A method for coordinating distributed network address translation (NAT) in a network within which several logical networks are implemented. The logical networks include several tenant logical networks and at least one service logical network that include service virtual machines (VMs) that are accessed by VMs of the tenant logical networks. The method defines a group of replacement IP address and port number pairs. Each pair is used to uniquely identify a VM across all tenant logical networks. The method sends to at least one host that is hosting a VM of a particular tenant logical network, a set of replacement IP address and port number pairs. Each replacement IP address and port number pair can be used by the host to replace a source IP address and a source port number in a packet that is destined from the particular VM to a VM of the particular service logical network.

This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routeable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.

A method is implemented by a network device for enabling destination network address translation in a cloud network. The method includes determining that packets having a first public address as a source address and a second public address as a destination address are to be forwarded to a first host that is assigned a first private address and sending a first advertisement message to a gateway indicating that packets having the first public address as a source address and the second public address as a destination address are to be forwarded to a first switch connected to the first host, where the first switch is configured to translate the destination address of those packets from the second public address to the first private address assigned to the first host.

Some embodiments of the invention provide a novel network architecture for advertising routes in an availability zone (AZ). The novel network architecture includes a set of route servers for receiving advertisements of network addresses as being available in the AZ from different routers in the AZ. The novel network architecture also includes multiple host computers that each execute a router that (i) identifies network addresses available on the host computer, (ii) sends advertisements of the identified network addresses to the set of route servers, and (iii) receives advertisements from the set of route servers regarding network addresses available on other host computers. The identified network addresses, in some embodiments, include at least one of network addresses associated with data compute nodes (DCNs) and network addresses associated with services available at the host computer. The route servers advertise the received network addresses to other routers in the AZ.

A method for implementing service continuity, performed by a session management (SM) function (SMF) network element may include receiving a target relocation message, the target relocation message carrying target traffic routing information, the target traffic routing information comprising a target data network (DN) access identifier (DNAI) and network address translation (NAT) information, the NAT information comprising a target user equipment (UE) network address, a first application server (AS) network address, and a second AS network address, wherein a target UE corresponding to the target UE network address has established a target protocol data unit (PDU) session to a first PDU session anchor (PSA) user plane function (UPF) network element and is configured to communicate with a first AS corresponding to the first AS network address.

This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.

An active-active cluster control method including: a control node receives a first query request sent by a first network processing node in an active-active cluster, configures an outbound forwarding rule based on forwarding information, generates an inbound forwarding rule, and sends the outbound forwarding rule to the first network processing node. The control node may further receive a second query request, determine that forwarding information of a second packet matches the inbound forwarding rule, obtain the recorded inbound forwarding rule, and send the inbound forwarding rule to the second network processing node. thereby avoiding problems such as a packet loss and service interruption.

Examples include a computing system having a plurality of processing cores and a memory coupled to the plurality of processing cores. The memory has instructions stored thereon that, in response to execution by a selected one of the plurality of processing cores, cause the following actions. The selected processing core to receive a packet and get an original tuple from the packet. When no state information for a packet flow of the packet exists in a state table, select a new network address as a new source address for the packet, get a reverse tuple for a reverse direction, select a port for the packet from an entry in a mapping table based on a hash procedure using the reverse tuple, and save the new network address and selected port. Translate the packet's network address and port and transmit the packet.

A node of a network address translator obtains a first packet. A particular port number to be used as a substitute port for a packet flow associated with the first packet is determined using at least a first intermediate hash result, a particular flow hash value range assigned to the node, and a lookup table. The first intermediate hash result is obtained from a flow tuple of the first packet, and the lookup table comprises an entry indicating a mapping between the particular port number and a second intermediate hash result. A second packet, in which the source port is the set to the substitute port number, is transmitted to a recipient indicated in the first packet.

This disclosure describes techniques for providing a distributed scalable architecture for Network Address Translation (NAT) systems with high availability and mitigations for flow breakage during failover events. The NAT servers may include functionality to serve as fast-path servers and/or slow-path servers. A fast-path server may include a NAT worker that includes a cache of NAT mappings to perform stateful network address translation and to forward packets with minimal latency. A slow-path server may include a mapping server that creates new NAT mappings, depreciates old ones, and answers NAT worker state requests. The NAT system may use virtual mapping servers (VMSs) running on primary physical servers with state duplicated VMSs on different physical failover servers. Additionally, the NAT servers may implement failover solutions for dynamically allocated routeable address/port pairs assigned to new sessions by assigning new outbound address/port pairs when a session starts and broadcasting pairing information.