A method for coordinating distributed network address translation (NAT) in a network within which several logical networks are implemented. The logical networks include several tenant logical networks and at least one service logical network that include service virtual machines (VMs) that are accessed by VMs of the tenant logical networks. The method defines a group of replacement IP address and port number pairs. Each pair is used to uniquely identify a VM across all tenant logical networks. The method sends to at least one host that is hosting a VM of a particular tenant logical network, a set of replacement IP address and port number pairs. Each replacement IP address and port number pair can be used by the host to replace a source IP address and a source port number in a packet that is destined from the particular VM to a VM of the particular service logical network.

Methods and systems for performing a Mapping of Address and Port using translation (MAP-T) data plane verification. A method for performing a MAP-T data plane verification includes initiating, by a diagnostic server provisioned with at least MAP-T diagnostic rules, a MAP-T diagnostic on a border relay provisioned with MAP-T rules, generating, by the diagnostic server, a diagnostic packet per the MAP-T diagnostic rules, sending, by the diagnostic server, the diagnostic packet to the border relay, performing, by the border relay, a translation on the diagnostic packet per the provisioned MAP-T rules, analyzing, by the diagnostic server to generate a report, at least a translation accuracy of a received translated diagnostic packet, and configuring at least one device based on a received report.

Methods and systems for performing a Mapping of Address and Port using translation (MAP-T) data plane verification. A method for performing a MAP-T data plane verification includes initiating, by a diagnostic server provisioned with at least MAP-T diagnostic rules, a MAP-T diagnostic on a border relay provisioned with MAP-T rules, generating, by the diagnostic server, a diagnostic packet per the MAP-T diagnostic rules, sending, by the diagnostic server, the diagnostic packet to the border relay, performing, by the border relay, a translation on the diagnostic packet per the provisioned MAP-T rules, analyzing, by the diagnostic server to generate a report, at least a translation accuracy of a received translated diagnostic packet, and configuring at least one device based on a received report.

According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations. The operations comprise receiving a packet comprising a source address; selecting an uplink for the packet, the uplink selected from a plurality of uplinks based on an uplink selection policy; determining whether the source address is valid on the selected uplink; determining whether to keep or re-write the source address based on whether the source address is valid on the selected uplink; keeping the source address when the source address is valid on the selected uplink or re-writing the source address when the source address is not valid on the selected uplink; and sending the packet to the selected uplink.

According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations. The operations comprise receiving a packet comprising a source address; selecting an uplink for the packet, the uplink selected from a plurality of uplinks based on an uplink selection policy; determining whether the source address is valid on the selected uplink; determining whether to keep or re-write the source address based on whether the source address is valid on the selected uplink; keeping the source address when the source address is valid on the selected uplink or re-writing the source address when the source address is not valid on the selected uplink; and sending the packet to the selected uplink.

A system administrator can specify NAT mappings to perform NAT translations in a switch. The administrator can specify an ACL to filter packets to be translated. Filter rules generated from the ACL are stored in a first memory store in a switch and NAT rules generated from the NAT mappings are stored in a second memory store separate from the first memory store. When a packet matches one of the filter rules a tag that identifies the ACL is associated with the packet. When the tagged packet matches one of the NAT rules, the packet is translated according to the matched NAT rule.

Some embodiments provide a novel method for performing network address translation to share a limited number of external source network addresses among a large number of connections. Instead of allocating an external source network address for an egressing packet just based on its internal source network address, the method of some embodiments allocates the external source network address based on the egressing packet's source network address and destination network address. This allows a limited number of external source network addresses to be re-used for different destination network address. For instance, in some embodiments, the method's network address allocation scheme allows the same 64K (e.g., 2{circumflex over ( )}16) external source ports to be used for 64K connections for each destination network address.

Presented herein are embodiments that provide mobile edge computing (MEC) with low latency traffic segregation within a packet data network (PDN) using dedicated bearers. Techniques are provided that are performed at an edge user plane entity and a control plane entity to coordinate the directing of low latency traffic over a dedicated bearer broken out at the edge, and to communicate normal latency traffic over a default bearer that is centrally broken out.

A network device may receive, from a source device, an option request that includes a source address of the source device and a destination address of a destination device, wherein the network device is associated with an Internet protocol version 6 (IPv6) network. The network device may identify a map code that is associated with an address translation for traffic associated with the destination device and may determine, based on identifying the map code, a source prefix code and a destination prefix code for the address translation. The network device may determine a source IPv6 prefix and a destination IPv6 prefix for the address translation based on the source prefix code and the destination prefix code and may provide, to the source device, an option response to the option request to permit the source device to use the source IPv6 prefix and the destination IPv6 prefix for the traffic.

This disclosure describes techniques for implementing network address translation as a distributed service over the nodes of a logical network fabric, such as a software-defined network fabric. A method includes registering, by an edge node of a network, an IP address of a client device. The method further includes forwarding, by the edge node, the registered IP address to a control plane of the network. The method further includes checking, by the control plane, a network address translation policy. The method further includes recording, by the control plane, translations between the registered IP address and an allocated IP address in a translation table, each of the translations being related to the edge node. The method further includes returning, by the control plane, the translations between the registered IP address and the allocated IP address to the edge node.