US 11,659,058 B2
Provider network connectivity management for provider network substrate extensions
Anthony Nicholas Liguori, Bainbridge Island, WA (US); Eric Samuel Stone, Seattle, WA (US); Richard H. Galliher, Seattle, WA (US); David James Goodell, Seattle, WA (US); Patrick John Lawrence, Bothell, WA (US); Yang Lin, Seattle, WA (US); William Ashley, Seattle, WA (US); and Steven Anthony Kady, Seattle, WA (US)
Assigned to Amazon Technologies, Inc., Seattle, WA (US)
Filed by Amazon Technologies, Inc., Seattle, WA (US)
Filed on Jun. 28, 2019, as Appl. No. 16/457,824.
Prior Publication US 2020/0412824 A1, Dec. 31, 2020
Int. Cl. H04L 67/561 (2022.01); H04L 12/46 (2006.01); H04L 67/564 (2022.01)
CPC H04L 67/561 (2022.05) [H04L 12/4633 (2013.01); H04L 12/4641 (2013.01); H04L 67/564 (2022.05)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
obtaining, by a first service of a provider network, an identification of one or more substrate addressable devices included in an extension of the provider network, wherein the extension of the provider network comprises provider hardware resources deployed at a customer-selected site within a customer network, and wherein the provider hardware resources comprise a provider-managed server; and
based on the identification, initiating, by the first service, a launch of a plurality of compute instances within the provider network by a second service of the provider network, wherein the plurality of compute instances connect the provider network to the extension of the provider network via at least a third-party network, wherein the plurality of compute instances include:
a first compute instance to establish a secure tunnel to the extension of the provider network via the third-party network; and
a second compute instance to proxy control plane traffic to a first substrate addressable device of the one or more substrate addressable devices, wherein the second compute instance is to:
receive a first control plane message directed to the first substrate addressable device;
update a message state data store based at least in part on the first control plane message; and
send a second control plane message to the first compute instance for transmission to the first substrate addressable device via the secure tunnel.