An intelligent network address translation system and methods for intelligent network address translation. In one embodiment, a network packet is received from a host device, and a stored record associated with the host device is identified. The stored record includes information relating to connection parameters associated with the host device. Using the stored record, a processor determines whether the network packet should be assigned a dedicated address. If so, then the network packet is transmitted using communication parameters including a dedicated IP address. If the packet should not be assigned a dedicated address, then the packet is transmitted using connection parameters including a default public IP address and a port number.

A communication control apparatus for controlling communication between at least one communication apparatus and a plurality of network apparatuses residing on a plurality of networks includes a plurality of communication controllers respectively provided for the plurality of networks. Each communication controller includes a memory that stores operation determination information to be used for determining processing to be performed on transmission-and-reception information, the transmission-and-reception information to be transmitted or received by the communication controller with respect to other communication controller or one of the plurality of network apparatuses on the plurality of networks and circuitry that acquires the operation determination information in response to receiving the transmission-and-reception information and performs operation corresponding to the acquired operation determination information on the transmission-and-reception information, and a tag processor to add or remove tag information to or from the transmission-and-reception information.

Systems and methods are for domain name system (DNS) resolutions in heterogeneous network environments including a virtual private cloud (VPC). An administrator of a virtual private cloud (VPC) specifies rules identifying sources for resolving DNS resolution requests. The rules may include routing a request to a source outside the VPC such as to an on-premises DNS resolver through an outbound IP endpoint.

A method includes: receiving communications from first and second tenants of a multi-tenant computing environment over first and second dedicated networks, respectively, the communications being transmitted to a first globally unique IP address in first and second dedicated environments, respectively; NATing the first globally unique IP address, to which the communication from the first tenant was transmitted, to a first non-globally unique IP address that is locally unique in the service provider environment; NATing the first globally unique IP address, to which the communication from the second tenant was transmitted, to a second non-globally unique IP address that is locally unique in the service provider environment; providing the communication from the first tenant and the communication from the second tenant access to a shared resource in the service provider environment using the first and second non-globally unique IP addresses, respectively.

Technologies directed to network address translation based on logical channels in a shared private network with a single ingress to an ISP and multiple customer devices are described. One method receives a first public IP address assigned to an endpoint device by an ISP. The method creates a sub-interface on a WAN interface and adds a first rule that translates the first public IP address to a first private IP address assigned to the customer STA and a second rule that translates the first private IP address to the second public IP address. The first customer STA creates a second sub-interface between the customer STA and the endpoint device, adds a third rule that translates the first private IP address to a second private IP address assigned to the first endpoint device, and adds a fourth rule that translates the second private IP address to the first private IP address.

In order to achieve location transparency and routing slip extensibility, a system and a method for orchestrating a web service using Business Process Execution Language are disclosed. The method includes: receiving a message, wherein the message comprises an address identifying an extension element; determining, from the address, a location of the extension element identified by the address; responsive to determining the location of the extension element, directing the message to an appropriate location; and storing the message in a computer readable storage medium.

A system that enables end-user devices that operate within different enterprise networks to exchange data with one another. In particular, the disclosed system uses unique IP addresses that are dedicated solely to supporting a predefined communication service between enterprise computer networks, in order to identify and route each data packet according to the communications service. As part of the communications service, the data packets are transmitted, for example, from a first local service provider network hosting a first enterprise network, through a participating backbone service provider network on the public Internet and based on deterministic routing, and to a second local service provider network hosting a second enterprise network. In handling the data packets in this way, the disclosed system creates an Internet wide-area-network (WAN): the data packets are transmitted over the Internet and conceivably over a large geographic distance between enterprise networks.

A method for operating a session control entity configured to control a data packet session of a user in a cellular network. A policy request is transmitted to a policy control entity of the cellular network requesting at least one policy rule for the data packet session. A policy response is received including the at least one policy rule for the data packet session and including a request to provide information about an address translation carried out in a user plane on the data packets of the data packet session. Rules for handling the data packet session are transmitted to a user plane entity configured to handle the user plane of the data packet session. The rules include a translation detection rule by which the user plane entity is requested to inform the session control entity about the address translation that has taken place in the user plane.

A Network Address Translation (NAT) method, apparatus and device are provided. Based on the method, a target IP address and its reference port are obtained from a NAT resource pool, wherein the reference port is a port in a consecutive port range of the target IP address; a first five-tuple corresponding to a packet is generated based on the target IP address, the reference port and an original five-tuple of the packet, and a second five-tuple is obtained by masking first-class bits of two classes of ports of the first five-tuple respectively; a target five-tuple is determined in a plurality of consecutive hash buckets of a hash table based on a hash result of the second five-tuple; and the target five-tuple and the original five-tuple are recorded in the hash table and a corresponding result table, and the packet is NAT-processed based on the target five-tuple.

Whenever an IP packet is routed from a source computing device through to a NAT device on the way to a destination computing device, a PCP client transmits a PCP query to a PCP server to determine the external IP address and external port number that have been substituted for the source IP address and source port number previously incorporated within the IP packet. Subsequently, the PCP server responds to the PCP client with the information denoting the mapping between the source IP address-some port number pair and the external IP address-external port number pair. A snooping agent is utilized to firstly snoop on the mapping communicated from the PCP server to the PCP client, and secondly to communicate the mapping information to a policy server incorporating a plurality of predefined firewall rules usable in deducing appropriate PACKET ALLOW/PACKET DROP decisions, based on the mapping information.