Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

A method includes: receiving communications from first and second tenants of a multi-tenant computing environment over first and second dedicated networks, respectively, the communications being transmitted to a first globally unique IP address in first and second dedicated environments, respectively; NATing the first globally unique IP address, to which the communication from the first tenant was transmitted, to a first non-globally unique IP address that is locally unique in the service provider environment; NATing the first globally unique IP address, to which the communication from the second tenant was transmitted, to a second non-globally unique IP address that is locally unique in the service provider environment; providing the communication from the first tenant and the communication from the second tenant access to a shared resource in the service provider environment using the first and second non-globally unique IP addresses, respectively.

A system and method for connecting virtual computer networks in a public cloud computing environment using a transit virtual computer network uses a cloud gateway device in the transit virtual computer network that includes a first-tier logical router and a plurality of second-tier logical routers connected to the virtual computer networks. A source Internet Protocol (IP) address of outgoing data packets from a particular virtual computer network is translated at a particular second-tier logical router of the cloud gateway device from an IP address of the particular virtual computer network to an internal IP address from a particular pool of IP addresses. The outgoing data packets are then routed to the first-tier logical router of the cloud gateway device, where the outgoing data packets are transmitted a destination network from a particular interface of the first-tier logical router of the cloud gateway device.

The disclosed computer-implemented method for improving network efficiency may include (i) receiving, from a client device, and at a publicly available on-demand cloud computing platform, a network packet that indicates an origination network address of an intermediary local network gateway that forwarded the network packet rather than an actual network address of the client device, and (ii) inserting, into the network packet, and at the publicly available on-demand cloud computing platform, network address translation information indicating a path to the actual network address of the client device to enable a virtual node within the publicly available on-demand cloud computing platform to identify the client device. Various other methods, systems, and computer-readable media are also disclosed.

A method for facilitating communication between resources in different virtual networks includes creating a first virtual network and a second virtual network within a cloud computing system and creating a first subnet within the first virtual network and a second subnet within the second virtual network. The method also includes mapping the first subnet to the second subnet such that the resources in the first subnet and the second subnet are able to communicate with each other using private address space. The method also includes routing data packets between the first subnet and the second subnet.

A system and method for redirecting data packets communicated to a computing device over an overlay network is disclosed. The method includes monitoring resources installed on the computing device to identify the resources communicating over dedicated underlay IP address. The method further includes creating a rule based on the resources identified. The rule is transferred and stored on the computing device. On receiving a data packet, the rule is executed for redirecting the data packets from the overlay network to an underlay network and vice versa. The data packets are redirected by translating a destination IP address on a header of the data packet from an overlay IP address to an underlay IP address. The method thus redirects the data packets from the overlay network to the underlay network before reaching the resource, thereby preventing dropping of the data packet.

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a packet from a client, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the client; selecting a destination virtual machine based on the destination port; modifying the packet by replacing the destination IP address in the header information with an IP address of the selected destination virtual machine; and sending the modified packet to the destination virtual machine.