Some embodiments provide a method that, at a first domain name system (DNS) cluster of a set of DNS clusters, receives a DNS request from a client. The first DNS cluster identifies, based on an identifier of the client in the DNS request, a home DNS cluster of the client. The method forwards the DNS request to the home DNS cluster. The home DNS cluster supplies a DNS response to the client. Identifying the home DNS cluster, in some embodiments, includes performing a hash on the identifier of the client. Supplying the DNS response, in some embodiments, includes receiving a virtual IP (VIP) address associated with one of a plurality of sets of application servers to the client and providing the received VIP address to the client in the DNS response.

A system for an enhanced X2 interface in a mobile operator core network is disclosed, comprising: a Long Term Evolution (LTE) core network packet data network gateway (PGW); an evolved NodeB (eNodeB) connected to the LTE PGW; a Wi-Fi access point (AP) connected to the LTE PGW via a wireless local area network (WLAN) gateway; and a coordinating node positioned as a gateway between the LTE PGW and the eNodeB, and positioned as a gateway between the LTE PGW and the Wi-Fi AP, the coordinating node further comprising: a network address translation (NAT) module; and a protocol module for communicating to the eNodeB and the Wi-Fi AP to request inter-radio technology (inter-RAT) handovers of a user equipment (UE) from the eNodeB to the Wi-Fi AP and to forward packets intended for the UE from the eNodeB to the Wi-Fi AP.

A system for an enhanced X2 interface in a mobile operator core network is disclosed, comprising: a Long Term Evolution (LTE) core network packet data network gateway (PGW); an evolved NodeB (eNodeB) connected to the LTE PGW; a Wi-Fi access point (AP) connected to the LTE PGW via a wireless local area network (WLAN) gateway; and a coordinating node positioned as a gateway between the LTE PGW and the eNodeB, and positioned as a gateway between the LTE PGW and the Wi-Fi AP, the coordinating node further comprising: a network address translation (NAT) module; and a protocol module for communicating to the eNodeB and the Wi-Fi AP to request inter-radio technology (inter-RAT) handovers of a user equipment (UE) from the eNodeB to the Wi-Fi AP and to forward packets intended for the UE from the eNodeB to the Wi-Fi AP.

A message encapsulation method and apparatus, and a message decapsulation method and apparatus are provided. The message encapsulation method includes encapsulating a first message according to a preset encapsulation format to obtain a second message, where the first message is obtained by encapsulating a traffic stream, the second message carries stream attribute information, and the stream attribute information is used for indicating a feature attribute of the traffic stream.

In some examples, an example method to provide a virtualized Carrier-grade Network Address Translation (CGN) at a first customer edge router may include establishing a tunnel between the first customer edge router and each aggregation router among one or more aggregation routers, performing a Network Address Translation (NAT) on a first data packet to create a NAT'ed first data packet, selecting a first aggregation router from amongst the one or more aggregation routers to send the NAT'ed first data packet to, encapsulating the NAT'ed first data packet with overlay information corresponding to a tunnel established between the first customer edge router and a first aggregation router, and sending the encapsulated NAT'ed first data packet through the tunnel to the first aggregation router.

In some examples, an example method to provide a virtualized Carrier-grade Network Address Translation (CGN) at a first customer edge router may include establishing a tunnel between the first customer edge router and each aggregation router among one or more aggregation routers, performing a Network Address Translation (NAT) on a first data packet to create a NAT'ed first data packet, selecting a first aggregation router from amongst the one or more aggregation routers to send the NAT'ed first data packet to, encapsulating the NAT'ed first data packet with overlay information corresponding to a tunnel established between the first customer edge router and a first aggregation router, and sending the encapsulated NAT'ed first data packet through the tunnel to the first aggregation router.

According to one or more embodiments of the disclosure, techniques herein provide for auto discovery of network proxies. In particular, in one embodiment, a controller in a computer network receives, from both source devices and destination devices, corresponding Transmission Control Protocol/Internet Protocol (TCP/IP) information and associated transaction identifiers (IDs) for packets sent by the source devices and for packets received at the destination devices. The controller may then correlate particular source TCP/IP information to particular destination TCP/IP information based on associated transaction IDs being the same, and can compare the correlated source TCP/IP information and destination TCP/IP information in order to determine whether a proxy device exists (e.g., and which particular type of proxy device exists) between the source device and the destination device.

According to one or more embodiments of the disclosure, techniques herein provide for auto discovery of network proxies. In particular, in one embodiment, a controller in a computer network receives, from both source devices and destination devices, corresponding Transmission Control Protocol/Internet Protocol (TCP/IP) information and associated transaction identifiers (IDs) for packets sent by the source devices and for packets received at the destination devices. The controller may then correlate particular source TCP/IP information to particular destination TCP/IP information based on associated transaction IDs being the same, and can compare the correlated source TCP/IP information and destination TCP/IP information in order to determine whether a proxy device exists (e.g., and which particular type of proxy device exists) between the source device and the destination device.

Techniques for virtualized network functions (VNFs) that provide for domain isolation of networks coupled to the VNF are described. A virtual network function (VNF) includes a cloud virtual domain coupling the VNF to a cloud service, a management virtual domain coupling the VNF to a management service, and an external virtual domain having a public Internet Protocol (IP) address. The external virtual domain receives an authentication request providing access credentials for a VNF customer from a cloud client device, provides the authentication request to the management service via the management virtual domain, receives an authentication response from the management service, and, in response to determining that the VNF customer access credentials are valid, initiates application of a policy that allows the cloud client device to configure the cloud virtual domain or the cloud service and disallows configuration of the external virtual domain and the management virtual domain.

A method for a connection mechanism in a public cloud network is disclosed. The method includes acquiring a plurality of connection credentials from a public cloud portal (PCP) Admin Device; pairing and registration with a private cloud virtual private network (VPN) server (PCVS) from a private matter gateway (PMG); establishing a plurality of initial VPN tunnels between the PCVS and the PMG; connecting to the PMG on demand between a PCVS smart device client and the PMG through the PCVS; and running a plurality of vertical peer-to-peer (P2P) private and secure PCVS smart device client applications between at least one PCVS smart device client and one of at least one PMG smart device client, at least one PMG network service and another PCVS smart device client.