US 12,107,763 B2
Virtual network interfaces for managed layer-2 connectivity at computing service extension locations
Eric Samuel Stone, Seattle, WA (US); Anthony Nicholas Liguori, Bainbridge Island, WA (US); Jonathan Mullen, Seattle, WA (US); Matthew Browne Barr, Arlington, VA (US); Steven Anthony Kady, Seattle, WA (US); Steven Douglas Robinson, Bellevue, WA (US); Tal Avraham, Seattle, WA (US); Tatiana Cooke, Seattle, WA (US); Clint Joseph Sbisa, Seattle, WA (US); Vitaly Ostrovsky, Rehovot (IL); Jonathan Chocron, Netanya (IL); Avigdor Segal, Netanya (IL); and Abhishek Katuluru, Redmond, WA (US)
Assigned to Amazon Technologies, Inc., Seattle, WA (US)
Filed by Amazon Technologies, Inc., Seattle, WA (US)
Filed on Nov. 29, 2021, as Appl. No. 17/537,232.
Prior Publication US 2023/0171189 A1, Jun. 1, 2023
Int. Cl. H04L 45/00 (2022.01); H04L 12/46 (2006.01); H04L 45/745 (2022.01); H04L 61/5007 (2022.01)
CPC H04L 45/66 (2013.01) [H04L 12/4641 (2013.01); H04L 45/745 (2013.01); H04L 61/5007 (2022.05)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
a control plane server of a virtualized computing service of a provider network, wherein the control plane server is located at a data center of the provider network; and
a networking manager of an extension server of the virtualized computing service, wherein the extension server is located at a premise external to the provider network;
wherein the control plane server is configured to:
cause attachment of a cloud-access virtual network interface to a compute instance of the virtualized computing service, wherein the compute instance runs at the extension server, and wherein the cloud-access virtual network interface is assigned a first Internet Protocol (IP) address from a range of IP addresses of an isolated virtual network configured at the virtualized computing service; and
cause attachment of a local-premise-access virtual network interface to the compute instance, wherein the local-premise-access virtual network interface is assigned a particular media access control (MAC) address by the control plane server, and wherein the local-premise-access virtual network interface is not assigned an IP address from the range of network addresses of the isolated virtual network; and
wherein the networking manager is configured to:
in response to determining at least that a first data link layer frame received at the extension server comprises a first IP packet with a destination address within a set of virtualization host network addresses of a substrate network of the virtualized computing service,
utilize an encapsulation protocol of the virtualized computing service to extract a second IP packet from the first IP packet; and
in response to determining that the destination address of the second IP packet matches the first IP address, deliver the second IP packet to the compute instance; and
in response to determining that a destination MAC address of a second data link layer frame received at the extension server matches the particular MAC address, wherein the second data link layer frame does not comprise an IP packet with the destination address of the first IP packet, deliver, without utilizing the encapsulation protocol, at least a portion of contents of the second data link layer frame to the compute instance.