A scalable EBOF storage system identifies its storage devices and external physical interfaces, and respective public IP addresses assigned to each external physical interface. The scalable EBOF storage system assigns a respective private IP address to each storage device, private port identifier(s) to the storage devices, and respective public port identifier(s) to each storage device. The scalable EBOF storage system then generates an EBOF NAT table by mapping, for each storage device: each respective public IP address assigned to the external physical interfaces to the public port identifier assigned to that storage device to provide a public connection information combination for that storage device, the private IP address assigned to that storage device to the private port identifier assigned to that storage device to provide a private information connection combination for that storage device, and the public information connection combination to the private information connection combination for that storage device.

This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routeable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.

A method for stateless distribution of bidirectional flows with network address translation (NAT) comprises: determining an original source port for a first packet of a front-end received from a client device, wherein the original source port is associated with a processing core; selecting a new source port for a back-end flow, wherein the new source port is selected such that the back-end flow is returned to the processing core of the front-end flow; replacing the original source port with the new source port; and transmitting the incoming flow to a destination server.

A method for stateless distribution of bidirectional flows with network address translation (NAT) comprises: determining an original source port for a first packet of a front-end received from a client device, wherein the original source port is associated with a processing core; selecting a new source port for a back-end flow, wherein the new source port is selected such that the back-end flow is returned to the processing core of the front-end flow; replacing the original source port with the new source port; and transmitting the incoming flow to a destination server.

A method for network communication includes receiving from a first network a data packet having a header specifying a first source address in the first network and a destination address in a second network and looking up the first source address in a network address translation (NAT) table. Upon finding, in response to looking up the first source address, that the first source address is not listed in the NAT table, an entry is added to the NAT table specifying a corresponding second source address in the second network. One or more additional first source addresses that are not listed in the NAT table are predictively selected, and one or more further entries are added to the NAT table specifying one or more second source addresses in the public network corresponding to the one or more additional first source addresses.

A method for network communication includes receiving from a first network a data packet having a header specifying a first source address in the first network and a destination address in a second network and looking up the first source address in a network address translation (NAT) table. Upon finding, in response to looking up the first source address, that the first source address is not listed in the NAT table, an entry is added to the NAT table specifying a corresponding second source address in the second network. One or more additional first source addresses that are not listed in the NAT table are predictively selected, and one or more further entries are added to the NAT table specifying one or more second source addresses in the public network corresponding to the one or more additional first source addresses.

Techniques for providing, to a resource on a private network of a service provider, access to a resource on a private network of a customer. Service to customer (S2C) resources deployed on a cloud infrastructure to facilitate the access. Whereas IP address ranges may overlap between private networks and/or private IP addresses may be used in one or more of the private networks, the S2C resources enable the data exchange between the private networks. For example, the S2C resources translate between IP addresses such that data within each private network uses IP addresses that can be properly processed by the private network.

Systems and methods for a virtual network routing gateway that supports address translation for data plane as well as dynamic routing protocols are disclosed herein. The method can include coupling a gateway with a plurality of ports to a network having a plurality of first IP addresses in a private address space, generating a Network Address Translation (“NAT”) function in the gateway, inputting translation information into the NAT function, advertising routes based on the translation information, populating a unified routing table in the gateway based on the plurality of first IP addresses in the private address space and on translated route advertisements, receive an inbound network packet at the gateway, translating an inbound address of the inbound network packet with the NAT function, and delivering the network packet according to the routing table and based on the translated inbound address.

This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.

Methods, systems and non-transitory computer readable media for handling IP network addresses in a virtualization system. Embodiments are configured to receive, from a cloud provider, a cloud provider media access control address to assign to a network interface of a computing node. Also received from the cloud provider is a cloud provider's IP address associated with the cloud provider's media access control address. A virtual machine on the computing node is configured such that the cloud provider's IP address serves as an IP address of the virtual machine and such that a virtualization system media access control address serves as a MAC address of the virtual machine. The virtualization system correlates the cloud provider's media access control address to the IP address of the virtual machine. In some cases, the cloud provider's media access control address stored in a virtual switch of a hypervisor.