A method, apparatus, and system for distributing and vitalizing a NAT are described. The method includes: maintaining a mapping table associating first and second endpoint addresses of a device, the first and second endpoint addresses indicating the device for first and second routers, respectively; maintaining a routing table for routing between the first and second routers, the routing table associating the first and second routers with first and second location addresses, respectively; and forwarding the first and/or second endpoint addresses to a selected router, the selected router being one of the first router, the second router, or a router exchanging network traffic between the first and second routers, wherein the selected router translates network traffic indicating the first endpoint address to indicate the second endpoint address.

Some embodiments of the invention provide a novel network architecture for advertising routes in an availability zone (AZ). The novel network architecture includes a set of route servers for receiving advertisements of network addresses as being available in the AZ from different routers in the AZ. The novel network architecture also includes multiple host computers that each execute a router that (i) identifies network addresses available on the host computer, (ii) sends advertisements of the identified network addresses to the set of route servers, and (iii) receives advertisements from the set of route servers regarding network addresses available on other host computers. The identified network addresses, in some embodiments, include at least one of network addresses associated with data compute nodes (DCNs) and network addresses associated with services available at the host computer. The route servers advertise the received network addresses to other routers in the AZ.

Some embodiments of the invention provide a novel network architecture for providing edge services of a virtual private cloud (VPC) at host computers hosting machines of the VPC. The host computers in the novel network architecture are reachable from external networks through a gateway router of an availability zone (AZ). The gateway router receives a data message from the external network addressed to one or more data compute nodes (DCNs) in the VPC and forwards the data message to a particular host computer identified as providing a distributed edge service for the VPC. The particular host computer, upon receiving the forwarded data message, performs the distributed edge service and provides the serviced data message to a destination DCN.

An example apparatus includes a first network interface to connect to a provider router in a core network, a second network to connect to an input/output (I/O) router in a local access network that includes a plurality of different endpoint devices, a routing block to determine a first set of data that is to be passed-through without receiving network address translation, and a processor, wherein the processor is to generate a plurality of virtual carrier grade network address translation (vCG-NAT) instances, wherein the plurality of vCG-NAT instances is to route a second set of data between the provider router and the I/O router, wherein the routing block is to route the second set of data to a correct vCG-NAT instance of the plurality of vCG-NAT instances based on routing information in the routing block.

Described herein are systems, methods, and software to manage internet protocol (IP) address allocation for tenants in a computing environment. In one implementation, a logical router associated with a tenant in the computing environment requests a public IP address for a new segment instance from a controller. In response to the request, the controller may select a public IP address from a pool of available IP addresses and update networking address translation (NAT) on the logical router to associate the public IP address with a private IP address allocated to the new segment instance.

An active-active cluster control method includes that a control node receives a first query request from a first network processing node in an active-active cluster, configures an outbound forwarding rule based on forwarding information, generates an inbound forwarding rule, and sends the outbound forwarding rule to the first network processing node. The control node may further receive a second query request, determine that forwarding information of a second packet matches the inbound forwarding rule, obtain the recorded inbound forwarding rule, and send the inbound forwarding rule to the second network processing node.

This application discloses an address management method for a virtual broadband gateway (vBNG) in which a user plane and a control plane are separated. A user plane device receives a first packet that includes a private address of a terminal, the user plane device is provided with a public address pool and/or a port number corresponding to each public address in the public address pool. The user plane device generates address translation information of the terminal, where the address translation information of the terminal includes the private address, a public address in the public address pool, and a port number range, the address translation information of the terminal is used by the user plane device to translate an address of a service packet, and the service packet is a packet from the terminal or a packet to be sent to the terminal.

A system, method and program product for provisioning a large scale network address translation (LSN) system. A system is disclosed that processes packets between a router and a TCP/IP network. The system includes a plurality of LSN appliances and a flow processor embedded in each of the plurality of LSN appliances. Each flow processor includes: a hash function that determines an owner appliance from the plurality of LSN appliances for a request received from the router based on a private IP address of the request; a look-up table that that determines the owner appliance from the plurality of LSN appliances for a response received from the TCP/IP network based on a public IP address of the response; and a packet routing system that routes a received request or a received response to the owner appliance.

A method is implemented by a network device for enabling destination network address translation in a cloud network. The method includes determining that packets having a first public address as a source address and a second public address as a destination address are to be forwarded to a first host that is assigned a first private address and sending a first advertisement message to a gateway indicating that packets having the first public address as a source address and the second public address as a destination address are to be forwarded to a first switch connected to the first host, where the first switch is configured to translate the destination address of those packets from the second public address to the first private address assigned to the first host.

Methods, system, and computer program product for implementing an address translation service that uses nondenominational address handles instead of IP addresses between private cloud domain and public cloud domains. The address translation service can be implemented to enable a data-center running in a private cloud domain to communicate with the public cloud domain data-center over load balancers. In addition, the address translation service ensures that all services that need to communicate across data-centers can be reached over load balancers. As such, to avoid conflicting subnets used by a data center from the private cloud domain and the public cloud domain, services in the public cloud domain use a private cloud load balancer to connect with the services in a private cloud domain. Similarly, a public cloud load balancer is used to connect with services in the private cloud domain.