Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

In one aspect, a computerized method includes the step of providing process monitor in a Gateway. The method includes the step of, with the process monitor, launching a Gateway. Daemon (GWD). The GWD runs a GWD process that implements a Network Address Translation (NAT) process. The NAT process includes receiving a set of data packets from one or more Edge devices and forwarding the set of data packets to a public Internet. The method includes the step of receiving another set of data packets from the public Internet and forwarding the other set of data packets to the one or more Edge devices. The method includes the step of launching a Network Address Translation daemon (NATD). The method includes the step of detecting that the GWD process is interrupted; moving the NAT process to the NATD.

A content provider has a plurality of content provider domain names, and a content delivery network (CDN) allocates a plurality of CDN domain names to the particular content provider. The content provider domain names are mapped to the CDN domain names. CDN domain names are bound to corresponding CDN clusters. The binding of the of CDN domain names to corresponding CDN clusters is modified.

A content provider has a plurality of content provider domain names, and a content delivery network (CDN) allocates a plurality of CDN domain names to the particular content provider. The content provider domain names are mapped to the CDN domain names. CDN domain names are bound to corresponding CDN clusters. The binding of the of CDN domain names to corresponding CDN clusters is modified.

Aspects of the subject disclosure may include, for example, specification of network service functions (e.g., a firewall or network address translation appliance) to be included in a service function path. Routers in a communication network may publish information regarding reachable network service functions and an API may be exposed that provides the information regarding the reachable network service functions. Other embodiments are disclosed.

Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.

Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.

Methods and apparatuses are described herein for multicast and unicast MAC address assignment protocol (MUMAAP). A first node may transmit, to a second node, based on a unicast MAC address of the second node or a multicast MAC address associated with the second node, a discover message that may include a first MAC address or a first range of MAC addresses. The first node may receive an offer message with a second range of MAC addresses. If the first node selects a second MAC address from the received second range of MAC addresses, the first node may transmit a request message indicating that the second MAC address or the second range of MAC addresses is allocated to the first node. The first node may receive an acknowledge message indicating that the second MAC address or the second range of MAC addresses is allocated to the first node.

Methods and apparatuses are described herein for multicast and unicast MAC address assignment protocol (MUMAAP). A first node may transmit, to a second node, based on a unicast MAC address of the second node or a multicast MAC address associated with the second node, a discover message that may include a first MAC address or a first range of MAC addresses. The first node may receive an offer message with a second range of MAC addresses. If the first node selects a second MAC address from the received second range of MAC addresses, the first node may transmit a request message indicating that the second MAC address or the second range of MAC addresses is allocated to the first node. The first node may receive an acknowledge message indicating that the second MAC address or the second range of MAC addresses is allocated to the first node.