Many companies and other organizations operate computer networks that interconnect numerous computing systems to support their operations and the services they provide to their end customers distributed worldwide. For example, data centers housing significant numbers of interconnected computing systems have become commonplace, such as private data centers that are operated by and on behalf of a single organization, and public data centers that are operated by entities as businesses to provide computing resources to customers. In many cases providers set up large networks that may logically span several regions, countries, or even continents, and may include numerous data centers with varying levels of services and facilities available, utilized together, to provide a unified set of services to their end customers.
In some data centers that have been set up to provide computing and/or storage facilities to remote clients, a set of computational resources at the data center may be dynamically divided into resource pools, with each pool being made available for exclusive use by a given client for designated periods of time. There are a number of alternatives available for how the consumers of these facilities establish network connectivity to the resource pools that have been designated for their use. Resources that have been designated for use by a particular consumer may be referred to herein as resources that have been provisioned to a client or customer. Customers may originate requests from a wide variety of devices—desktop personal computers, laptops, client-office servers, tablets, smart phones and the like. These devices may use either long-lasting network links (e.g., using a client office network with a T1 connection) to communicate with their proximate network and/or the public Internet, or they may have transient connectivity (e.g., in the case where the customer uses a mobile smart phone). The proximate networks to which the customer devices are directly connected may in turn route request traffic to the provider network's data centers over a wide variety of paths. Such paths in many cases may have somewhat unpredictable performance, reliability and security characteristics.
For some casual types of service requests, such as a request from a customer to read a recent news article from a web-based news provider, a reasonable variation in responsiveness and an occasional dropped connection may be acceptable. However, for many business-related data transmissions more stringent performance, reliability and security needs may exist. In such environments, a customer of the provider network may need a greater level of network isolation and control than is generally available over the public Internet. For example, the customer may wish to establish, if possible, dedicated physical network links between the customer's own client network and the provider network, such that the only traffic transmitted over those links is traffic generated on behalf of the customer and in accordance with policies established by the customer.
Autonomous systems, such as a customer's client network and a provider network, may exchange routing information with each other according to a routing protocol, such as the border gateway protocol (BGP). Pairs of edge routers in respective autonomous systems may initiate a semi-permanent TCP connection and exchange routing information with each other via messages sent through the semi-permanent TCP connection. A client network or a provider network, may also include semi-permanent TCP connections between pieces of networking equipment within the client network or within the provider network. For example, an edge router on an edge of a provider network may establish a semi-permanent TCP connection with an edge router of a client network and also establish semi-permanent TCP connections with various pieces of networking equipment within the provider network. The edge router of the provider network may receive routing information from the client network via the semi-permanent TCP connection with the edge router of the client network. The edge router of the provider network may propagate the received routing information from the client network to various pieces of networking equipment within the provider network and the various pieces of network equipment may further propagate the received routing information from the client network to other pieces of networking equipment in the provider network to advertise the routing information received from the client network within the provider network. In a similar manner, a client network may propagate routing information received from a provider network within the client network to advertise the routing information received from the provider network within the client network.
In environments in which a customer of a provider network has a dedicated physical connection or cross-network link between the customer's own client network and the provider network, the customer may desire to limit how much of the provider network receives routing information for routes within the customer's client network. For example, a customer may not want to have the customer's client network routing information advertised throughout a whole provider network that spans multiple, regions, countries, or continents.
In addition, a client network receiving address advertisements from a provider network, may desire to include only a portion of advertised routing information of the provider network in a routing table managed by the client network. For example, a customer may not want to include routing information for resources of the provider network that are distant from the customer's client network in a routing table maintained by the client network, or a customer may wish to only include routing information in its routing table that is for a region of the provider network in which the customer has provisioned resources in the provider network.
While embodiments are described herein by way of example for several embodiments and illustrative drawings, those skilled in the art will recognize that embodiments are not limited to the embodiments or drawings described. It should be understood, that the drawings and detailed description thereto are not intended to limit embodiments to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope as defined by the appended claims. The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description or the claims. As used throughout this application, the word “may” is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words “include,” “including,” and “includes” mean including, but not limited to.