In some embodiments, a method receives a packet for a flow from a first application in a first workload to a second application in a second workload. The packet includes an inner header that includes layer 4 information for the first application. The method determines if a setting indicates an outer source port in an outer header should be generated using layer 4 information from the inner header. The setting is based on an analysis of packet types in the flow to determine if fragmented packets are sent. When the setting indicates the outer source port in the outer header should be generated using layer 4 information from the inner header, the method generates the outer source port using the layer 4 information for the first application from the inner header. The packet is encapsulated using the outer header, wherein the outer header includes the outer source port.

In some embodiments, a method receives a packet for a flow from a first application in a first workload to a second application in a second workload. The packet includes an inner header that includes layer 4 information for the first application. The method determines if a setting indicates an outer source port in an outer header should be generated using layer 4 information from the inner header. The setting is based on an analysis of packet types in the flow to determine if fragmented packets are sent. When the setting indicates the outer source port in the outer header should be generated using layer 4 information from the inner header, the method generates the outer source port using the layer 4 information for the first application from the inner header. The packet is encapsulated using the outer header, wherein the outer header includes the outer source port.

Methods, systems, and computer readable media can be operable to facilitate the intercept and manipulation of content requested by a client device. The methods, systems, and apparatuses described herein enable the interception and redirection of packets based upon a set of rules. Intercepted packets may be redirected away from an origin server and may be forwarded to a splicing device. The splicing device may establish a session with a corresponding origin server, and retrieve content that is requested by the intercepted packet. In embodiments, the splicing device may identify alternate content that is associated with the intercepted packet and/or content that is further associated with a device or subscriber associated with the packet. One or more segments of the requested content, or the entirety of the requested content may be replaced with the alternate content, and the modified content may be output to the client device requesting the content.

Methods, systems, and computer readable media can be operable to facilitate the intercept and manipulation of content requested by a client device. The methods, systems, and apparatuses described herein enable the interception and redirection of packets based upon a set of rules. Intercepted packets may be redirected away from an origin server and may be forwarded to a splicing device. The splicing device may establish a session with a corresponding origin server, and retrieve content that is requested by the intercepted packet. In embodiments, the splicing device may identify alternate content that is associated with the intercepted packet and/or content that is further associated with a device or subscriber associated with the packet. One or more segments of the requested content, or the entirety of the requested content may be replaced with the alternate content, and the modified content may be output to the client device requesting the content.

Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

In some examples, an example method to provide a virtualized Carrier-grade Network Address Translation (CGN) at a first customer edge router may include establishing a tunnel between the first customer edge router and each aggregation router among one or more aggregation routers, performing a Network Address Translation (NAT) on a first data packet to create a NAT'ed first data packet, selecting a first aggregation router from amongst the one or more aggregation routers to send the NAT'ed first data packet to, encapsulating the NAT'ed first data packet with overlay information corresponding to a tunnel established between the first customer edge router and a first aggregation router, and sending the encapsulated NAT'ed first data packet through the tunnel to the first aggregation router.

In some examples, an example method to provide a virtualized Carrier-grade Network Address Translation (CGN) at a first customer edge router may include establishing a tunnel between the first customer edge router and each aggregation router among one or more aggregation routers, performing a Network Address Translation (NAT) on a first data packet to create a NAT'ed first data packet, selecting a first aggregation router from amongst the one or more aggregation routers to send the NAT'ed first data packet to, encapsulating the NAT'ed first data packet with overlay information corresponding to a tunnel established between the first customer edge router and a first aggregation router, and sending the encapsulated NAT'ed first data packet through the tunnel to the first aggregation router.

The disclosure discloses a network device, an apparatus, and a network system. The network device receives a reply packet sent by a DHCP service device, and determines a first next-hop address from a plurality of next-hop addresses corresponding to a destination IP address of the reply packet, where the first next-hop address is a first tunnel endpoint IP address of the relay device and is different from a tunnel endpoint IP address of another relay device in a target anycast group to which the relay device belongs, and a communication connection is established between each relay device in the target anycast group and the client. The network device may forward the reply packet to the relay device based on the first next-hop address.

The disclosure discloses a network device, an apparatus, and a network system. The network device receives a reply packet sent by a DHCP service device, and determines a first next-hop address from a plurality of next-hop addresses corresponding to a destination IP address of the reply packet, where the first next-hop address is a first tunnel endpoint IP address of the relay device and is different from a tunnel endpoint IP address of another relay device in a target anycast group to which the relay device belongs, and a communication connection is established between each relay device in the target anycast group and the client. The network device may forward the reply packet to the relay device based on the first next-hop address.