A packet is received by a hypervisor from a first container, the packet to be provided to a second container, the packet including a header including a first network address associated with the second container. A network policy is identified for the packet in view of the first network address. A second network address corresponding to the second container is determined in view of the network policy. A network address translation is performed by the hypervisor to modify the header of the packet to include the second network address corresponding to the second container.

Some embodiments of the invention provide a method for processing data messages for routable subnets of a logical network, the logical network implemented by a software-defined network (SDN) and connecting multiple machines. The method receives an inbound data message. The method performs a DNAT (destination network address translation) operation on the received data message to identify a record associated with a destination IP (Internet protocol) address of the data message. From the record, the method identifies a VLAN (virtual local area network) identifier, an LNI (logical network identifier), and a destination host computer IP address for the data message. The method encapsulates the data message with an outer header containing the destination host computer IP address and the VLAN identifier. The method forwards the encapsulated data message to the destination host computer.

Systems, devices and methods for concealing radio communications and the spatial position of radio transmitters involved therein include the use of electrotechnical signal variation and dynamic, pseudo-random radio identifier. Transmitted radio signals contain radio identifiers identifying the transmitting mobile radio device. Each radio identifier is dynamically selected for each radio signal from a sequence of radio identifiers selected from a set of predefined pseudo-random sequences. The sequence is selected based on a predetermined selection rule. The radio identifier is selected from the thus selected sequence according to a predetermined deterministic update pattern associated with the selected sequence. The associated transmission power and/or transmission frequency is dynamically varied on the transmitter side according to a predetermined deterministic variation scheme.

Example methods and systems for virtual tunnel virtualized computing instance (VTEP) learning based on transport protocol information are described. In one example, a computer system may learn first mapping information and second mapping information. The first mapping information may associate (a) a first VTEP with (b) first transport protocol information and inner address information associated with a first virtualized computing instance. The second mapping information may associate (a) a second VTEP with (b) second transport protocol information and inner address information associated with a second virtualized computing instance. The computer system may detect an egress packet that is addressed to the inner address information. In response to determination that the egress packet specifies the first transport protocol information, a first encapsulated packet may be generated and sent towards the first VTEP. Otherwise, a second encapsulated packet may be generated and sent towards the second VTEP.

The present disclosure provides a method and an apparatus for processing a service request. The method includes: sending a query request for querying a domain name of a server to a DNS; receiving a query response returned according to the query request, where the query response carries a first identifier of an IDGW; sending a service request to the IDGW according to the first identifier, where the service request is used for the IDGW to convert the first identifier into a second identifier of the server and forward the service request to the server according to the second identifier; and receiving a service response message returned from the server in response to the service request.

The invention is that of systems and methods for communications between one or more networks and subsequently network devices configured with a networking application for processing network based communications when the devices are on different logical and physical networks. The methods herein involve translation of remote IP addresses of LAN devices to addresses comprising headend network prefixes, to allow for LAN extension of remote to headend networks and communications between devices on the disparate networks. Data packets from a remote LAN interface are transferred to an outbound interface once translated, then forwarded via a formed bridged tunnel link to a headend network device. A server comprising a local LAN and outbound interface is further configured with a NAT module for IP address translation and an optional security module for additional authenticity verification of remote devices attempting to penetrate the headend network.

A middlebox system that maintains a load balancing configuration in a large scale IoT deployment is provided. The system performs reverse address translation for a first packet of a particular application from a first server to a first client according to a binding structure that couples a source address indicating the first client with (i) a destination addresses indicating the first server and (ii) an application client marker of the first client for the particular application. The system performs reverse address translation for a second packet of the particular application from a second server to the first client by using the application client marker in the binding structure to determine the source address indicating the first client.

Systems and methods for transparent high availability for customer virtual machines using a hypervisor-based side channel bonding and monitoring are disclosed herein. The method can include creating a network path bond between at least one compute instance and a plurality of Network Virtualization Devices (“NVD”), the network path bond including a plurality of network paths, each network path connecting the compute instance with the Virtualized Network Interface Card (“VNIC”) of one of the plurality of NVDs, identifying a first one of the network paths as an active network path and a second one of the network paths as an inactive network path, performing a health check on the active network path, determining that the active network path failed the health check, marking the first one of the network paths as failed subsequent to determining that the active network path failed the health check, and identifying the second one of the network paths as the active network path

Systems and methods for transparent high availability for multi-customer support with hypervisor based bond implementation. The method can include creating a network path bond between a plurality of compute instances and a plurality of Network Virtualization Devices (“NVD”), the network path bond comprising a plurality of network paths, identifying a monitoring bond coupling the plurality of NVDs to a monitoring agent, creating a number of monitoring VNICs, each of the number of monitoring VNICs residing in one of the plurality of NVDs, overlaying a unique IP address to each of the monitoring VNICs, determining with the monitoring agent a health of at least one of network paths, the network paths including an active network path and an inactive network path, and activating the inactive network path when the active network path fails.

The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.