A method is implemented by a network device for enabling destination network address translation in a cloud network. The method includes determining that packets having a first public address as a source address and a second public address as a destination address are to be forwarded to a first host that is assigned a first private address and sending a first advertisement message to a gateway indicating that packets having the first public address as a source address and the second public address as a destination address are to be forwarded to a first switch connected to the first host, where the first switch is configured to translate the destination address of those packets from the second public address to the first private address assigned to the first host.

A method and a computer system is provided for executing the method for providing a registration data directory service (RDDS). The method includes obtaining, at a RDDS, a RDDS query comprising a location assertion from a RDDS client from a RDDS client; providing, by the RDDS, a request for personally identifying information (PII) for the RDDS query from a privacy provider, wherein the request comprises the location assertion; obtaining, by the RDDS, the PII for the RDDS query; and providing, by the RDDS, a response to the RDDS query to the RDDS client, wherein the response comprises PII.

According to one or more embodiments, a computer implemented method includes receiving, by an operating system of a computer server, a request to execute an instance of a computer application. The method further includes deploying a virtual container for the instance of the computer application, the virtual container is allocated a dynamic virtual interne protocol address (DVIPA). The method further includes instantiating an application instance of the computer application in the virtual container. The method further includes, based on a determination that the computer application is a non-native application for the operating system, creating for the virtual container, a virtual network interface card (NIC) that translates network communication between the application instance and a physical NIC of the computer server. The method further includes selecting, by the virtual NIC, a communication protocol stack, from multiple communication protocol stacks, to bind the application instance for transferring the network communication.

Methods and system of traffic load balancing between a plurality of Points of Presence (PoP) of a cloud computing infrastructure are described. A first PoP of multiple PoPs of cloud computing infrastructure that provides a cloud computing service receives a packet. The packet includes as a destination address an anycast address advertised by the first PoP for reaching the cloud computing service. The first PoP identifies a network address of a second PoP that is different from the first PoP. The first PoP forwards the packets as an encapsulated packet to the second PoP to be processed in the second PoP according to the cloud computing service.

A first data communication of a first connected device related to a first target website is intercepted. The first data communication identifies the first target website by a first fully qualified domain name (FQDN), and the first FQDN is mapped to a first Internet protocol (IP) address. A pair of the first FQDN and the first IP address is determined. A second data communication of a second connected device related to a second target website is intercepted. The second data communication comprises a second encrypted FQDN and a second IP address of the second target website. The second IP address is determined to be equal to the first IP address. A cybersecurity reputation of the second target website is retrieved based on the first FQDN. In response to determining that the reputation matches a predetermined alarm condition, a cybersecurity operation is enforced for the second data communication.

Systems and methods provide for a network address management system for generating consistent network addresses to computing resources and for developing applications that are resilient to changes in the network addresses to those resources. In an embodiment, a consumer application executing on a computing system can receive a network address schema for a provider application via a library. The library may include a function for constructing a network address to the provider application. The consumer application can invoke the function to begin building the network address. The computing system/library extract context information at the time the consumer application invokes the build function, augment the context information using a selected application namespace (e.g., network address patterns and rules), and generate the network address using the augmented context information, patterns, and rules.

A wireless device receives, from a base station, a radio resource control message comprising at least one packet data convergence protocol (PDCP) configuration parameter indicating Ethernet header compression for a data radio bearer. The wireless device receives, from the base station and based on the at least one PDCP configuration parameter, mapping information between: a source medium access control (MAC) address and a destination MAC address; and a corresponding header compression index. The wireless device receives a compressed Ethernet packet: compressed based on the mapping information; and comprising the corresponding header compression index.

Systems, methods, and devices for performing targeted filtering of network traffic generated by user equipment (UE) devices connected to a customer premise device (CPE) in a communication system that includes a distributed residential gateway. A broadband network gateway may be configured to identify a UE device in a local area network (LAN) associated with the CPE that is compromised, misconfigured, or operating outside normal communication parameters. The broadband network gateway may send a dynamic host configuration protocol (DHCP) force renew message via a wide area network (WAN) to the identified UE device in the LAN, generate a DHCP offer message that presents a new Internet protocol (IP) address assignment that is within a range of IP addresses included in a layer 2/3 access list, and send the generated DHCP offer message to the UE device to quarantine the UE device.

Techniques for identifying a registrant of a domain name using a decentralized identifier are described herein. A computing device can determine a decentralized identifier (DID) for associating with the domain name and validate an identity of the registrant based on the decentralized identifier. The computing device can be associated with a registrar or a registry operator that uses the decentralized identifier during registration of a domain name and/or to perform operations after the domain name is registered. The computing device can use the decentralized identifier in place of personal information to identify the domain name.

A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.