A network configuration apparatus includes a user interface module configured to receive a traffic request from a user. The traffic request includes a source and a destination for desired traffic. A barrier identification module obtains network data indicating a set of networking devices present in a route between the source and the destination. For each of the devices, the barrier identification module determines whether the device may block traffic from reaching the destination and, if so, adds the device to a set of potential barriers. A route analysis module, for each device of the potential barriers, flags the device if it will block the desired traffic. The user interface module, in response to there being at least one flagged device, transmits an alert that the traffic request is a failure; and, in response to there being zero flagged devices, transmits an alert that the traffic request is a success.

Example methods and systems are provided for network-address-to-identifier translation in a virtualized computing environment. The method may comprise: based on traffic flow information associated with a first network address and a second network address, determining that the first network address is associated with a first identifier that identifies the first virtualized computing instance. The method may also comprise: obtaining network topology information specifying how the first virtualized computing instance is connected to the second virtualized computing instance via one or more logical forwarding elements; and based on the network topology information, determining that the second network address is associated with a second identifier that identifies the second virtualized computing instance. The method may further comprise: utilizing the first identifier and the second identifier in a firewall rule to allow or deny a traffic flow between the first virtualized computing instance and the second virtualized computing instance, or to monitor the traffic flow, or both.

A method of translating network addresses includes defining a service address including a first IP address for a server. The server actually uses a service address including a second IP address. A packet originating from a client is received, the target address of the packet being the first IP address. The destination address of the packet is changed from the first IP address to a third IP address. The destination address of the packet is then changed from the third IP address to the second IP address. The first packet is then sent to the server. The present disclosure also provides a system for implementing the method of translating network address. The security of data transmission is improved while resolving IP network segment conflicts.

Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.

Some examples herein disclose a load balancer to identify a service function among multiple service functions based on an available capacity. The load balancer modifies a switch address in the packet and distributes the packet to the identified service function based on the modified switch address.

Disclosed in the embodiments of the present invention is a data transmission method. The method comprises: simultaneously receiving data simultaneously transmitted by multiple transmitters, the data comprises multiple data frames simultaneously transmitted by at least one transmitter; generating a chunking acknowledgment message frame according to the receiving state of the data, the chunking acknowledgment message frame contains a group information identifier and data receiving state information, wherein the group information identifier is used to indicate multiple transmitters which belong to the same group pre-set correspondingly by the chunking acknowledgment message frame, and the data receiving state information is used to indicate the data receiving states of various transmitters which belong to the same group, the data receiving states comprise the receiving states of the multiple data frames simultaneously transmitted by at least one transmitter; and transmitting the chunking acknowledgment message frame to the multiple transmitters. By means of the present invention, the technical problems of being not beneficial to effective spectrum utilization and being not beneficial to power saving of user equipment which are caused by replying an ACK frame to the user equipment in order are solved, thereby improving the effective spectrum utilization.

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

A network configuration apparatus includes a user interface module configured to receive a traffic request from a user. The traffic request includes a source and a destination for desired traffic. A barrier identification module obtains network data indicating a set of networking devices present in a route between the source and the destination. For each of the devices, the barrier identification module determines whether the device may block traffic from reaching the destination and, if so, add the device to a set of potential barriers. A route analysis module, for each device of the potential barriers, flags the device if it will block the desired traffic. The user interface module, in response to there being at least one flagged device, transmits an alert that the traffic request is a failure; and, in response to there being zero flagged devices, transmits an alert that the traffic request is a success.