There is provided a method for network address translation. The method is performed by a gateway. The method comprises acquiring an in-packet Bloom Filter (iBF) representation of a node. The method comprises embedding an indication of the iBF representation in an IP address, thereby enabling translation of the iBF representation of the node to an IP address of the node. There is also presented a gateway configured to perform such a method and a computer program comprising computer program code which, when run on a processing unit of the gateway, causes the processing unit to perform such a method.

Two nodes in a communication system exchange link monitoring protocol messages including special metadata that allows each node to determine the status of source NAT on communication links to and from the other node, e.g., if source NAT is present on the communication link, or if there is a change in source NAT configuration (e.g., from enabled to disabled, from disabled to enabled, or from one translation to another translation). The special metadata also allows true source information (e.g., source address and source port number) to be conveyed between nodes even in the presence of source NAT, because the source NAT device does not change the metadata in the message because the metadata is considered to be part of the message payload. In certain exemplary embodiments, knowledge regarding the presence of source NAT devices as well as the true source information conveyed through the source NAT devices via the special metadata can be used in the context of “stateful” routing.

Network devices that are inserted inline into network links and process in-transit packets may significantly improve their packet-throughput performance by not assigning L3 IP addresses and L2 MAC addresses to their network interfaces and thereby process packets through a logical fast path that bypasses the slow path through the operating system kernel. When virtualizing such Bump-In-The-Wire (BITW) devices for deployment into clouds, the network interfaces must have L3 IP and L2 MAC addresses assigned to them. Thus, packets are processed through the slow path of a virtual BITW device, significantly reducing the performance. By adding new logic to the virtual BITW device and/or configuring proxies, addresses, subnets, and/or routing tables, a virtual BITW device can process packets through the fast path and potentially improve performance accordingly. For example, the virtual BITW device may be configured to enforce a virtual path (comprising the fast path) through the virtual BITW device.

Redirecting message flows to bypass load balancers. A destination intermediary receives a source-side message that includes a virtual address of a load balancer as a destination, and that is augmented to include a network address of a destination machine as a destination. The destination intermediary determines that a source intermediary should address subsequent network messages that originate from a source machine and that are associated with the same multi-message flow to the destination machine while bypassing the load balancer. The destination intermediary modifies the source-side message so the destination for the source-side message addresses the destination machine, and passes the modified source-side message to the destination machine. The destination intermediary receives a response from the destination machine identifying the source machine as its destination, and modifies the response so a source address identifies the virtual address of the load balancer, and dispatches the modified response to the source machine.

An extended service-function chain (SFC) proxy is hosted on a network node and connected to a service path formed by one or more network nodes hosting a chain of service-functions applied to packets traversing the service path. The packets each include a service header having a service path identifier and a service index. A packet of a traffic flow destined for a service-function is received from the service path and sent to the service-function. An indication to offload the traffic flow is received from the service-function. The indication is stored in a flow table having entries each identifying a respective traffic flow. A subsequent packet of the traffic flow is received from the service path. The flow table is searched for the indication to offload the traffic flow. Upon finding the indication, the service-function is bypassed, and the subsequent packet is forwarded along the service path.

An extended service-function chain (SFC) proxy is hosted on a network node and connected to a service path formed by one or more network nodes hosting a chain of service-functions applied to packets traversing the service path. The packets each include a service header having a service path identifier and a service index. A packet of a traffic flow destined for a service-function is received from the service path and sent to the service-function. An indication to offload the traffic flow is received from the service-function. The indication is stored in a flow table having entries each identifying a respective traffic flow. A subsequent packet of the traffic flow is received from the service path. The flow table is searched for the indication to offload the traffic flow. Upon finding the indication, the service-function is bypassed, and the subsequent packet is forwarded along the service path.

This application provides a communication method, a CP device, and a NAT device; pertains to the field of communication technologies; and relate to a scenario of performing NAT tracing based on a CU-separated BNG. The CP device delivers, to the NAT device, an IP address assigned to a user. Under a trigger condition of receiving the IP address delivered by the CP device, the NAT device assigns a public network IP address to the user, and reports the public network IP address to the CP device. The CP device adds, to an accounting packet, the IP address assigned by the CP device and the public network IP address assigned by the NAT device, and sends the accounting packet to a RADIUS server, to report the public network IP address to the RADIUS server, so that the NAT tracing is performed on the RADIUS server.

This application provides a communication method, a CP device, and a NAT device; pertains to the field of communication technologies; and relate to a scenario of performing NAT tracing based on a CU-separated BNG. The CP device delivers, to the NAT device, an IP address assigned to a user. Under a trigger condition of receiving the IP address delivered by the CP device, the NAT device assigns a public network IP address to the user, and reports the public network IP address to the CP device. The CP device adds, to an accounting packet, the IP address assigned by the CP device and the public network IP address assigned by the NAT device, and sends the accounting packet to a RADIUS server, to report the public network IP address to the RADIUS server, so that the NAT tracing is performed on the RADIUS server.

A load balancing system includes a load balancer and at least one service node, a virtual switch and at least one backend server run on the service node, and an Internet Protocol (IP) address of a logical interface of the backend server is an IP address of the load balancer, the load balancer receives an access request from a client, and changes a destination address of the access request to an IP address of a virtual network interface card of a destination backend server, and a virtual switch on a service node changes the destination address of the access request to the IP address of the load balancer when receiving the access request such that when the destination backend server returns an access response, a source address of the access response includes the address of the load balancer.

A load balancing system includes a load balancer and at least one service node, a virtual switch and at least one backend server run on the service node, and an Internet Protocol (IP) address of a logical interface of the backend server is an IP address of the load balancer, the load balancer receives an access request from a client, and changes a destination address of the access request to an IP address of a virtual network interface card of a destination backend server, and a virtual switch on a service node changes the destination address of the access request to the IP address of the load balancer when receiving the access request such that when the destination backend server returns an access response, a source address of the access response includes the address of the load balancer.