client of a provider network can establish private IP communications between the client's resource instances on the provider network and the client's resource instances provisioned in the client's virtual network via links from the private IP address space of the virtual network to the private IP address space… Show more

Methods and apparatus that allow clients to connect resource instances to virtual networks in provider network environments via private IP. Via private IP linking methods and apparatus, a client of a provider network can establish private IP communications between the client's resource instances on the provider network and the client's resource instances provisioned in the client's virtual network via links from the private IP address space of the virtual network to the private IP address space of the provider network. The provider network client resource instances remain part of the client's provider network implementation and may thus also communicate with other resource instances on the provider network and/or with entities on external networks via public IP while communicating with the virtual network resource instances via private IP. Show less

Techniques are described for managing communications for a managed computer network by using a defined pool of alternative computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select a particular alternative intermediate… Show more

Techniques are described for managing communications for a managed computer network by using a defined pool of alternative computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select a particular alternative intermediate destination computing node from a defined pool to use for one or more particular communications from the source computing node to an indicated final destination, such as based on a configured logical network topology for the managed computer network and/or on one or more other selection criteria (e.g., to enable load balancing between the alternative computing nodes). The manager module then forwards those communications to the selected intermediate destination computing node for further handling. Show less

A traffic analyzer of a provider network identifies endpoint categories into which traffic directed to or from a first isolated virtual network of the provider network is to be classified. A first endpoint category includes an endpoint configured in a second isolated virtual network. Using packet-level metrics collected at virtualization management components of virtualization hosts, the traffic analyzer determines the amount of data transmitted between the first isolated virtual network and… Show more

A traffic analyzer of a provider network identifies endpoint categories into which traffic directed to or from a first isolated virtual network of the provider network is to be classified. A first endpoint category includes an endpoint configured in a second isolated virtual network. Using packet-level metrics collected at virtualization management components of virtualization hosts, the traffic analyzer determines the amount of data transmitted between the first isolated virtual network and the various endpoint categories during selected time intervals. The traffic analyzer provides the categorized traffic amounts as input to a predictive model, and stores expected future traffic trends generated by the model. Show less

Methods and apparatus that allow clients to specify custom network rules for their resource instances or network constructs in a provider network environment. Services and interfaces may be provided that allow a client to provide an executable module that implements custom rules for their resources, or alternatively to specify or select custom rules for their resources. The module may be installed on a host device, and may apply the custom rules to packets to and from the client's resources… Show more

Methods and apparatus that allow clients to specify custom network rules for their resource instances or network constructs in a provider network environment. Services and interfaces may be provided that allow a client to provide an executable module that implements custom rules for their resources, or alternatively to specify or select custom rules for their resources. The module may be installed on a host device, and may apply the custom rules to packets to and from the client's resources. Alternatively, the client-defined rules may be applied to packet flows according to the custom rules specified by the client and applied by a client rules service implemented on the provider network external to the host device or on a client resource instance on the host device. The custom network rules may, for example, extend or modify standard network rules for the client's resources on the host device. Show less

A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the… Show more

A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the first interface group to the client-side components. In response to a detection of an unhealthy state of the first compute instance, the first VNI is attached to a different compute instance by the control-plane component. Show less

An occurrence of a network health impairment event associated with a service of a provider network is detected using metrics corresponding to one or more data sources. Based on an analysis of a list of services being utilized on behalf of a customer, a determination is made that the probability of a negative impact of the impairment on an application of the customer is below a threshold. A network health state message indicating a healthy state of resources allocated to the customer is… Show more

An occurrence of a network health impairment event associated with a service of a provider network is detected using metrics corresponding to one or more data sources. Based on an analysis of a list of services being utilized on behalf of a customer, a determination is made that the probability of a negative impact of the impairment on an application of the customer is below a threshold. A network health state message indicating a healthy state of resources allocated to the customer is transmitted to a destination associated with the first customer. Show less

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the… Show more

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing cost information to update the configuration of the managed computer network, and/or includes determining actual cost information corresponding to use of an underlying substrate network and providing routing cost information to the client that reflects the determined actual cost information, so as to enable the client to modify the configuration of the managed computer network accordingly. Show less

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the… Show more

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing cost information to update the configuration of the managed computer network, and/or includes determining actual cost information corresponding to use of an underlying substrate network and providing routing cost information to the client that reflects the determined actual cost information, so as to enable the client to modify the configuration of the managed computer network accordingly. Show less

Methods and apparatus for providing rating and usage models for IP traffic to and from clients' resource instances in a provider network environment. A service provider may implement rating and usage models that may be used to associate provider network addresses with address ranges of external networks. The models may be provided to or selected by clients and applied to traffic between the clients' provider network addresses and the addresses of user devices that are in the address ranges of… Show more

Methods and apparatus for providing rating and usage models for IP traffic to and from clients' resource instances in a provider network environment. A service provider may implement rating and usage models that may be used to associate provider network addresses with address ranges of external networks. The models may be provided to or selected by clients and applied to traffic between the clients' provider network addresses and the addresses of user devices that are in the address ranges of external networks associated with the models. Rating models may be applied to provider network clients' usage on the provider network resulting from the clients' customers' accesses of the clients' applications on resource instances in the provider network. Usage models may be applied to the clients' customers' usage on intermediate networks when accessing the clients' applications on resource instances in the provider network. Show less

Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log… Show more

Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log information such that it is accessible to the customer. Additionally, the log information may be provided to other services such as a metrics service or intrusion detection service. Show less

Techniques are described for providing a managed computer network, such as for a managed virtual computer network overlaid on another substrate computer network, and including managing communications for computing nodes of the managed computer network by using one or more particular hardware devices connected to the substrate computer network to operate as a logical network node of the managed computer network that acts as an intermediate destination to provide one or more types of… Show more

Techniques are described for providing a managed computer network, such as for a managed virtual computer network overlaid on another substrate computer network, and including managing communications for computing nodes of the managed computer network by using one or more particular hardware devices connected to the substrate computer network to operate as a logical network node of the managed computer network that acts as an intermediate destination to provide one or more types of functionality for at least some communications that are sent by and/or directed to one or more computing nodes of the managed computer network. For example, a communication manager module associated with a source computing node for the managed computer network may determine to direct a communication from the source computing node over the substrate network to one or more substrate hardware devices that represent a particular intermediate destination network node of the managed computer network. Show less

Methods and apparatus for interfaces to manage last-mile connectivity and dynamic reconfiguration for direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements an interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator determines a connectivity provider to provide last-mile connectivity to… Show more

Methods and apparatus for interfaces to manage last-mile connectivity and dynamic reconfiguration for direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements an interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator determines a connectivity provider to provide last-mile connectivity to the requester, and transmits a notification identifying the selected connectivity provider. Show less

Methods and apparatus that extend private network functionality to client devices that are not part of a provider network. A net device may provide private network control plane functionality to devices that are external to the provider network and connected to ports on the net device. The devices are assigned addresses within the address space of the private network. Packets sent from the devices through the net device are encapsulated by the net device and routed over the private network to… Show more

Methods and apparatus that extend private network functionality to client devices that are not part of a provider network. A net device may provide private network control plane functionality to devices that are external to the provider network and connected to ports on the net device. The devices are assigned addresses within the address space of the private network. Packets sent from the devices through the net device are encapsulated by the net device and routed over the private network to their destinations. Packets sent to the devices are routed by the private network to the net device, decapsulated, and provided to the devices. Via the functionality provided by the net device, a client may configure and manage client devices as part of their client private network using the same services and APIs that are used to configure and manage their virtual resources on the client private network. Show less

Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity… Show more

Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity. Show less

A service implemented at a first isolated virtual network of a provider network is added to a database of privately-accessible services. Configuration changes that enable network packets to flow between the first isolated virtual network and a second isolated virtual network without utilizing a network address accessible from the public Internet are implemented. Service requests originating at the second isolated virtual network are transmitted to the first isolated virtual network via private… Show more

A service implemented at a first isolated virtual network of a provider network is added to a database of privately-accessible services. Configuration changes that enable network packets to flow between the first isolated virtual network and a second isolated virtual network without utilizing a network address accessible from the public Internet are implemented. Service requests originating at the second isolated virtual network are transmitted to the first isolated virtual network via private pathways of the provider network. Metrics corresponding to service requests directed from the second isolated network to the service are collected and provided to the respective owners of one or both isolated virtual networks. Show less

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on… Show more

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on behalf of a client that has a dedicated physical link set up to connect to the first resource collection. In response to the request, the coordinator performs one or more configuration operations to enable traffic to flow from the client's network to the second resource collection over a logically isolated network path using the dedicated physical link. Show less

Techniques are described for managing customer-specified routing policies for network-accessible computing resources. In some situations, the customer-specified routing policies may be based at least in part on DNS ("Domain Name System") information specified by a customer, such as if the customer specifies one or more target destinations to use with an indicated DNS domain name that are different from the destination IP address(es) provided for that DNS domain name by DNS servers--if so, the… Show more

Techniques are described for managing customer-specified routing policies for network-accessible computing resources. In some situations, the customer-specified routing policies may be based at least in part on DNS ("Domain Name System") information specified by a customer, such as if the customer specifies one or more target destinations to use with an indicated DNS domain name that are different from the destination IP address(es) provided for that DNS domain name by DNS servers--if so, the managing of such a DNS-based routing policy for that customer may include identifying when network-accessible computing resources provided to the customer send electronic communications to that DNS domain name, and causing those electronic communications to be redirected to the customer-specified target destination(s). Such customer-specified target destinations may include, in different situations, final destinations, intermediate destinations, etc., as well as identify particular routes. Show less

In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data… Show more

In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data. When the content site receives a request for the private data from the user or optionally from other users (such as social networking friends), the server can send the encrypted user data to a client associated with the requesting user. This client, if operated by an authorized user, can decrypt the private data and present it to the authorized user. Show less

Data is split into a set of data packets and transmitted between a client computer system and a network service via a packet-switched network. The client computer system identifies a role, permission, group, or other credential that is associated with the data packets, and attaches a credential identifier such as a digital signature to the packets before they are transmitted over the network. A network service receives the data packets, and is configured to filter or route the data packets to a… Show more

Data is split into a set of data packets and transmitted between a client computer system and a network service via a packet-switched network. The client computer system identifies a role, permission, group, or other credential that is associated with the data packets, and attaches a credential identifier such as a digital signature to the packets before they are transmitted over the network. A network service receives the data packets, and is configured to filter or route the data packets to a recipient using the attached credential identifier. The network service can adjust the filtering or routing process to occur within a data link, network, transport, or application layer. In some examples, the filtering or routing is provided from within a hypervisor. Show less

Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by… Show more

Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network. Show less

Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network, including for communications between computing nodes of the managed virtual computer network connected to the substrate network and other network nodes external to the substrate network. The managed virtual computer network may have multiple associated virtual network addresses, with each of the computing nodes being associated with at least one of the… Show more

Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network, including for communications between computing nodes of the managed virtual computer network connected to the substrate network and other network nodes external to the substrate network. The managed virtual computer network may have multiple associated virtual network addresses, with each of the computing nodes being associated with at least one of the virtual network addresses, and with one or more external network nodes being integrated into the managed virtual computer network based at least in part by associating one or more other of the virtual network addresses with the external network nodes. The managing of the communications may further include using one or more translation manager modules that interconnect the substrate network with one or more external networks or other external connections via which the external network nodes are accessible. Show less

An advertisement service enables advertisers to bid on or select a particular geographic region for public display of an advertisement by a mobile ad platform when the mobile ad platform enters the particular geographic region. For instance, the mobile ad platform provides location information to the advertisement service. Based on the location, the advertisement service provides ad information to the mobile ad platform for display of an advertisement corresponding to the advertiser that has… Show more

An advertisement service enables advertisers to bid on or select a particular geographic region for public display of an advertisement by a mobile ad platform when the mobile ad platform enters the particular geographic region. For instance, the mobile ad platform provides location information to the advertisement service. Based on the location, the advertisement service provides ad information to the mobile ad platform for display of an advertisement corresponding to the advertiser that has purchased rights to display advertisements on the mobile ad platform in the current geographic region. The publicly displayed advertisement content may change dynamically as the location of the mobile ad platform changes. In some implementations, the advertisement may offer an incentive, such as a coupon, to consumers that see the advertisement. The incentive may be redeemable at the advertiser's business such as by using a mobile device to capture, obtain or redeem the incentive. Show less

A control-plane component of a virtualization-based packet processing service determines (a) a performance goal for a first category of packet processing operations to be implemented using compute instances of a virtual computing service and (b) one or more packet processing rules. The control-plane component assigns one or more compute instances as nodes of a packet processing cluster designated to perform the requested operations. The control-plane component provides metadata to the client… Show more

A control-plane component of a virtualization-based packet processing service determines (a) a performance goal for a first category of packet processing operations to be implemented using compute instances of a virtual computing service and (b) one or more packet processing rules. The control-plane component assigns one or more compute instances as nodes of a packet processing cluster designated to perform the requested operations. The control-plane component provides metadata to the client, to be used to establish connectivity between the cluster and one or more sources of the traffic whose packets are to be processed. Show less

Techniques are described for providing managed virtual computer networks that may have a configured logical network topology with one or more virtual networking devices, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. In some situations, the emulating of networking device functionality includes… Show more

Techniques are described for providing managed virtual computer networks that may have a configured logical network topology with one or more virtual networking devices, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. In some situations, the emulating of networking device functionality includes receiving routing communications directed to the networking devices and using included routing information to update the configured network topology for the managed computer network. In addition, the techniques may further include supporting interactions with devices that are external to the virtual computer network, including remote physical networking devices that are part of a remote computer network configured to interoperate with the virtual computer network, and/or specialized network devices that are accessible via a substrate network on which the virtual computer network is overlaid. Show less

A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the… Show more

A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the first interface group to the client-side components. In response to a detection of an unhealthy state of the first compute instance, the first VNI is attached to a different compute instance by the control-plane component. Show less

Techniques are described for providing load balancing functionality among multiple computing nodes. In some situations, the provided load balancing functionality includes dynamically scaling a group of multiple computing nodes for which the load balancing is performed, such as to dynamically expand and/or shrink the quantity of computing nodes in the group based on predefined criteria. At least some of the computing nodes of a group may be part of one or more physical computer networks in one… Show more

Techniques are described for providing load balancing functionality among multiple computing nodes. In some situations, the provided load balancing functionality includes dynamically scaling a group of multiple computing nodes for which the load balancing is performed, such as to dynamically expand and/or shrink the quantity of computing nodes in the group based on predefined criteria. At least some of the computing nodes of a group may be part of one or more physical computer networks in one or more geographical locations under control of a user or other entity, and at least some of the dynamic scaling of the group may use one or more other computing nodes that are part of a remote computer network (e.g., a virtual computer network provided under the control of a network-accessible service). The defined criteria used for the dynamic scaling may be determined in various manners and based on various factors. Show less

A request to establish a VPN connection between a customer data center and a set of resources of a provider network is received. A new isolated virtual network (IVN) is established to implement a virtual private gateway to be used for the connection. One or more protocol processing engines (PPEs) are instantiated within the IVN, and a respective VPN tunnel is configured between each of the PPEs and the customer data center. Routing information pertaining to the set of resources is provided to… Show more

A request to establish a VPN connection between a customer data center and a set of resources of a provider network is received. A new isolated virtual network (IVN) is established to implement a virtual private gateway to be used for the connection. One or more protocol processing engines (PPEs) are instantiated within the IVN, and a respective VPN tunnel is configured between each of the PPEs and the customer data center. Routing information pertaining to the set of resources is provided to the customer data center via at least one of the VPN tunnels, enabling routing of customer data to the set of resources within the provider network from the customer data center. Show less

Techniques are described for providing managed computer networks. In some situations, the techniques include managing communications for computing nodes of a managed computer network by using one or more particular computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module… Show more

Techniques are described for providing managed computer networks. In some situations, the techniques include managing communications for computing nodes of a managed computer network by using one or more particular computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select one or more particular intermediate destination computing nodes to use for one or more particular communications from the source computing node to an indicated final destination, such as based on a configured logical network topology for the managed computer network. The manager module then forwards those communications to a first of the selected intermediate destination computing nodes for further handling. Show less

In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary… Show more

In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service. Show less

In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary… Show more

In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service. Show less

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the… Show more

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing cost information to update the configuration of the managed computer network, and/or includes determining actual cost information corresponding to use of an underlying substrate network and providing routing cost information to the client that reflects the determined actual cost information, so as to enable the client to modify the configuration of the managed computer network accordingly. Show less

A portable device is brought into a data center for testing connectivity between a customer and a service provider. A user of the device uses the device to requests ticket and customer information from a service provider in order to obtain more information about a particular task. The user plugs a cable into the device and performs a series of diagnostic tests on the connection. The device is configured to display the results of the diagnostic tests and any associated errors. The user of the… Show more

A portable device is brought into a data center for testing connectivity between a customer and a service provider. A user of the device uses the device to requests ticket and customer information from a service provider in order to obtain more information about a particular task. The user plugs a cable into the device and performs a series of diagnostic tests on the connection. The device is configured to display the results of the diagnostic tests and any associated errors. The user of the device performs one or more actions based on the results of the diagnostic tests. Show less

Methods and apparatus for interfaces to manage last-mile connectivity and dynamic reconfiguration for direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements an interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator determines a connectivity provider to provide last-mile connectivity to… Show more

Methods and apparatus for interfaces to manage last-mile connectivity and dynamic reconfiguration for direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements an interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator determines a connectivity provider to provide last-mile connectivity to the requester, and transmits a notification identifying the selected connectivity provider. Show less

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the… Show more

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information. Show less

Disclosed are various embodiments for generating an interface for communication of at least one supply chain associated with an order that comprises forecast completion times for components of the at least one supply chain. The interface includes nodes that are associated with components of the at least one supply chain. The nodes within the interface are linked, wherein each link connects two of the nodes and indicates a relationship between the corresponding components of the at least one… Show more

Disclosed are various embodiments for generating an interface for communication of at least one supply chain associated with an order that comprises forecast completion times for components of the at least one supply chain. The interface includes nodes that are associated with components of the at least one supply chain. The nodes within the interface are linked, wherein each link connects two of the nodes and indicates a relationship between the corresponding components of the at least one supply chain. The nodes and the links are arranged into a rooted tree within the interface, wherein the rooted tree represents the organization of the components of the at least one supply chain. Show less

A connectivity manager (CM) of a provider network establishes a plurality of ERGs (edge resource groups), each comprising at least an edge router and a network marker translation agent (NMTA). The CM selects a particular ERG to be used for network traffic between a first set of resources of a virtual computing service of the provider network and a second set of resources outside the provider network. To enable connectivity between the first and second set of resources, the CM initiate… Show more

A connectivity manager (CM) of a provider network establishes a plurality of ERGs (edge resource groups), each comprising at least an edge router and a network marker translation agent (NMTA). The CM selects a particular ERG to be used for network traffic between a first set of resources of a virtual computing service of the provider network and a second set of resources outside the provider network. To enable connectivity between the first and second set of resources, the CM initiate propagation of (a) routing metadata to an edge router of the particular ERG and/or (b) a network marker mapping entry to an NMTA of the particular ERG. Show less

Methods and apparatus for bandwidth metering in large-scale networks are disclosed. Metadata for a network transmission involving a virtualized resource at a host of a provider network, including endpoint address information and a traffic metric, is determined at a metering component. The metadata is aggregated at another metering component and provided to a traffic classification node. The traffic classification node generates a categorized usage record for the network transmission, based at… Show more

Methods and apparatus for bandwidth metering in large-scale networks are disclosed. Metadata for a network transmission involving a virtualized resource at a host of a provider network, including endpoint address information and a traffic metric, is determined at a metering component. The metadata is aggregated at another metering component and provided to a traffic classification node. The traffic classification node generates a categorized usage record for the network transmission, based at least in part on network topology information associated with the provider network. The categorized usage record is used to determine a billing amount for the network transmission. Show less

Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log… Show more

Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log information such that it is accessible to the customer. Additionally, the log information may be provided to other services such as a metrics service or intrusion detection service. Show less

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present.

The present disclosure provides a number of systems and associated processes for using machine-readable codes to perform a transaction. Embodiments of the present disclosure provide a system and associated processes for consolidating and replacing various forms of payment (e.g. credit cards, debit cards, and cash) with a single payment system. Further, embodiments of the present disclosure provide a system and associated processes for reordering a product provided by a product provider… Show more

The present disclosure provides a number of systems and associated processes for using machine-readable codes to perform a transaction. Embodiments of the present disclosure provide a system and associated processes for consolidating and replacing various forms of payment (e.g. credit cards, debit cards, and cash) with a single payment system. Further, embodiments of the present disclosure provide a system and associated processes for reordering a product provided by a product provider. Moreover, embodiments of the present disclosure provide a system and associated processes for accepting a gift, or gift transaction, associated with a gift card. In addition, embodiments of the present disclosure provide a system and associated processes for performing an Automatic Teller Machine (ATM) transaction using a machine-readable code. Show less

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the… Show more

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices, and using included routing information to identify and initiate external actions whose effects are not related to how network communications between computing nodes of the managed computer network are configured to be routed or otherwise forwarded through the managed computer network, such as external actions that affect devices that are not part of the managed computer network, or other types of external actions. Show less

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality… Show more

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage data communications between computing nodes of the inter-connected managed computer networks in accordance with client-specified configuration information. Show less

Methods and apparatus for automated multi-party cloud connectivity provisioning are disclosed. A system includes resources of a provider network, and a connectivity coordinator. The coordinator collects network service offering metadata of a plurality of connectivity providers using a first set of programmatic interfaces. In response to a connectivity query specifying connectivity parameters, the coordinator identifies, using at least a portion of the metadata, a collection of one or more… Show more

Methods and apparatus for automated multi-party cloud connectivity provisioning are disclosed. A system includes resources of a provider network, and a connectivity coordinator. The coordinator collects network service offering metadata of a plurality of connectivity providers using a first set of programmatic interfaces. In response to a connectivity query specifying connectivity parameters, the coordinator identifies, using at least a portion of the metadata, a collection of one or more connectivity providers of the plurality of connectivity providers capable of providing connectivity between a client network and a provider network endpoint in accordance with the connectivity parameters. In response to a connectivity establishment request, the coordinator initiates, using another programmatic interface, an activation of a network connection between the client network and a selected provider network endpoint. Show less

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners… Show more

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable.
Show less

Disclosed are various embodiments for configuring virtual private networks (VPNs). A request is made, through a service call, for creation of a VPN through a client VPN gateway and a server VPN gateway. In response to the service call, a generic gateway configuration document is received. The generic gateway configuration document is applicable to the client VPN gateway. The generic gateway configuration document is translated to a device-specific gateway configuration document.

Techniques are described for managing communications for a managed computer network by using a defined pool of alternative computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select a particular alternative intermediate… Show more

Techniques are described for managing communications for a managed computer network by using a defined pool of alternative computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select a particular alternative intermediate destination computing node from a defined pool to use for one or more particular communications from the source computing node to an indicated final destination, such as based on a configured logical network topology for the managed computer network and/or on one or more other selection criteria (e.g., to enable load balancing between the alternative computing nodes). The manager module then forwards those communications to the selected intermediate destination computing node for further handling. Show less

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the… Show more

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing cost information to update the configuration of the managed computer network, and/or includes determining actual cost information corresponding to use of an underlying substrate network and providing routing cost information to the client that reflects the determined actual cost information, so as to enable the client to modify the configuration of the managed computer network accordingly. Show less

Techniques are described for providing managed virtual computer networks that may have a configured logical network topology with one or more virtual networking devices, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. In some situations, the emulating of networking device functionality includes… Show more

Techniques are described for providing managed virtual computer networks that may have a configured logical network topology with one or more virtual networking devices, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. In some situations, the emulating of networking device functionality includes receiving routing communications directed to the networking devices and using included routing information to update the configured network topology for the managed computer network. In addition, the techniques may further include supporting interactions with devices that are external to the virtual computer network, including remote physical networking devices that are part of a remote computer network configured to interoperate with the virtual computer network, and/or specialized network devices that are accessible via a substrate network on which the virtual computer network is overlaid. Show less

Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by… Show more

Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network. Show less

Methods and apparatus for differential bandwidth metering in a network implementing direct peerings. A system includes a plurality of resource collections and a billing manager. The billing manager obtains a first metric of network traffic transmitted on behalf of a client to obtain one or more services from one or more resource collections. The billing manager also obtains a second metric of network traffic transmitted on behalf of the client over one or more private links, where each private… Show more

Methods and apparatus for differential bandwidth metering in a network implementing direct peerings. A system includes a plurality of resource collections and a billing manager. The billing manager obtains a first metric of network traffic transmitted on behalf of a client to obtain one or more services from one or more resource collections. The billing manager also obtains a second metric of network traffic transmitted on behalf of the client over one or more private links, where each private link is set up to establish a network path between a respective client network of the client and a respective resource collection of the plurality of resource collections. The billing manager provides composite billing information to the client comprising a differential billing amount dependent upon a difference between the first metric and the second metric. Show less

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality… Show more

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and one or more other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage routing communications between the inter-connected managed computer networks in accordance with client-specified configuration information. Show less

Methods and apparatus for interfaces to manage last-mile connectivity and dynamic reconfiguration for direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements an interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator determines a connectivity provider to provide last-mile connectivity to… Show more

Methods and apparatus for interfaces to manage last-mile connectivity and dynamic reconfiguration for direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements an interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator determines a connectivity provider to provide last-mile connectivity to the requester, and transmits a notification identifying the selected connectivity provider. Show less

In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data… Show more

In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data. When the content site receives a request for the private data from the user or optionally from other users (such as social networking friends), the server can send the encrypted user data to a client associated with the requesting user. This client, if operated by an authorized user, can decrypt the private data and present it to the authorized user. Show less

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality… Show more

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage data communications between computing nodes of the inter-connected managed computer networks in accordance with client-specified configuration information. Show less

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the… Show more

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information. Show less

Techniques are described for providing managed computer networks. In some situations, the techniques include managing communications for computing nodes of a managed computer network by using one or more particular computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module… Show more

Techniques are described for providing managed computer networks. In some situations, the techniques include managing communications for computing nodes of a managed computer network by using one or more particular computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select one or more particular intermediate destination computing nodes to use for one or more particular communications from the source computing node to an indicated final destination, such as based on a configured logical network topology for the managed computer network. The manager module then forwards those communications to a first of the selected intermediate destination computing nodes for further handling. Show less

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the… Show more

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing cost information to update the configuration of the managed computer network, and/or includes determining actual cost information corresponding to use of an underlying substrate network and providing routing cost information to the client that reflects the determined actual cost information, so as to enable the client to modify the configuration of the managed computer network accordingly. Show less

A computing data center that contains a set of physically isolatable units of computing resources for which a physical security exception action plan is to be provided. Upon determining that a security event has occurred for one or more physically isolatable units, the computing data center implements physical security settings on potentially affected computing resources so that a physical security exception action plan can be met. The computing data center may, for example, remove data from… Show more

A computing data center that contains a set of physically isolatable units of computing resources for which a physical security exception action plan is to be provided. Upon determining that a security event has occurred for one or more physically isolatable units, the computing data center implements physical security settings on potentially affected computing resources so that a physical security exception action plan can be met. The computing data center may, for example, remove data from the physically isolatable units and make the removed data available elsewhere. Show less

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For… Show more

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable. Show less

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For… Show more

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable. Show less

Systems and methods involve receiving a connectivity subscription request for one or more connections, such as a virtual private network (VPN) connection. A connectivity subscription request may be received through an application programming interface (API) call and the connectivity subscription request may indicate that a user associated with a connection wants to receive a notification when a connectivity event occurs. A connectivity event can occur when changes to the connection are… Show more

Systems and methods involve receiving a connectivity subscription request for one or more connections, such as a virtual private network (VPN) connection. A connectivity subscription request may be received through an application programming interface (API) call and the connectivity subscription request may indicate that a user associated with a connection wants to receive a notification when a connectivity event occurs. A connectivity event can occur when changes to the connection are detected, such as when the connection becomes active, when the connection becomes inactive, or when one or more tunnel connections related to the connection becomes disconnected. A potential problem associated with the connectivity event may be detected and a potential solution to the problem may be determined. The potential solution can be sent to a user associated with the connectivity event. Show less

Disclosed are various embodiments for configuring logical networks. A client makes a request, through a service call, for creation of a logical network, including a logical network gateway and accounts for users to access the logical network gateway. In response to the service call, the logical network is created and configured, and a confirmation is provided to the client.

Techniques are described for providing a managed computer network, such as for a managed virtual computer network overlaid on another substrate computer network, and including managing communications for computing nodes of the managed computer network by using one or more particular hardware devices connected to the substrate computer network to operate as a logical network node of the managed computer network that acts as an intermediate destination to provide one or more types of… Show more

Techniques are described for providing a managed computer network, such as for a managed virtual computer network overlaid on another substrate computer network, and including managing communications for computing nodes of the managed computer network by using one or more particular hardware devices connected to the substrate computer network to operate as a logical network node of the managed computer network that acts as an intermediate destination to provide one or more types of functionality for at least some communications that are sent by and/or directed to one or more computing nodes of the managed computer network. For example, a communication manager module associated with a source computing node for the managed computer network may determine to direct a communication from the source computing node over the substrate network to one or more substrate hardware devices that represent a particular intermediate destination network node of the managed computer network. Show less

Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity… Show more

Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity. Show less

Disclosed are various embodiments for allocating shared resources. A request to allocate a shared isolating resource is received. The shared isolating resource operates to isolate a plurality of customer resources in a multi-tenant environment. In response to the request to allocate, a least recently deallocated shared isolating resource is removed from a pool of available shared isolating resources. The least recently deallocated shared isolating resource is provided to at least one device… Show more

Disclosed are various embodiments for allocating shared resources. A request to allocate a shared isolating resource is received. The shared isolating resource operates to isolate a plurality of customer resources in a multi-tenant environment. In response to the request to allocate, a least recently deallocated shared isolating resource is removed from a pool of available shared isolating resources. The least recently deallocated shared isolating resource is provided to at least one device using the shared isolating resource. Show less

Methods and apparatus for dynamic bandwidth management using routing signals in a network implementing direct peerings. A system includes a resource collection, an endpoint device connected to a private link of a network path to a client network, and a bandwidth manager. The bandwidth manager receives configuration settings of the client, comprising a baseline transmission rate of traffic. The bandwidth manager determines whether a difference between a measured transmission rate of traffic over… Show more

Methods and apparatus for dynamic bandwidth management using routing signals in a network implementing direct peerings. A system includes a resource collection, an endpoint device connected to a private link of a network path to a client network, and a bandwidth manager. The bandwidth manager receives configuration settings of the client, comprising a baseline transmission rate of traffic. The bandwidth manager determines whether a difference between a measured transmission rate of traffic over one or more network paths linking the resource collection and the client network, and a peak transmission capacity of the one or more network paths, exceeds a threshold value. In response to a determination that the difference exceeds the threshold value, the bandwidth manager initiates a transmission of a routing signal to the client network indicative of an available transmission rate that differs from the baseline transmission rate. Show less

In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data… Show more

In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data. When the content site receives a request for the private data from the user or optionally from other users (such as social networking friends), the server can send the encrypted user data to a client associated with the requesting user. This client, if operated by an authorized user, can decrypt the private data and present it to the authorized user. Show less

In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data… Show more

In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data. When the content site receives a request for the private data from the user or optionally from other users (such as social networking friends), the server can send the encrypted user data to a client associated with the requesting user. This client, if operated by an authorized user, can decrypt the private data and present it to the authorized user. Show less

Methods and apparatus for interfaces to manage service marketplaces accessible via direct network peerings. A system may include a plurality of resource collections and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. A first client may implement a service using one of the resource collections. The coordinator may use the interface to notify a second client that the service implemented by the first client is accessible via a… Show more

Methods and apparatus for interfaces to manage service marketplaces accessible via direct network peerings. A system may include a plurality of resource collections and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. A first client may implement a service using one of the resource collections. The coordinator may use the interface to notify a second client that the service implemented by the first client is accessible via a dedicated direct physical link set up on behalf of the second client. In response to a subscription request for the service, the coordinator performs one or more configuration operations to enable a request for the service from the second client to be routed using the second client's dedicated physical link. Show less

One embodiment of the present disclosure provides a system and associated processes for monitoring a customer's product purchases and product consumption. Further, the system enables the customer to maintain customer-selected preferences by presenting to the customer product information associated with the customer preferences and a product. In one embodiment, the system can monitor the consumption of products over a predefined period of time to facilitate the customer maintaining the customer… Show more

One embodiment of the present disclosure provides a system and associated processes for monitoring a customer's product purchases and product consumption. Further, the system enables the customer to maintain customer-selected preferences by presenting to the customer product information associated with the customer preferences and a product. In one embodiment, the system can monitor the consumption of products over a predefined period of time to facilitate the customer maintaining the customer preferences over the predefined period of time. In one embodiment, the system can present alternative product purchases based on a selected product and the customer preferences. In one embodiment, the system can facilitate monitoring nutrition consumption. In one embodiment, the system can facilitate monitoring pharmaceutical use. In one embodiment, the system can facilitate the customer making environmentally conscious purchases. In one embodiment, the system can present the customer with environmental offset options to help maintain customer environmental preferences. Show less

Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network, including for communications between computing nodes of the managed virtual computer network connected to the substrate network and other network nodes external to the substrate network. The managed virtual computer network may have multiple associated virtual network addresses, with each of the computing nodes being associated with at least one of the… Show more

Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network, including for communications between computing nodes of the managed virtual computer network connected to the substrate network and other network nodes external to the substrate network. The managed virtual computer network may have multiple associated virtual network addresses, with each of the computing nodes being associated with at least one of the virtual network addresses, and with one or more external network nodes being integrated into the managed virtual computer network based at least in part by associating one or more other of the virtual network addresses with the external network nodes. The managing of the communications may further include using one or more translation manager modules that interconnect the substrate network with one or more external networks or other external connections via which the external network nodes are accessible. Show less

Techniques are described for providing managed virtual computer networks that may have a configured logical network topology with one or more virtual networking devices, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. In some situations, the emulating of networking device functionality includes… Show more

Techniques are described for providing managed virtual computer networks that may have a configured logical network topology with one or more virtual networking devices, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. In some situations, the emulating of networking device functionality includes receiving routing communications directed to the networking devices and using included routing information to update the configured network topology for the managed computer network. In addition, the techniques may further include supporting interactions with devices that are external to the virtual computer network, including remote physical networking devices that are part of a remote computer network configured to interoperate with the virtual computer network, and/or specialized network devices that are accessible via a substrate network on which the virtual computer network is overlaid. Show less

A system and associated processes for consolidating and replacing various forms of payment (e.g. credit cards, debit cards, and cash) with a single payment system is presented. A client system can read a machine-readable code generated by a merchant system associated with a merchant, or other product or service provider, and present the information encoded by the machine-readable code to a customer. Upon receiving confirmation that the customer desires to proceed with the transaction, the… Show more

A system and associated processes for consolidating and replacing various forms of payment (e.g. credit cards, debit cards, and cash) with a single payment system is presented. A client system can read a machine-readable code generated by a merchant system associated with a merchant, or other product or service provider, and present the information encoded by the machine-readable code to a customer. Upon receiving confirmation that the customer desires to proceed with the transaction, the client system can initiate payment by contacting a payment system associated with the customer. This payment system can then transfer payment to the merchant by, for example, transferring cash from the customer's account or using credit associated with the customer's account. Thus, embodiments of the present disclosure enable a customer to complete a transaction without using, for example, cash, a credit card, or a debit card. Show less

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality… Show more

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and one or more other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage routing communications between the inter-connected managed computer networks in accordance with client-specified configuration information. Show less

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality… Show more

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage data communications between computing nodes of the inter-connected managed computer networks in accordance with client-specified configuration information. Show less

Techniques are described for providing load balancing functionality among multiple computing nodes. In some situations, the provided load balancing functionality includes dynamically scaling a group of multiple computing nodes for which the load balancing is performed, such as to dynamically expand and/or shrink the quantity of computing nodes in the group based on predefined criteria. At least some of the computing nodes of a group may be part of one or more physical computer networks in one… Show more

Techniques are described for providing load balancing functionality among multiple computing nodes. In some situations, the provided load balancing functionality includes dynamically scaling a group of multiple computing nodes for which the load balancing is performed, such as to dynamically expand and/or shrink the quantity of computing nodes in the group based on predefined criteria. At least some of the computing nodes of a group may be part of one or more physical computer networks in one or more geographical locations under control of a user or other entity, and at least some of the dynamic scaling of the group may use one or more other computing nodes that are part of a remote computer network (e.g., a virtual computer network provided under the control of a network-accessible service). The defined criteria used for the dynamic scaling may be determined in various manners and based on various factors. Show less

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the… Show more

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices, and using included routing information to identify and initiate external actions whose effects are not related to how network communications between computing nodes of the managed computer network are configured to be routed or otherwise forwarded through the managed computer network, such as external actions that affect devices that are not part of the managed computer network, or other types of external actions. Show less

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the… Show more

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices, and using included routing information to identify and initiate external actions whose effects are not related to how network communications between computing nodes of the managed computer network are configured to be routed or otherwise forwarded through the managed computer network, such as external actions that affect devices that are not part of the managed computer network, or other types of external actions. Show less