CROSS-REFERENCE TO RELATED APPLICATIONS

[0001] The present application claims the benefit of the filing date of U.S. Provisional

Application No. 62/929,392, filed November 1, 2019, entitled VPC Auto-Peering, the disclosure of which is hereby incorporated herein by reference.

BACKGROUND

[0002] Currently, if cloud customers want to create a network of virtual private clouds (VPCs) peered with each other, they must explicitly configure connections on both sides of the peering. In particular, each VPC must specify an explicit peering configuration towards the other VPC, which can result in a large number of explicit configurations for the cloud customer to setup. For example, if a VPC hub was to connect with 600 other VPCs, the VPC hub would require 600 configurations and each of the 600 other VPCs would require its own configuration. In addition to creating the configurations, the configurations must be maintained. The larger the number of peerings, the more effort is required in creating and maintaining configurations.

BRIEF SUMMARY

[0003] The present disclosure provides a possible way to create auto-peering relationships between virtual networks, such as VPCs, without the need for explicit bi-directional configuration. In this regard, customers are provided with an easy, abbreviated way to automatically create a large number of peerings through policy.

[0004] One aspect of the disclosure provides a method, including operating, by a first virtual private cloud (VPC), in a first mode, wherein the first mode enables automatic peering with a second VPC, identifying, by the first VPC, a second VPC, automatically requesting, by the first VPC without operator intervention, to initiate peering with the second VPC, and establishing, by the first VPC, the peering connection when the request is accepted by the second VPC.

[0005] According to some examples, the method may further include determining, by the first

VPC, whether the identified second VPC meets one or more predefined policies. The one or more predefined policies may specify whether an organization in which the second VPC is included is approved for peering. According to some examples, the one or more predetermined policies may further specify whether a project in the organization in which the second VPC is included is approved for peering. In some examples, the one or more policies limit exchange of subnets and routes.

[0006] According to some implementations, the method may further include pushing an automatic peering filtering policy to the second VPC.

[0007] The second VPC may be operating in either the first mode or in a second mode, wherein the second VPC listens for automatic peering requests.

[0008] Another aspect of the disclosure provides a method, including operating, by a second virtual private cloud (VPC), in a second mode, wherein the second VPC in the second mode listens for automatic peering requests from a first VPC, receiving, by the second VPC, a request from the first VPC to initiate peering with the second VPC, determining, by the second VPC, whether to peer with the first VPC based on one or more policies, and automatically peering, by the second VPC without operator intervention, with the first VPC when the first VPC is approved according to the one or more policies. [0009] According to some examples, the one or more policies may specify whether an organization in which the first VPC is included is approved for peering. The one or more policies may further specify whether a project in the organization in which the first VPC is included is approved for peering.

[0010] In some examples, the one or more policies may limit exchange of subnets and routes.

The method may further include pushing an automatic peering filtering policy to the first VPC. The first VPC may operate in a first mode in which automatic peering is enabled.

[0011] Yet another aspect of the disclosure provides a system, including a plurality of virtual machines in a first virtual private cloud (VPC), a controller coupled to the plurality of virtual machines. The controller includes one or more processors configured to operate the first VPC in a first mode, wherein the first mode enables automatic peering with a second VPC, identify a second VPC, automatically request, by the first VPC without operator intervention, to initiate peering with the second VPC, and establish the peering connection between the first VPC and the second VPC when the request is accepted by the second VPC.

[0012] In some implementations, the one or more processors are further configured to determine whether the identified second VPC meets one or more predefined policies. The one or more predefined policies may specify whether an organization in which the second VPC is included is approved for peering. The one or more predetermined policies may further specify whether a project in the organization in which the second VPC is included is approved for peering. The one or more policies may limit exchange of subnets and routes.

[0013] According to some examples, the one or more processors are further configured to push an automatic peering filtering policy to the second VPC.

[0014] In some implementations, the controller may be further configured to operate the first

VPC to identify a third VPC, automatically request, by the first VPC without operator intervention, to initiate peering with the third VPC, and establish the peering connection between the first VPC and the third VPC when the request is accepted by the third VPC.

BRIEF DESCRIPTION OF THE DRAWINGS

[0015] Fig. 1A is a block diagram illustrating an example of automatic peering according to aspects of the disclosure.

[0016] Fig. IB is a block diagram illustrating an example of automatic peering using a controller for policy matching according to aspects of the disclosure.

[0017] Fig. 1C is a block diagram illustrating an example of automatic peering within user- defined groups according to aspects of the disclosure.

[0018] Fig. 2 is a relational block diagram illustrating different VPCs according to aspects of the disclosure. [0019] Fig. 3 is a block diagram illustrating components of a VPC according to aspects of the disclosure.

[0020] Fig. 4 is a block diagram illustrating an example use case according to aspects of the disclosure.

[0021] Fig. 5 is a block diagram illustrating another example use case according to aspects of the disclosure.

[0022] Fig. 6 is a flow diagram illustrating an example method according to aspects of the disclosure.

[0023] Fig. 7 is a flow diagram illustrating another example method according to aspects of the disclosure.

DET AILED DESCRIPTION

[0024] Fig. 1A illustrates an example of automatic peering between VPCs. The auto-peering is created at a VPC level, and is a VPC-level configuration. While the examples herein describe automatic peering between VPCs, it should be understood that the VPCs may include any of a variety of types of virtual network.

[0025] The VPCs may be configured to operate in one or more modes. For example, a VPC may have an “auto-peering” mode, allowing for automatic peering to be turned on or off. When auto- peering is turned on for a particular VPC, that VPC may seek connections with other VPCs, such as other VPCs matching one or more predefined policies. In addition, the particular VPC with auto-peering turned on may be open to accept connection requests from other VPCs matching one or more predefined policies. The policies for requesting connection may be the same as or different than the policies for accepting connection requests. According to some examples, a VPC may be set to a “listening” mode, in which it is open to peering with any other VPC that matches a predefined policy, but is not actively seeking to establish other connections.

[0026] According to some examples, a VPCs peering mode (automatic and/or listening) can vary based on peering policy. For example, VPC A could operate in listening mode for peering requests from VPCs with names starting with the letter 'b', in peering only, e.g., connection-seeking only, mode for VPCs with names starting with the letter "c", and in peering+listening mode for VPCs having names starting with "d".

[0027] As shown in Fig. 1A, VPC A 50 may be set to listening mode. As such, VPC A 50 is open to accepting requests from other VPCs 70, such as VPC Ni, VPC N _m , etc. While only a few other VPCs 70 are shown, it should be understood that the VPC A 50 may accept connections from any number of other VPCs.

[0028] The VPC A 50 may determine whether or not to accept connection from the other

VPCs 70. For example, the VPC A 50 may determine whether another VPC, such as VPC Ni, matches a predefined policy. [0029] According to one example, the policies may include import/export filtering policies for limiting the sharing of subnets & routes between peered VPCs. Such policies may include one or more rules for accepting connection requests. Such rules may specify, for example, specific organizations, projects within the organizations, and/or VPCs within the projects that are approved for connection. According to some examples, such policies may include access rights. For example, such access rights may be assigned by an organization to which the VPC belongs or other entity having control over the VPC.

[0030] While some policies may specify that any VPCs within a given organization are approved, for example, other policies may specify that only a select few VPCs within a particular project of another organization are approved. Moreover, some policies may expressly indicate particular VPCs, projects, or organizations for which connection requests should be denied.

[0031] Fig. IB illustrates another example, wherein a controller 10 facilitates automatic peering between VPCs. For example, each VPC 50, 72, 74 may have an associated peering policy. The peering policy may provide rules for the peering that is allowed by the associated VPC. For example, the rules may indicate other particular VPCs that are allowed, other types of VPCs, locations, owners, or other information corresponding to the VPCs. The policies may be stored at each VPC 50, 72, 74, at the controller 10, or independently in a memory device accessible by the controller 10.

[0032] The controller 10 may access the peering policies of the VPCs, and compare them.

Based on the comparison, the controller 10 may determine which of the VPCs 50, 72, 74 can establish peering with one another. In the example shown, the controller 10 determines that the peering policy of VPC A 50 allows for peering with VPC B 72, and that the peering policy of VPC B 72 allows for peering with VPC A 50. Accordingly, the controller indicates to the VOCs 50, 72 that they may peer with one another. This indication may include, for example, a message or instructions transmitted from the controller to the VPC 50, 72. In other examples, the indication may be stored at the controller 10 or elsewhere at an address that can be periodically accessed by the VPCs to identify the determined peerings that are allowed.

[0033] Fig. 1C is a block diagram illustrating an example of automatic peering within a group.

For example, groups of VPCs may be defined by users, such as administrators of organizations or other types of users. The VPCs may be added to the group based on any of a number of characteristics of the VPCs, such as policies, owners, locations, utilization, types of applications or jobs handled, etc.

[0034] When one or more VPCs are added to a group, the VPCs may automatically peer with the others within the group. For example, as shown, the group includes VPC A 50, VPC B 72, and VPC C 74. In some examples, the VPCs 50, 72, 74 may be notified of their inclusion in the group, and may be notified of the other VPCs in the group. Accordingly, each of these VPCs 50, 72, 74 may peer with each other VPC in the group.

[0035] Referring to Fig. 2, for example, Organization A may include a number of projects

240. Organization A may be, for example, a company with operations in one or more physical locations/buildings, an enterprise, or any other business, association, or the like. According to some examples, the Organization A may be represented by a unique organization identifier that is recognizable by other organizations, such as Organization B.

[0036] Each of the projects 240 may be, for example, a subsidiary or other subunit of the organization, a product or application, a department, team, platform, etc. Each project may include one or more VPCs 250-254. While a few VPCs are shown in Fig. 2, it should be understood that any number of VPCs may be included in a given project. Moreover, a given VPC may in some instances be included in multiple different projects within the organization at the same time.

[0037] Similar to Organization A, a separate Organization B may include one or more projects

260, each project including zero or more VPCs 270, 272. Organization B may be unrelated to Organization A. In other examples, Organization B may do business with Organization A or otherwise utilize information from Organization A. By way of example only, Organization A may be a company that offers a database service (project 1), whereas Organization B may be a separate company with a web frontend (project 2) that uses the database service. Accordingly, VPC 270 of Organization B may seek to connect with VPC 250 of Organization A.

[0038] If the VPCs no longer need to have explicit peering configurations, a local filtering policy may be implemented. The local filtering policy may be a filtering policy that limits the exchange of subnets & routes, and it may be applied at the VPC configuration level.

[0039] According to another example, the policies may include a peer filtering policy.

Referring back to Fig. 1A, for example, if the VPC A 50 is only configured to accept auto-peering requests, with no import/export policies, then it may be able to accept a peer filtering policy. In this regard, an initiating VPC 70, e.g., VPC Ni, should be able to push an import/export policy to the VPC A 50.

[0040] When peering is automatically created, the filtering policies may in some examples be expressed on a creating VPC, such as VPC Nl seeking to initiate a connection with VPC A 50. In other examples, the filtering policies may be expressed on an accepting VPC, such as the VPC A that accepts the request from the VPC Nl.

[0041] Where the filtering policies are expressed on the creating VPC, the filtering policies for the creating VPC may be configured at the VPC level as auto-peering-local-filtering-policy. The filtering policies for the accepting VPCs may be configured on the creating VPC as auto-peering-peer- filtering-policy.

[0042] Where the filtering policies are expressed on the accepting VPC, the accepting VPC could also configure its own local policies for filtering as auto-peering-local-filtering-policy. The accepting VPC could also optionally push a filtering policy to the creating VPC as auto-peering-peer- filtering-policy. A local-policy may take precedence over a peer-filtering-policy pushed by a peer.

[0043] In some cases, one VPC may have only a single import/export policy for all its auto created peers. In other cases, different sets of filtering policies may be applied to different sets of auto created VPCs. In this case, multiple auto-create/auto-accept policies may be allowed with corresponding filtering policies. [0044] Fig. 3 illustrates an example VPC. The VPC may include a number of computing devices, such as virtual machines 362-366, a load balancer 370, and a controller 390. While only a few of these computing devices are shown, it should be understood that each VPC may include any number of computing devices, and that the number of computing devices in a first VPC may differ from a number of computing devices in a second VPC. Moreover, it should be understood that the number of computing devices in each VPC may vary over time, for example, as hardware is removed, replaced, upgraded, or expanded.

[0045] According to some examples, the computing devices may include one or more virtual machines 362-366 running on one or more host machines. Each of the virtual machines 362-366 may run an operating system and applications. While only a few virtual machines 362-366 are illustrated in Fig.2, it should be understood that any number of virtual machines may be supported by any number of host computing devices. Moreover, it should be understood that the configuration illustrated in Fig. 3 is merely an example, and that the computing devices in each VPC may have various structures and components that may be the same or different from one another.

[0046] The load balancer 370 may distribute jobs or tasks among the virtual machines 362-

366. For example, the computing devices may have different capacities. For example, the different computing devices may have different processing speeds, workloads, etc. For example, as commands are received to execute new tasks, the load balancer 370 may determine which virtual machine 362-366 is responsible for handling the new task. Moreover, the load balancer 370 may monitor computing capacity of each of the virtual machines 362-366 and make adjustments as needed. For example, if one virtual machine fails, the load balancer 370 may move its processes over to one or more other virtual machines. In other examples, if one virtual machine is near capacity while another has availability, the load balancer 370 may move jobs, or may only send new jobs to the virtual machine with availability.

[0047] The controller 390 may communicate with the computing devices in the VPC and in other VPCs. For example, the controller 390 receives connection requests from other VPCs and determines whether to accept the connection. As another example, the controller 390 may look for other VPCs matching predefined policies, and initiate connection requests to those VPCs.

[0048] The controller 390 may contain a processor 398, memory 392, and other components typically present in general purpose computers. The memory 392 can store information accessible by the processor 398, including instructions 396 that can be executed by the processor 398. Memory can also include data 394 that can be retrieved, manipulated or stored by the processor 398.

[0049] The memory 392 may be a type of non-transitory computer readable medium capable of storing information accessible by the processor 398, such as a hard-drive, solid state drive, tape drive, optical storage, memory card, ROM, RAM, DVD, CD-ROM, write-capable, and read-only memories. The processor 398 can be a well-known processor or other lesser-known types of processors. Alternatively, the processor 398 can be a dedicated controller such as an ASIC.

[0050] The instructions 396 can be a set of instructions executed directly, such as machine code, or indirectly, such as scripts, by the processor 398. In this regard, the terms "instructions," "steps" and "programs" can be used interchangeably herein. The instructions 396 can be stored in object code format for direct processing by the processor 398, or other types of computer language including scripts or collections of independent source code modules that are interpreted on demand or compiled in advance.

[0051] The data 394 can be retrieved, stored or modified by the processor 398 in accordance with the instructions 396. For instance, although the system and method is not limited by a particular data structure, the data 394 can be stored in computer registers, in a relational database as a table having a plurality of different fields and records, or XML documents. The data 394 can also be formatted in a computer-readable format such as, but not limited to, binary values, ASCII or Unicode. Moreover, the data 394 can include information sufficient to identify relevant information, such as numbers, descriptive text, proprietary codes, pointers, references to data stored in other memories, including other network locations, or information that is used by a function to calculate relevant data.

[0052] As shown in the example of Fig. 3, the data 394 may include one or more policies for automatically peering with external VPCs. For example, the policies may include import/export policies, peer filtering policies, local filtering policies, etc. The policies may be accessed to determine whether to initiate or accept a request. According to some examples, the policies may be pushed to external VPCs with which a connection is sought.

[0053] Although Fig. 3 functionally illustrates the processor 398 and memory 392 as being within the same block, the processor 398 and memory 392 may actually include multiple processors and memories that may or may not be stored within the same physical housing. For example, some of the instructions 396 and data 394 can be stored on a removable CD-ROM and others within a read-only computer chip. Some or all of the instructions and data can be stored in a location physically remote from, yet still accessible by, the processor 398. Similarly, the processor 398 can actually include a collection of processors, which may or may not operate in parallel.

[0054] Fig. 4 illustrates a first example use case, where VPCs are peered in a hub-and-spoke model. For example, VPC A 450 may be the hub. Accordingly, the hub VPC A 450 sets itself to a listening or acceptance mode. The VPC A 450 allows a plurality of “spoke” VPCs 461-465 to connect to it. Each of the spoke VPCs 461-465 may connect to the hub VPC 450 at a different time, for example, as the spoke VPCs 461-465 are established, as they require collaboration with the hub VPC 450, or at any other time. Similarly, the spoke VPCs 461-465 may remain peered with the hub VPC 450 for different durations of time. Accordingly, while in some instances all of the VPCs 461-465 may be peered with the hub VPC 450 at a same time, in other instances only a subset of the spoke VPCs 461-465 may be peered at a given time. In this regard, when multi-tenant services expose a service, new client VPCs can connect to it as they arise and are allowed by IAM policy.

[0055] Fig. 5 illustrates another example use case, where a plurality of VPCs 552-558 are peered in a full-mesh model. In this model, each VPC is peered with each other VPC. For example, all VPCs in an organization may be peered with each other. A policy could be applied on all VPCs 552-558 to create the auto-peerings. In this case, the VPCs on both sides of the peering want to peer, and therefore a distinction between creating VPC or accepting VPC is less relevant. Accordingly, all VPCs 552-558 could configure auto-peering-create and/or auto-peering-accept, and VPCs 552-558 may be able to auto-calculate and create their peerings.

[0056] While Figs. 4 and 5 illustrate two different example use cases, it should be understood that further use cases are also possible. By way of example only, some VPCs may be peered with some other VPCs, such as a mesh model where some VPCs may not be peered with every other VPC.

[0057] Example Methods

[0058] In addition to the operations described above and illustrated in the figures, various operations will now be described. It should be understood that the following operations do not have to be performed in the precise order described below. Rather, various steps can be handled in a different order or simultaneously, and steps may also be added or omitted.

[0059] Fig. 6 illustrates an example method 600 of automatic peering between VPCs. The method 800 may be performed, by way of example only, by a controller within a first VPC and a controller within a second VPC, such as the controller described in connection with Fig. 2.

[0060] In block 605, the first VPC operates in an automatic peering mode. In this mode, the first VPC may search for other VPCs that are configured to allow automatic peering. At a same time, in block 650, the second VPC operates in either an automatic peering mode or a listening mode, in which it is configured to accept requests to initiate peering from other VPCs. According to some examples, the second VPC may seek connections and listen for requests in automatic peering mode, but only listen for requests in listening mode.

[0061] In block 610, the first VPC may detect the second VPC. For example, the second VPC may broadcast some information that is detectable by the first VPC. According to another example, a centralized configuration model may implement auto-peering. Any of a variety of different mechanisms may be used to detect the second VPC, and in some instances such mechanisms may be dependent on the architecture.

[0062] In block 615, the first VPC determines whether to initiate peering with the second

VPC. For example, the first VPC references one or more profiles, which may be stored at the VPC or remotely. The one or more profiles include rules for determining which VPCs to initiate peering. For example, the one or more profiles may specify organization identifiers, project identifiers, and/or VPC identifiers for approved VPCs. The one or more profiles may further list particular organizations, projects, or VPCs with which the first VPC should not attempt to initiate peering. In block 620, the first VPC decides whether or not to initiate peering with the second VPC. If it is decided not to initiate peering, the process may return to block 605.

[0063] If the first VPC decides to initiate peering in block 620, it will initiate the peering in block 625. For example, the first VPC may send a request to the second VPC. The request may include, for example, information identifying the first VPC. According to some examples, the request may include further information, such as a duration of time for which peering is requested, other VPCs to which the first VPC is peered, etc. In block 655, the second VPC receives the peering request from the first VPC.

[0064] In block 660, the second VPC determines whether to peer with the first VPC. For example, the second VPC may consult one or more of its automatic peering profiles. Such profiles may specify particular VPCs with which the second VPC should peer. In specifying the particular VPCs, the profiles may specify organizations, projects, and/or VPCs that are approved or denied.

[0065] If the second VPC decides in block 665 not to peer with the first VPC, the request from the first VPC may be denied in block 670. However, if the second VPC decides to peer with the first VPC, peering may be established in block 675.

[0066] Fig. 7 illustrates an example method 700, wherein the controller facilitates peering using policies of the VPCs.

[0067] In block 710, the controller accesses peering policies for a plurality of VPCs. For example, the policies may be stored within the controller, at the VPCs, or in any other location accessible by the controller. Each peering policy may correspond to a particular VPC, and may indicate rules, parameters, or other guidance for peering connections allowed by that particular VPC.

[0068] In block 720, the controller compares the accessed peering policies. For example, the controller may analyze the peering policies individually or collectively.

[0069] In block 730, the controller determines, based on the comparison of block 720, which

VPCs can peer with one another. For example, the comparison may return results indicating that policies of a first VPC and a second VPC have some of the same rules that allow for peering between the first VPC and the second VPC. According to other examples, the first VPC and the second VPC may have different characteristics and their policies may include different rules, but the policy of the first VPC allows for peering with the second VPC and the policy of the second VPC allows for peering with the first VPC. Accordingly, in either example, the controller may identify the first VPC and the second VPC as candidates for peering with one another.

[0070] In block 740, the controller indicates to the determined VPCs that peering between them is approved. By way of example, the controller may send a message or other communication to the first VPC and to the second VPC indicated that they may proceed to peer with one another.

[0071] Auto-peering as described herein is advantageous in that it facilitates the creation and management of multiple VPC peerings. Accordingly, VPC peerings can be created and maintained using less time, labor, and other resources. Additionally, such auto-peering reduces a potential for human error.

[0072] Unless otherwise stated, the foregoing alternative examples are not mutually exclusive, but may be implemented in various combinations to achieve unique advantages. As these and other variations and combinations of the features discussed above can be utilized without departing from the subject matter defined by the claims, the foregoing description of the embodiments should be taken by way of illustration rather than by way of limitation of the subject matter defined by the claims. In addition, the provision of the examples described herein, as well as clauses phrased as "such as," "including" and the like, should not be interpreted as limiting the subject matter of the claims to the specific examples; rather, the examples are intended to illustrate only one of many possible embodiments. Further, the same reference numbers in different drawings can identify the same or similar elements.