US 11,855,893 B2
Tag-based cross-region segment management
Anoop Dawani, Redmond, WA (US); Bashuman Deb, Aldie, VA (US); Baihu Qian, Chicago, IL (US); Omer Hashmi, Bethesda, MD (US); Nick Matthews, Westminster, CO (US); Shridhar Kulkarni, Seattle, WA (US); Thomas Nguyen Spendley, Rockville, MD (US); Steve Ge, Potomac, MD (US); Justin Lin Hsieh, Chicago, IL (US); Guru Kannan, Chantilly, VA (US); and Alok Mishra, Redmond, WA (US)
Assigned to Amazon Technologies, Inc., Seattle, WA (US)
Filed by Amazon Technologies, Inc., Seattle, WA (US)
Filed on Nov. 24, 2021, as Appl. No. 17/456,548.
Prior Publication US 2023/0164076 A1, May 25, 2023
Int. Cl. H04L 45/745 (2022.01); H04L 12/66 (2006.01); H04L 12/46 (2006.01)
CPC H04L 45/745 (2013.01) [H04L 12/4641 (2013.01); H04L 12/66 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A system comprising:
a plurality of gateway nodes, wherein individual gateway nodes of the plurality of gateway nodes are configured to route network traffic associated with a corresponding region-based autonomous system of a plurality of region-based autonomous systems of a provider network; and
a control server comprising one or more processors and executable instructions, wherein the control server is programmed to at least:
obtain policy data for a virtual private cloud-based wide area network, wherein the policy data specifies that the virtual private cloud-based wide area network is to be implemented using at least a first region-based autonomous system and a second region-based autonomous system of the provider network;
establish a first segment of the virtual private cloud-based wide area network using at least a first gateway node in the first region-based autonomous system and a second gateway node in the second region-based autonomous system, wherein at least one routing policy of the first segment is established based on the policy data, wherein at least a first portion of traffic in the first segment is to be isolated from at least a second portion of traffic in a second segment of the virtual private cloud-based wide area network, and wherein both the first portion of traffic and the second portion of traffic transit the first region-based autonomous system and the second region-based autonomous system;
determine, based on a tag associated with a first isolated network of the provider network, to enable communications between the first isolated network and a second isolated network over the first segment, wherein the policy data specifies that isolated networks associated with the tag are to be enabled to communicate over the first segment, and wherein the first isolated network comprises one of: a virtual private cloud, a virtual private network, a software-defined wide area network, or a direct connection to a client on-premise network; and
enable communications between the first isolated network and the second isolated network over the first segment.