Techniques are provided for modifying a list of Traversal Using Relays around Network Address Translators (TURN) servers within a host application. A custom-modified browser is configured to add and/or remove TURN servers underneath a variety of host applications, including, for example, JavaScript WebRTC applications. In some cases, certain applications are permitted and/or denied use of certain TURN servers, based on local administrative policy. In accordance with another embodiment of the present disclosure, a host application can be configured or otherwise modified to use certain TURN servers on certain networks, for example, to prevent traffic from using a TURN server outside a General Data Protection Regulation (GDPR) region.

Some embodiments provide a novel method for performing network address translation to share a limited number of external source network addresses among a large number of connections. Instead of allocating an external source network address for an egressing packet just based on its internal source network address, the method of some embodiments allocates the external source network address based on the egressing packet's source network address and destination network address. This allows a limited number of external source network addresses to be re-used for different destination network address. For instance, in some embodiments, the method's network address allocation scheme allows the same 64K (e.g., 2{circumflex over ( )}16) external source ports to be used for 64K connections for each destination network address.

The method and system enable secure forwarding of a message from a first computer to a second computer via an intermediate computer in a telecommunication network. A message is formed in the first computer or in a computer that is served by the first computer, and in the latter case, sending the message to the first computer. In the first computer, a secure message is then formed by giving the message a unique identity and a destination address. The message is sent from the first computer to the intermediate computer after which the destination address and the unique identity are used to find an address to the second computer. The current destination address is substituted with the found address to the second computer, and the unique identity is substituted with another unique identity. Then the message is forwarded to the second computer.

The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.

Techniques for providing, to a resource on a private network of a service provider, access to a resource on a private network of a customer. Service to customer (S2C) resources deployed on a cloud infrastructure to facilitate the access. Whereas IP address ranges may overlap between private networks and/or private IP addresses may be used in one or more of the private networks, the S2C resources enable the data exchange between the private networks. For example, the S2C resources translate between IP addresses such that data within each private network uses IP addresses that can be properly processed by the private network.

Techniques for providing, to a resource on a private network of a service provider, access to a resource on a private network of a customer. Service to customer (S2C) resources deployed on a cloud infrastructure to facilitate the access. Whereas IP address ranges may overlap between private networks and/or private IP addresses may be used in one or more of the private networks, the S2C resources enable the data exchange between the private networks. For example, the S2C resources translate between IP addresses such that data within each private network uses IP addresses that can be properly processed by the private network.

A method for operating a session control entity configured to control a data packet session of a user in a cellular network. A policy request is transmitted to a policy control entity of the cellular network requesting at least one policy rule for the data packet session. A policy response is received including the at least one policy rule for the data packet session and including a request to provide information about an address translation carried out in a user plane on the data packets of the data packet session. Rules for handling the data packet session are transmitted to a user plane entity configured to handle the user plane of the data packet session. The rules include a translation detection rule by which the user plane entity is requested to inform the session control entity about the address translation that has taken place in the user plane.

Some embodiments provide a novel method for performing network address translation to share a limited number of external source network addresses among a large number of connections. Instead of allocating an external source network address for an egressing packet just based on its internal source network address, the method of some embodiments allocates the external source network address based on the egressing packet's source network address and destination network address. This allows a limited number of external source network addresses to be re-used for different destination network address. For instance, in some embodiments, the method's network address allocation scheme allows the same 64K (e.g., 2{circumflex over ( )}16) external source ports to be used for 64K connections for each destination network address.

A system and method for adaptive traffic path management, the method including: receiving at least one packet associated with a traffic flow; determining application parameters associated with the at least one packet; determining attributes correlated with the traffic flow associated with the at least one packet; analyzing the application parameters and attributes to determine a Network Address Translation (NAT) pool for the traffic flow; determining if a modified NAT is needed based on the NAT pool for the traffic flow; if a modified NAT is needed, modifying the NAT for the at least one packet associated with the traffic flow; and sending the at least one packet and the traffic flow associated with the at least one packet to a path associated with the modified NAT.

In order to achieve location transparency and routing slip extensibility, a system and a method for orchestrating a web service using Business Process Execution Language are disclosed. The method includes: receiving a message, wherein the message comprises an address identifying an extension element; determining, from the address, a location of the extension element identified by the address; responsive to determining the location of the extension element, directing the message to an appropriate location; and storing the message in a computer readable storage medium.