Systems and methods are provided for near real-time IP user mapping. Such methods may include obtaining IP address assignment data points from different sources including an authentication, authorization, and accounting (AAA) server of a private network, a service provider that provides a computer-based service within the private network, and user devices that have access to the private network. The methods may also include applying an IP mapping rule to the obtained IP address assignment data points to generate IP address mapping.

A network apparatus includes: a plurality of network interfaces; a first communication unit configured to communicate with an input and output apparatus in a first network with which a first network interface of the plurality of network interfaces is coupled; a second communication unit configured to communicate with a first device in a second network with which a second network interface of the plurality of network interfaces is coupled; and a third communication unit configured to communicate with a second device in a third network with which a third network interface of the plurality of network interfaces is coupled. When the second communication unit receives data from the second network, the data is transmitted to the first network through the first communication unit without being transmitted to the third network. When the third communication unit receives data from the third network, the data is transmitted to the first network through the first communication unit without being transmitted to the second network.

The present disclosure is directed towards systems and methods for transmitting data packets to a software container executing on a host computing device. A network service can be enabled within a software container established on the host computing device. A data packet of a request formatted according to the network service can be received via a first port of a first subnetwork assigned to the host computing device. The data packet can be forwarded to a second port assigned to the software container, responsive to a network address translation rule associating the second port assigned to the software container with the first port of the host computing device. The second port can be a port of a second subnetwork assigned to the software container. The data packet can be processed according to the network service within the software container.

In one embodiment, a method includes receiving on a private network at a Network Address Translation (NAT) gateway, a Generic Routing Encapsulation (GRE) packet comprising a client address and a GRE node private Internet Protocol (IP) address, mapping the client address to the GRE node private IP address at the NAT gateway, storing the mapping at the NAT gateway, replacing the GRE node private IP address in the GRE packet with a public IP address of the NAT gateway, and transmitting the GRE packet from the NAT gateway on a public network. Wherein the mapping is used in forwarding packets received on the public network at the NAT gateway to a client on the private network. An apparatus and logic are also disclosed herein.

Disclosed herein are a server apparatus, a client apparatus, and a method for communication based on network address mutation. The method for communication based on network address mutation, performed by the server apparatus and the client apparatus, includes setting the external address of a network interface for receiving a packet from the client apparatus; setting the internal address of a hidden interface in order to forward the packet received through the network interface to the hidden interface; modifying the external address based on a preset network address mutation rule; and communicating with the client apparatus by forwarding the packet, received from the client apparatus based on the modified external address, to the hidden interface.

The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.

The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.

Methods and apparatuses are described herein for multicast and unicast MAC address assignment protocol (MUMAAP). A first node may transmit, to a second node, based on a unicast MAC address of the second node or a multicast MAC address associated with the second node, a discover message that may include a first MAC address or a first range of MAC addresses. The first node may receive an offer message with a second range of MAC addresses. If the first node selects a second MAC address from the received second range of MAC addresses, the first node may transmit a request message indicating that the second MAC address or the second range of MAC addresses is allocated to the first node. The first node may receive an acknowledge message indicating that the second MAC address or the second range of MAC addresses is allocated to the first node.

Methods and apparatuses are described herein for multicast and unicast MAC address assignment protocol (MUMAAP). A first node may transmit, to a second node, based on a unicast MAC address of the second node or a multicast MAC address associated with the second node, a discover message that may include a first MAC address or a first range of MAC addresses. The first node may receive an offer message with a second range of MAC addresses. If the first node selects a second MAC address from the received second range of MAC addresses, the first node may transmit a request message indicating that the second MAC address or the second range of MAC addresses is allocated to the first node. The first node may receive an acknowledge message indicating that the second MAC address or the second range of MAC addresses is allocated to the first node.

A network device may receive, from a source device, an option request that includes a source address of the source device and a destination address of a destination device, wherein the network device is associated with an Internet protocol version 6 (IPv6) network. The network device may identify a map code that is associated with an address translation for traffic associated with the destination device and may determine, based on identifying the map code, a source prefix code and a destination prefix code for the address translation. The network device may determine a source IPv6 prefix and a destination IPv6 prefix for the address translation based on the source prefix code and the destination prefix code and may provide, to the source device, an option response to the option request to permit the source device to use the source IPv6 prefix and the destination IPv6 prefix for the traffic.