A method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

The technology disclosed relates to detection and resolution of conflicts between requested internet services and package of internet services associated with a domain. The method disclosed includes receiving a request from a client to add a requested internet service to a package of internet services. The method includes searching a domain name system (DNS) database for DNS records or a DNS server for external domains having attribute fields indicating attributes of the internet services in the package of internet services. The method includes comparing attributes of the requested internet service to attribute fields for the internet services in the package of internet services using a set of conflict definitions to identify attributes of the internet service requested conflicting with attributes of the package of internet services. When conflicting attributes are identified, the method includes invoking a resolution process to resolve the conflict.

Disclosed are a communication method and apparatus based on edge computing, a computer storage medium, and an electronic device. The communication method based on edge computing includes: receiving an uplink Internet Protocol (IP) packet transmitted by a user equipment, a destination address of the uplink IP packet being a network address of a target application server; determining a network address of a local edge server that is configured to respond to the uplink IP packet according to the network address of the target application server; and modifying the destination address of the uplink IP packet to the network address of the local edge server, and forwarding the modified uplink IP packet to the local edge server for processing.

Passive determination of reserved internet protocol (IP) conflicts on one or more hosted virtual private networks (VPNs) extracts configuration information for a plurality of hosting VPNs to build an aggregated list of IP addresses with mask and associated VPN information. A route table is extracted from a router directing traffic to an appropriate VPN host among the plurality of hosting VPNs, and a sorted list with host/network address, subnet mask, and associated VPN information is generated. The configuration information and the route table is used to expand and normalize a set of network entries.

A system and method for implementing M-TIF to integrate one or more non-IP tactical nodes as an integral part of a 5G network includes a tactical translator. The tactical translator provides I/O functionality, message encapsulation, message translation, and IP-to-non-IP address translation. The tactical translator may be interposed between a tactical gateway and a tactical proxy to securely bridge legacy non-IP waveforms with the 5G Core.

Virtual networks may be launched in a provider network with an initial IP address space (e.g., an IPv4 CIDR block). Methods are described that allow additional IP address spaces to be added to a virtual network. A new IP address space for a virtual network may be specified via an API. The specified space may be checked to insure that it does not overlap with IP spaces that are associated with the virtual network. If there are no overlaps, the space is added to the network, for example by adding the space to the network's route tables.

A multi-cloud service system establishes tunnels and network overlays across multiple CSPs while meeting a criterion for a latency threshold. The system conducts a latency benchmarking evaluation across each cloud region for multiple CSPs and based on the latency bench marking evaluation results, the system may identify a group of cloud regions that satisfy a criterion such as predetermined maximum latency threshold or geographical restriction. The system may provision the group of cloud regions by provisioning a tunnel between nodes of the multiple CSPs. The system further establishes an overlay network on top of the tunnel by encapsulating packets using encapsulation end point such as VTEP (VXLAN tunnel end point) over VXLAN (Virtual Extension Local Area Network), which may help to ensure reliable transmission of packets from pod to pod. The system may inject user data into each node to initiate operations across the provisioned nodes using injected user data.

Embodiments of the disclosure provide a data transmission method. The method can include receiving a first packet sent by a virtual private network user, wherein the first packet carries a first destination address that does not belong to an address range that has been configured for a virtual private network where the virtual private network user is located, converting the first destination address to a second destination address, generating a second packet according to the second destination address and the first packet, and sending the second packet outside the virtual private network where the virtual private network user is located.

Some embodiments of the invention provide a method for adding routable subnets to a logical network that connects multiple machines and is implemented by a software defined network (SDN). The method receives an intent-based API that includes a request to add a routable subnet to the logical network. The method defines (i) a VLAN (virtual local area network) tag associated with the routable subnet, (ii) a first identifier associated with a first logical switch to which at least a first machine in the multiple machines that executes a set of containers belonging to the routable subnet attaches, and (iii) a second identifier associated with a second logical switch designated for the routable subnet. The method generates an API call that maps the VLAN tag and the first identifier to the second identifier. The method provides the API call to a management and control cluster of the SDN to direct the management and control cluster to implement the routable subnet.