There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; an operating system including a native internet protocol (IP) stack; and a security agent, including instructions encoded within the memory to instruct the processor to: establish a split virtual private network (VPN) tunnel with a remote VPN service; receive outgoing network traffic; direct a first portion of the outgoing traffic to the VPN tunnel, including determining that the first portion includes an outgoing domain name service (DNS) request; and direct a second portion of the outgoing traffic to the native IP stack.

There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; an operating system including a native internet protocol (IP) stack; and a security agent, including instructions encoded within the memory to instruct the processor to: establish a split virtual private network (VPN) tunnel with a remote VPN service; receive outgoing network traffic; direct a first portion of the outgoing traffic to the VPN tunnel, including determining that the first portion includes an outgoing domain name service (DNS) request; and direct a second portion of the outgoing traffic to the native IP stack.

A communication method is provided. The method includes transmitting a network address assignment request to the network address translation entity after establishing a general packet radio service (GPRS) tunneling protocol (GTP) tunnel between the first user-plane function entity and the second user-plane function entity, such that the network address translation entity assigns a network address to the GTP tunnel, notifying the network address assigned by the network address translation entity to the GTP tunnel to the central data network, controlling a data packet to be transmitted by the edge service node to the central data network to be transmitted through the GTP tunnel, the network address translation entity replacing a source address of the data packet with the network address, and transmitting the data packet to the central data network after the data packet arrives at the network address translation entity.

A communication method is provided. The method includes transmitting a network address assignment request to the network address translation entity after establishing a general packet radio service (GPRS) tunneling protocol (GTP) tunnel between the first user-plane function entity and the second user-plane function entity, such that the network address translation entity assigns a network address to the GTP tunnel, notifying the network address assigned by the network address translation entity to the GTP tunnel to the central data network, controlling a data packet to be transmitted by the edge service node to the central data network to be transmitted through the GTP tunnel, the network address translation entity replacing a source address of the data packet with the network address, and transmitting the data packet to the central data network after the data packet arrives at the network address translation entity.

Disclosed herein is a method including receiving, from a user application, data to be transmitted from a source address to a destination address using a single connection through a network; and splitting the data into a plurality of packets according to a communication protocol. For each packet of the plurality of packets, a respective flowlet for the packet to be transmitted in is determined from a plurality of flowlets. Assignment of the flowlets to the packets can be dynamically adjusted based on utilization of the flowlets.

Disclosed herein is a method including receiving, from a user application, data to be transmitted from a source address to a destination address using a single connection through a network; and splitting the data into a plurality of packets according to a communication protocol. For each packet of the plurality of packets, a respective flowlet for the packet to be transmitted in is determined from a plurality of flowlets. Assignment of the flowlets to the packets can be dynamically adjusted based on utilization of the flowlets.

A method for establishing a segment routing (SR) tunnel based on an Internet Protocol version 6 (IPv6) data plane using a Path Computation Element Communication Protocol (PCEP) includes generating, by a path computation element (PCE), a first PCEP message, wherein the first PCEP message comprises indicating information and segment identifier (SID), and wherein the indicating information indicates that the SID is an IPv6 prefix of a node in a tunnel; receiving, by a first path computation client (PCC), the first PCEP message from the PCE; and establishing, by the first PCC, a Segment Routing over IPv6 (SRv6) tunnel from the first PCC to a second PCC.

A method for establishing a segment routing (SR) tunnel based on an Internet Protocol version 6 (IPv6) data plane using a Path Computation Element Communication Protocol (PCEP) includes generating, by a path computation element (PCE), a first PCEP message, wherein the first PCEP message comprises indicating information and segment identifier (SID), and wherein the indicating information indicates that the SID is an IPv6 prefix of a node in a tunnel; receiving, by a first path computation client (PCC), the first PCEP message from the PCE; and establishing, by the first PCC, a Segment Routing over IPv6 (SRv6) tunnel from the first PCC to a second PCC.

A method performed by a computing system includes receiving a first request from a first pod being executed on the computing system, responding to the first request with an Internet Protocol (IP) address and a first port range, receiving a second request from a second pod being executed on the computing system, and responding to the second request with the Internet Protocol (IP) address and a second port range that is different than the first port range. The method further includes, with a networking service implemented within the kernel, processing network traffic between external entities and the first and second pods by updating source and destination IP addresses and ports of packets of the network traffic.

A method performed by a computing system includes receiving a first request from a first pod being executed on the computing system, responding to the first request with an Internet Protocol (IP) address and a first port range, receiving a second request from a second pod being executed on the computing system, and responding to the second request with the Internet Protocol (IP) address and a second port range that is different than the first port range. The method further includes, with a networking service implemented within the kernel, processing network traffic between external entities and the first and second pods by updating source and destination IP addresses and ports of packets of the network traffic.