A system for virtual machine port translation and dynamic routing of a network includes at least one processor, which executes stored instructions to perform a method for virtual machine port translation and dynamic routing of a network. One or more virtual machines are provided, each virtual machine having at least one internal IP address that is routable or assignable to one or more external IP addresses. One or more thresholds are set for each of the external IP addresses based on a policy or constraint set forth by a service provider. An analysis is performed on a connection state of the network. It is determined, based on the analysis, whether any of the external IP addresses meet or exceed the set thresholds. Based on the determination, a routing operation is selected and performed from among the following set of routing operations: dynamically route an internal IP address of a respective virtual machine to a different external IP address than an external IP address currently assigned thereto, and defer the dynamic routing.

Systems and methods are for domain name system (DNS) resolutions in heterogeneous network environments including a virtual private cloud (VPC). An administrator of a virtual private cloud (VPC) specifies rules identifying sources for resolving DNS resolution requests. The rules may include routing a request to a source outside the VPC such as to an on-premises DNS resolver through an outbound IP endpoint.

In one embodiment, a method includes receiving a packet comprising a destination address in a destination address field of the packet, where the destination address including at least a first global identifier and a second global identifier, determining that the first global identifier corresponds to the first network apparatus, determining that a local identifier in the destination address is associated with the first global identifier, identifying one or more instructions associated with the local identifier, performing one or more functions instructed by the one or more instructions, updating the destination address in the destination field of the packet to an updated destination address, determining a forwarding rule associated with the packet, and forwarding the packet with the updated destination address based on the forwarding rule.

Systems and methods for detecting Internet services by a network policy controller are provided. According to one embodiment, a network controller maintains an Internet service database (ISDB) in which multiple Internet services and corresponding protocols, port numbers, Internet Protocol (IP) address ranges and singularity levels of the IP ranges are stored. The network policy controller intercepts network traffic and detects the Internet service of the network traffic. If an IP address of the network traffic falls in an IP range with highest singularity level and the protocol type, port number of the network traffic are matched in the ISDB, the corresponding Internet service is identified as the Internet service of the network traffic. The network policy controller further controls transmission of the network traffic based on the Internet service.

In one embodiment, a method includes receiving a packet comprising a destination address in a destination address field of the packet, where the destination address including at least a first global identifier and a second global identifier, determining that the first global identifier corresponds to the first network apparatus, determining that a local identifier in the destination address is associated with the first global identifier, identifying one or more instructions associated with the local identifier, performing one or more functions instructed by the one or more instructions, updating the destination address in the destination field of the packet to an updated destination address, determining a forwarding rule associated with the packet, and forwarding the packet with the updated destination address based on the forwarding rule.

Some aspects of the methods and systems presented relate to performing stateless address translation between IPv4 capable devices to IPv6 capable networks and devices. Stateless address translation may form a new IPv6 addresses by combining the IPv4 address of a device with an IPv6 prefix address assigned to the translator. The translation may also combine the IPv4 destination address and UDP port information with the new IPv6 address. Existing Domain Name Systems (DNSs) may be leveraged for resolving the IPv4 and IPv6 addresses across different networks.

A method and an apparatus for keeping network address translation mapping alive are provided. The method includes: receiving, by a network address translation NAT device, a probe request sent by an internal network device; sending a probe response to the internal network device, where the probe response carries indication information, and the indication information indicates that the internal network device does not actively initiate a heartbeat message to keep network address translation mapping alive; allocating at least two public network addresses to the internal network device from an address resource pool, and using in each time period of a subsequent session process between the internal network device and an external network device, one of the at least two public network addresses as a current active address in the time period, to map the private network address of the internal network device to the current active address.

In a method for providing access to a service provided by a physical server in a cloud computing system, a cloud platform allocates to the service a publishing IP address and a publishing port, and sends a NAT rule to an access network element associated with the virtual machine. Upon receiving a service access request from the virtual machine for accessing the service, the access network element modifies, according to the NAT rule, a destination address of the service access request into the IP address and the port of the physical server that provides the service, and routes the modified service access request to the physical server.

The method and system enable secure forwarding of a message from a first computer to a second computer via an intermediate computer in a telecommunication network. A message is formed in the first computer or in a computer that is served by the first computer, and in the latter case, sending the message to the first computer. In the first computer, a secure message is then formed by giving the message a unique identity and a destination address. The message is sent from the first computer to the intermediate computer after which the destination address and the unique identity are used to find an address to the second computer. The current destination address is substituted with the found address to the second computer, and the unique identity is substituted with another unique identity. Then the message is forwarded to the second computer.

A network apparatus includes: a plurality of network interfaces; a first communication unit configured to communicate with an input and output apparatus in a first network with which a first network interface of the plurality of network interfaces is coupled; a second communication unit configured to communicate with a first device in a second network with which a second network interface of the plurality of network interfaces is coupled; and a third communication unit configured to communicate with a second device in a third network with which a third network interface of the plurality of network interfaces is coupled. When the second communication unit receives data from the second network, the data is transmitted to the first network through the first communication unit without being transmitted to the third network. When the third communication unit receives data from the third network, the data is transmitted to the first network through the first communication unit without being transmitted to the second network.