A method performed by a computing system includes receiving a first request from a first pod being executed on the computing system, responding to the first request with an Internet Protocol (IP) address and a first port range, receiving a second request from a second pod being executed on the computing system, and responding to the second request with the Internet Protocol (IP) address and a second port range that is different than the first port range. The method further includes, with a networking service implemented within the kernel, processing network traffic between external entities and the first and second pods by updating source and destination IP addresses and ports of packets of the network traffic.

Certain embodiments described herein are generally directed to configuring a generic channel for exchanging information between a hypervisor and a virtual machine run by the hypervisor that resides on a host machine. In some embodiments, the generic channel represents a network or communication path enabled by a logical switch that connects a HyperBus running on the hypervisor and a node agent running on the virtual machine. In some embodiments, network traffic handled by the generic channel is isolated from incoming and outgoing network traffic between the virtual machine and one or more other virtual machines or hosts.

The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.

A method and device for efficiently using IPv4 public addresses applied to a core translator deployed between an IPv4 Internet and an IPv6 network, which maps an IPv4 public address into a first-type IPv6 address having a first-type prefix according to a transport layer protocol port range used by an IPv6 server in the IPv6 network, so that the IPv6 server uses the first-type IPv6 address to communicate with a client in the IPv4 Internet; and maps the IPv4 public address into a second-type IPv6 address having a second-type prefix according to a transport layer protocol port range used by an client in the IPv6 network, so that the client in the IPv6 network uses the second-type IPv6 address to communicate with a IPv4 server in the IPv4 Internet. The IPv6 server and the client in the IPv6 network can use the same IPv4 public address to provide different services.

Certain embodiments described herein are generally directed to configuring a generic channel for exchanging information between a hypervisor and a virtual machine run by the hypervisor that resides on a host machine. In some embodiments, the generic channel represents a network or communication path enabled by a logical switch that connects a HyperBus running on the hypervisor and a node agent running on the virtual machine. In some embodiments, network traffic handled by the generic channel is isolated from incoming and outgoing network traffic between the virtual machine and one or more other virtual machines or hosts.

Methods and apparatus for addressing of Virtual Network Functions, VNFs. A registration controller of a VNF instance controls a transmitter to transmit a registration request to a VNF Service Registry, VNF-SR, the registration request identifying a public address of the VNF instance. A receiver of the VNF-SR receives the registration request and a VNF address determiner determines a VNF address for the VNF instance based on the received registration request. A Database Management System, DBMS, stores the determined VNF address in a memory. An event subscriber of a Virtual Network Function Manager, VNFM, controls a transmitter to transmit a subscription request to the VNF-SR, the subscription request comprising an identifier for a VNF. A receiver of a Virtual Configuration Server, VCS, receives a notification from the VNF-SR when a change has occurred in configuration and/or address data stored in the memory of the VNF-SR and relating to one or more VNF instances. A configuration manager determines a configuration instruction for the one or more VNFs based on the received notification, and controls a transmitter to transmit the configuration instruction to the one or more VNF instances.

A RAN-based cellular integration architecture is described that eliminates or minimizes required core network support. A local access gateway (LA-GW) node, which may be a logical and physical node, may provide an interface, with a cellular base station, and may forward downlink and/or uplink local IP packets that are then redirected to the cellular link. Network Address Translation (NAT) and a local access field are used to support transmission of local access packets over the cellular link.

Technology for a user equipment (UE) operable to perform device to device (D2D) discovery in a wireless network is described. The UE can decode D2D discovery parameters received from an eNodeB. The UE can determine a UE D2D discovery resource from the D2D discovery resource allocation based, in part, on the D2D discovery parameters. The UE can encode a D2D discovery message for transmission from the UE to a second UE using the UE D2D discovery resource in the D2D discovery resource allocation.

Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Embodiments herein describe a describe an interface shell in a SmartNIC that reduces data-copy overhead in CPU-centric solutions that rely on hardware compute engine (which can include one or more accelerators). The interface shell offloads tag matching and address translation without CPU involvement. Moreover, the interface shell enables the compute engine to read messages directly from the network without extra data copyi.e., without first copying the data into the CPU's memory.