US Patent 10212161 Private network layering in provider network environments

Methods and apparatus that allow clients to establish sub private networks as resources within private networks on a provider network. A sub private network may be owned and controlled by a different entity than the owner of its parent private network. A parent private network controls access to its sub private networks, and each sub private network also controls access to its resources. This enables a layered topology in which a parent private network may establish access control rules for its sub private networks; the sub private networks may supplement the access control according to their specific needs. Sub private networks may share resources of their parent private network, and a sub private network may allow or restrict access to its resources by its parent private network, by its sibling private networks, and/or by its own sub private network(s).