A system is configured to perform operations that include determining an exception event corresponding to a transmission of a plurality of network packets over an electronic network. The electronic network may cause network address translation to be performed on the plurality of network packets. The operations may also include identifying, based on a log of the plurality of network packets, a first network packet associated with the exception event and calculating, based on a payload portion of the first network packet, a packet signature corresponding to the first network packet. The operations may further include determining, based on a comparison between a first data structure and a second data structure using the packet signature, original source address information that corresponds to the first network packet prior to the network address translation being performed on the first network packet.

The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.

Disclosed is a gateway handover method, including: monitoring a communication state of an ISP connected to a gateway to be monitored; in a case that a communication failure occurs in the ISP connected to the gateway to be monitored, selecting a repeater having a backup gateway function as a new gateway; and in response to a gateway handover operation, selecting a preset gateway handover mode for gateway handover. Also disclosed are a gateway handover apparatus, a terminal device, and a storage medium.

Disclosed is a gateway handover method, including: monitoring a communication state of an ISP connected to a gateway to be monitored; in a case that a communication failure occurs in the ISP connected to the gateway to be monitored, selecting a repeater having a backup gateway function as a new gateway; and in response to a gateway handover operation, selecting a preset gateway handover mode for gateway handover. Also disclosed are a gateway handover apparatus, a terminal device, and a storage medium.

Systems and methods are provided for near real-time IP user mapping. Such methods may include obtaining IP address assignment data points from different sources including an authentication, authorization, and accounting (AAA) server of a private network, a service provider that provides a computer-based service within the private network, and user devices that have access to the private network. The methods may also include applying an IP mapping rule to the obtained IP address assignment data points to generate IP address mapping.

Described herein are systems, methods, and software to manage internet protocol (IP) address allocation for tenants in a computing environment. In one implementation, a logical router associated with a tenant in the computing environment requests a public IP address for a new segment instance from a controller. In response to the request, the controller may select a public IP address from a pool of available IP addresses and update networking address translation (NAT) on the logical router to associate the public IP address with a private IP address allocated to the new segment instance.

Described herein are systems, methods, and software to manage internet protocol (IP) address allocation for tenants in a computing environment. In one implementation, a logical router associated with a tenant in the computing environment requests a public IP address for a new segment instance from a controller. In response to the request, the controller may select a public IP address from a pool of available IP addresses and update networking address translation (NAT) on the logical router to associate the public IP address with a private IP address allocated to the new segment instance.

A DTLS server receives a first DTLS packet from the device to initiate a DTLS session with the DTLS server, wherein the first DTLS packet is encapsulated in a first UDP packet, a header of the first UDP packet includes a destination port number in an unregistered port number range of 1024 to 49151. In response to receiving the destination port number, the DTLS server assigns a Session ID (SID) for the DTLS session. The DTLS server associates a session key for the DTLS session with the SID. The DTLS server sends a second DTLS packet to the device, wherein the second DTLS packet is encapsulated in a second UDP packet, a header of the second UDP packet includes a source port number set to the destination port number, a payload of the second UDP packet includes the second DTLS packet and carries the SID outside the second DTLS packet.

According to an example, security and access control may include receiving traffic that is related to an application tier of a plurality of application tiers, and that is to be routed to another application tier or within the application tier. The attributes of the traffic related to the application tier may be analyzed, and based on the analysis, an application related to the traffic and a type of the traffic may be determined. The type of the traffic may be compared to a policy related to the application to determine whether the traffic is valid traffic or invalid traffic. Based on a determination that the traffic is valid traffic, the valid traffic may be forwarded to an intended destination. Further, based on a determination that the traffic is invalid traffic, the invalid traffic may be forwarded to a predetermined destination or blocked.

A method for a virtual machine to access a physical server in a cloud computing system is disclosed. A cloud platform allocates, to the service deployed on the physical server, a publishing IP address and a publishing port and sends a NAT rule to an access network element of the virtual machine. When receiving a service access request for accessing the service, the access network element modifies, according to the NAT rule, a destination address of the service access request into the IP address and the port that are of the physical server, and routes the modified service access request to the physical server, so that the virtual machine can access the service on the physical server without knowing a real IP address and port of the physical server.