Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a packet from a client, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the client; selecting a destination virtual machine based on the destination port; modifying the packet by replacing the destination IP address in the header information with an IP address of the selected destination virtual machine; and sending the modified packet to the destination virtual machine.

A method for interconnecting two or more virtual private networks in a hybrid multi-cloud computing environment. The method may include remapping a first virtual private network to a first Internet Protocol address range that does not overlap with a second Internet Protocol address range of a second virtual private network. The remapping may include assigning, to a first endpoint in the first virtual private network, a first Internet Protocol address that differs from a second Internet Protocol address of a second endpoint in the second virtual private network. Traffic between the first virtual private network, the second virtual private network, and/or a third virtual private network may be routed based at least on the first Internet Protocol address range and the second Internet Protocol address range. Related systems and articles of manufacture, including computer program products, are also provided.

Virtual networks may be launched in a provider network with an initial IP address space (e.g., an IPv4 CIDR block). Methods are described that allow additional IP address spaces to be added to a virtual network. A new IP address space for a virtual network may be specified via an API. The specified space may be checked to insure that it does not overlap with IP spaces that are associated with the virtual network. If there are no overlaps, the space is added to the network, for example by adding the space to the network's route tables.

A method for facilitating communication between resources in different virtual networks includes creating a first virtual network and a second virtual network within a cloud computing system and creating a first subnet within the first virtual network and a second subnet within the second virtual network. The method also includes mapping the first subnet to the second subnet such that the resources in the first subnet and the second subnet are able to communicate with each other using private address space. The method also includes routing data packets between the first subnet and the second subnet.

Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

The technology disclosed relates to detection and resolution of conflicts between requested internet services and package of internet services associated with a domain. The method disclosed includes receiving a request from a client to add a requested internet service to a package of internet services. The method includes searching a domain name system (DNS) database for DNS records or a DNS server for external domains having attribute fields indicating attributes of the internet services in the package of internet services. The method includes comparing attributes of the requested internet service to attribute fields for the internet services in the package of internet services using a set of conflict definitions to identify attributes of the internet service requested conflicting with attributes of the package of internet services. When conflicting attributes are identified, the method includes invoking a resolution process to resolve the conflict.

Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

A system and method for connecting virtual computer networks in a public cloud computing environment using a transit virtual computer network uses a cloud gateway device in the transit virtual computer network that includes a first-tier logical router and a plurality of second-tier logical routers connected to the virtual computer networks. A source Internet Protocol (IP) address of outgoing data packets from a particular virtual computer network is translated at a particular second-tier logical router of the cloud gateway device from an IP address of the particular virtual computer network to an internal IP address from a particular pool of IP addresses. The outgoing data packets are then routed to the first-tier logical router of the cloud gateway device, where the outgoing data packets are transmitted a destination network from a particular interface of the first-tier logical router of the cloud gateway device.

A method includes: receiving communications from first and second tenants of a multi-tenant computing environment over first and second dedicated networks, respectively, the communications being transmitted to a first globally unique IP address in first and second dedicated environments, respectively; NATing the first globally unique IP address, to which the communication from the first tenant was transmitted, to a first non-globally unique IP address that is locally unique in the service provider environment; NATing the first globally unique IP address, to which the communication from the second tenant was transmitted, to a second non-globally unique IP address that is locally unique in the service provider environment; providing the communication from the first tenant and the communication from the second tenant access to a shared resource in the service provider environment using the first and second non-globally unique IP addresses, respectively.

Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.