This disclosure describes techniques for implementing network address translation as a distributed service over the nodes of a logical network fabric, such as a software-defined network fabric. A method includes registering, by an edge node of a network, an IP address of a client device. The method further includes forwarding, by the edge node, the registered IP address to a control plane of the network. The method further includes checking, by the control plane, a network address translation policy. The method further includes recording, by the control plane, translations between the registered IP address and an allocated IP address in a translation table, each of the translations being related to the edge node. The method further includes returning, by the control plane, the translations between the registered IP address and the allocated IP address to the edge node.

Some aspects of the methods and systems presented relate to performing stateless address translation between IPv4 capable devices to IPv6 capable networks and devices. Stateless address translation may form a new IPv6 addresses by combining the IPv4 address of a device with an IPv6 prefix address assigned to the translator. The translation may also combine the IPv4 destination address and UDP port information with the new IPv6 address. Existing Domain Name Systems (DNSs) may be leveraged for resolving the IPv4 and IPv6 addresses across different networks.

Some aspects of the methods and systems presented relate to performing stateless address translation between IPv4 capable devices to IPv6 capable networks and devices. Stateless address translation may form a new IPv6 addresses by combining the IPv4 address of a device with an IPv6 prefix address assigned to the translator. The translation may also combine the IPv4 destination address and UDP port information with the new IPv6 address. Existing Domain Name Systems (DNSs) may be leveraged for resolving the IPv4 and IPv6 addresses across different networks.

Methods and systems for performing a Mapping of Address and Port using translation (MAP-T) data plane verification. A method for performing a MAP-T data plane verification includes initiating, by a diagnostic server provisioned with at least MAP-T diagnostic rules, a MAP-T diagnostic on a border relay provisioned with MAP-T rules, generating, by the diagnostic server, a diagnostic packet per the MAP-T diagnostic rules, sending, by the diagnostic server, the diagnostic packet to the border relay, performing, by the border relay, a translation on the diagnostic packet per the provisioned MAP-T rules, analyzing, by the diagnostic server to generate a report, at least a translation accuracy of a received translated diagnostic packet, and configuring at least one device based on a received report.

A method for coordinating distributed network address translation (NAT) in a network within which several logical networks are implemented. The logical networks include several tenant logical networks and at least one service logical network that include service virtual machines (VMs) that are accessed by VMs of the tenant logical networks. The method defines a group of replacement IP address and port number pairs. Each pair is used to uniquely identify a VM across all tenant logical networks. The method sends to at least one host that is hosting a VM of a particular tenant logical network, a set of replacement IP address and port number pairs. Each replacement IP address and port number pair can be used by the host to replace a source IP address and a source port number in a packet that is destined from the particular VM to a VM of the particular service logical network.

In one embodiment, a first networking device associated with a switched network comprises one or more processors and one or more computer-readable media storing computer-executable instructions that, when executed, cause the one or more processors to perform acts comprising configuring, on the first networking device, a network-address-translation (NAT) rule indicating that a first multicast group is to be translated to a second multicast group. The acts further include, at least partly in response to the configuring of the NAT rule, storing the NAT rule at the first networking device, generating a message indicating the NAT rule, and sending the message to at least a second networking device associated with the switched network.

A method and apparatus for setting a network rule entry are described. The method for setting a network rule entry includes: detecting, by the first device, whether the first domain name which is requested to resolve by a domain name resolution request of the second device is matched with a preset second domain name, herein the second device is a device which is mounted beneath the first device; acquiring, by the first device, an IP address corresponding to the first domain name from a response of a resolution request when the first domain name is matched with the second domain name; and setting, by the first device, an IP address in a rule entry corresponding to the second domain name as the IP address corresponding to the first domain name.

Described herein are systems, methods, and software to manage internet protocol (IP) address allocation for tenants in a computing environment. In one implementation, a logical router associated with a tenant in the computing environment requests a public IP address for a new segment instance from a controller. In response to the request, the controller may select a public IP address from a pool of available IP addresses and update networking address translation (NAT) on the logical router to associate the public IP address with a private IP address allocated to the new segment instance.

The disclosure relates to an electronic apparatus and a method of controlling the same. The electronic apparatus includes: a communication interface; and a processor configured to receive log data of a plurality of devices connected to a network through the communication interface, acquire operation time information of each of the devices from the received log data, calculate similarity of the operation time between the plurality of devices based on the acquired operation time information, and determine a device group including two or more devices with relatively high calculated similarity among the plurality of devices.

In one embodiment, a first networking device associated with a switched network comprises one or more processors and one or more computer-readable media storing computer-executable instructions that, when executed, cause the one or more processors to perform acts comprising configuring, on the first networking device, a network-address-translation (NAT) rule indicating that a first multicast group is to be translated to a second multicast group. The acts further include, at least partly in response to the configuring of the NAT rule, storing the NAT rule at the first networking device, generating a message indicating the NAT rule, and sending the message to at least a second networking device associated with the switched network.