A system and method for providing network and port address translation is provided. A global IP address and a block (chunk) of ports are allocated for each mobile subscriber (MS) on first data connection. Subsequent data connections from the same MS are assigned the same IP address and a new port from this block. The mapping information is communicated, processed, and stored once for the complete block, instead of for every new data connection. This process reduces processing, communication, and storage requirements.

A system and method for providing network and port address translation is provided. A global IP address and a block (chunk) of ports are allocated for each mobile subscriber (MS) on first data connection. Subsequent data connections from the same MS are assigned the same IP address and a new port from this block. The mapping information is communicated, processed, and stored once for the complete block, instead of for every new data connection. This process reduces processing, communication, and storage requirements.

Disclosed are a communication method and apparatus based on edge computing, a computer storage medium, and an electronic device. The communication method based on edge computing includes: receiving an uplink Internet Protocol (IP) packet transmitted by a user equipment, a destination address of the uplink IP packet being a network address of a target application server; determining a network address of a local edge server that is configured to respond to the uplink IP packet according to the network address of the target application server; and modifying the destination address of the uplink IP packet to the network address of the local edge server, and forwarding the modified uplink IP packet to the local edge server for processing.

Provided are systems, methods, and computer-program products for a proxy network that can determine, for a set of objects, an initial differential, where the initial differential is determined using a rules data store of a host network. The proxy network can further determine a supplemental differential for the set of objects. The proxy network can further determine a final differential that is the sum of the initial differential and the supplemental differential. The proxy network can further determine a final sum for the set of objects that is the object value less the final differential. The proxy network can further generate an outbound data packet that includes values corresponding to the set of objects and the final sum. When the host network receives the outbound data packet, the host network can modify an object data store using the values corresponding to the set of objects and the final sum.

A method, apparatus and system for transmitting data. The system includes: the load balance gate wall translating a virtual MAC address of the virtual server in a destination address of a data packet from a client to a real MAC address of the real server according to a pre-configured address mapping relationship between a real server and a virtual server; the load balance gate wall sending a modified data packet to the virtual switch; the virtual switch determining a data packet flowing into the real server after receiving the data packet from the load balance gate wall, then translating a virtual IP and a virtual port of the virtual server in the destination address in the determined data packet to a real IP and a real port of the real server; and the virtual switch sending the modified data packet to the real server.

In an approach, a processor creates a local first Pod API object in a first lower Kubernetes cluster based on a first Pod API object in an upper Kubernetes cluster, where: the local first Pod API object includes internal and external network descriptions for a Pod described in the local first Pod API object, and the upper cluster manages the first and second lower Kubernetes cluster. A processor adds an annotation for the Pod to the local first Pod API object and the first Pod API object. A processor creates a local endpoint API object in the first lower cluster based on an endpoint API object in the upper cluster and annotations of Pods in the upper cluster. A processor redirects the first request to the endpoint of the second Pod described in the local endpoint API object.

A method for configuring virtual private cloud (VPC) communication between a first and second VPC is provided. The first and second VPCs having a same private network address segment. The method includes binding a first VPC private network address with a first address, the first address belonging to the third VPC private network address segment; binding a second VPC private network address with a second address, the second address belonging to the third VPC private network address segment, the first address being different from the second address; configuring a packet source address to be the first address, the packet being sent by the first VPC and destined for the second VPC, using the first address, and configuring a packet destination address to be the second address. A third VPC private network address segment is different from the private network address segment of the first and second VPC

A method for coordinating distributed network address translation (NAT) in a network within which several logical networks are implemented. The logical networks include several tenant logical networks and at least one service logical network that include service virtual machines (VMs) that are accessed by VMs of the tenant logical networks. The method defines a group of replacement IP address and port number pairs. Each pair is used to uniquely identify a VM across all tenant logical networks. The method sends to at least one host that is hosting a VM of a particular tenant logical network, a set of replacement IP address and port number pairs. Each replacement IP address and port number pair can be used by the host to replace a source IP address and a source port number in a packet that is destined from the particular VM to a VM of the particular service logical network.

A configuration of a cloud application exposed via a public IP address is duplicated with modifications to include a private IP address to expose the application internally. The original configuration is updated so that external network traffic sent to the application is redirected to and distributed across agents running on nodes of a cloud cluster by which web application firewalls (WAFs) are implemented. A set of agents for which the respective WAFs should inspect the redirected network traffic are selected based on cluster metrics, such as network and resource utilization metrics. The redirected network traffic targets a port allocated to the agents that is unique to the application, where ports are allocated on a per-application basis so each of the agents can support WAF protection for multiple applications. Network traffic which a WAF allows to pass is directed from the agent to the application via its private IP address.

Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.