This disclosure describes techniques for implementing network address translation as a distributed service over the nodes of a logical network fabric, such as a software-defined network fabric. A method includes registering, by an edge node of a network, an IP address of a client device. The method further includes forwarding, by the edge node, the registered IP address to a control plane of the network. The method further includes checking, by the control plane, a network address translation policy. The method further includes recording, by the control plane, translations between the registered IP address and an allocated IP address in a translation table, each of the translations being related to the edge node. The method further includes returning, by the control plane, the translations between the registered IP address and the allocated IP address to the edge node.

A method of providing a set of network addresses associated with a managed forwarding element (MFE) in a logical network that includes a set of data compute nodes (DCNs). The DCNs are hosted on a set of physical hosts. Each DCN is connected to an MFE on the corresponding host. The method receives a request to translate an MFE into a set of network addresses, the request comprising an identification of the MFE. The method identifies a logical network entity associated with the MFE based on the identification of the MFE. The method identifies a set of network addresses associated with the identified network entity and provides the set of network addresses as the set of network addresses associated with the identified network entity.

Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Systems and methods are disclosed for establishing connections between computing devices. A first computing device may communicate data via a symmetric NAT and a second computing device may communicate data via a cone NAT. The first computing device may establish a connection, such as a peer-to-peer (P2P) connection, between the first computing device and the second computing device via the symmetric NAT and the cone NAT.

A network device configured to perform scalable, in-network computations is described. The network device is configured to process pull requests and/or push requests from a plurality of endpoints connected to the network. A collective communication primitive from a particular endpoint can be received at a network device. The collective communication primitive is associated with a multicast region of a shared global address space and is mapped to a plurality of participating endpoints. The network device is configured to perform an in-network computation based on information received from the participating endpoints before forwarding a response to the collective communication primitive back to one or more of the participating endpoints. An injection policy comprising the issuing of credits enables each endpoint to limit the amount of collective communication primitives injected into the network simultaneously to reduce network congestion caused by increased network traffic due to the multicast capability of the network devices.

Provided herein are systems, devices and methods for applying address translation to network traffic originating from client devices having dynamic Internet Protocol (IP) addresses to support IP based security measures using a gateway configured to connect a plurality of client devices used by a plurality of users to a plurality of cloud based networks. The gateway may receive, from a client device assigned a dynamic IP address, credentials of a user using the respective client device, access a translation record mapping the user, identified by his credentials, to a respective unique static IP address, adjust a source address of each packet received from the client device to include the static IP address, and forward each adjusted packet to a security engine configured to apply security policy(s) to each adjusted packet before transmitting it to the cloud based network(s). The security policy(s) is applied according to the static IP address.

A method, apparatus, and system for distributing and vitalizing a NAT are described. The method includes: maintaining a mapping table associating first and second endpoint addresses of a device, the first and second endpoint addresses indicating the device for first and second routers, respectively; maintaining a routing table for routing between the first and second routers, the routing table associating the first and second routers with first and second location addresses, respectively; and forwarding the first and/or second endpoint addresses to a selected router, the selected router being one of the first router, the second router, or a router exchanging network traffic between the first and second routers, wherein the selected router translates network traffic indicating the first endpoint address to indicate the second endpoint address.

Solutions to packet forwarding along a service function path (SFP) by using packet-based transport are provided, where the destination address field in the transport tunnel packet header designates the SFP and the source address field contains the service context. Forwarding of packet flows in different SFPs is simplified by using conventional packet routing and forwarding mechanisms and commercial off-the-shelf routers and switches. For example, route aggregation, load balancing, equal cost multipath routing, and fast path restoration can be applied to service function paths.

Disclosed are an electronic device for wireless communication and a method thereof. The electronic device may include an interface module and a processor. The processor may be configured to establish a first Ethernet tethering connection with an external electronic device by using an Ethernet driver, provide an Internet service to the external electronic device using a first IP address allocated to the external electronic device, deactivate the Ethernet driver in response to identifying that the IP address of the electronic device is changed and the first Ethernet tethering connection is in the bridge mode, reactivate the deactivated Ethernet driver, establish a second Ethernet tethering connection with the external electronic device by using the reactivated Ethernet driver, and provide the Internet service to the external electronic device using a second IP address allocated to the external electronic device.