Method and apparatus for providing Mobile internet protocol (IP) service through a network address translation gateway. In one example, a gateway between a local area network (LAN) and a wide area network (WAN) is provided. A foreign agent (FA) module is configured to advertise a care-of address (CoA) on the LAN and process registration and mobile IP communication traffic on the LAN and the WAN side of the gateway. A control module is configured to identify the registration and the mobile IP communication traffic on the LAN and the WAN. The control module sends mobile IP traffic to the FA and other traffic to a network address translation (NAT) module. In this manner, network address translation of mobile IP traffic is advantageously omitted. This allows the IP-in-IP tunnels used by mobile IP to pass through the gateway.

Some embodiments provide a method for implementing a logical router in a network. The method receives a definition of a logical router for implementation on a set of network elements. The method defines several routing components for the logical router. Each of the defined routing components includes a separate set of routes and separate set of logical interfaces. The method implements the several routing components in the network. In some embodiments, the several routing components include one distributed routing component and several centralized routing components.

A method of utilizing the same hardware network interface card (NIC) in a gateway of a datacenter to communicate datacenter tenant packet traffic and packet traffic for a set of applications that execute in the user space of the gateway and utilize a network stack in the kernel space of the gateway. The method sends and receives packets for the datacenter tenant packet traffic through a packet datapath in the user space. The method sends incoming packets from the NIC to the set of applications through the datapath in the user space, a user-kernel transport driver connecting the kernel network stack to the datapath in the user space, and the kernel network stack. The method receives outgoing packets at the NIC from the set of applications through the kernel network stack, the user-kernel transport driver, and the data path in the user space.

A novel design of a gateway that handles traffic in and out of a network by using a datapath daemon is provided. The datapath daemon is a run-to-completion process that performs various data-plane packet-processing operations at the edge of the network. The datapath daemon dispatches packets to other processes or processing threads outside of the daemon by utilizing a user space network stack.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method enables communication between Session Management Function (SMF) and User Plane Function (UPF) instances which are separately deployed behind Network Address Translation (NAT) services. The method includes configuring an SMF or a UPF to initiate an association with a corresponding UPF or SMF. The SMF registers first information with a Network Repository Function (NRF) enabling the remote UPF to communicate with the SMF through a NAT service. The method further includes obtaining second information from the NRF enabling the SMF to communicate with the remote UPF through the NAT service. The method also includes sending an association request to the remote UPF based on the second information and receiving an association response from the remote UPF through the NAT service.

Some embodiments provide a method for handling failure at one of several peer centralized components of a logical router. At a first one of the peer centralized components of the logical router, the method detects that a second one of the peer centralized components has failed. In response to the detection, the method automatically identifies a network layer address of the failed second peer. The method assumes responsibility for data traffic to the failed peer by broadcasting a message on a logical switch that connects all of the peer centralized components and a distributed component of the logical router. The message instructs recipients to associate the identified network layer address with a data link layer address of the first peer centralized component.

Some embodiments provide a method for handling failure at one of several peer centralized components of a logical router. At a first one of the peer centralized components of the logical router, the method detects that a second one of the peer centralized components has failed. In response to the detection, the method automatically identifies a network layer address of the failed second peer. The method assumes responsibility for data traffic to the failed peer by broadcasting a message on a logical switch that connects all of the peer centralized components and a distributed component of the logical router. The message instructs recipients to associate the identified network layer address with a data link layer address of the first peer centralized component.

A method enables communication between Session Management Function (SMF) and User Plane Function (UPF) instances which are separately deployed behind Network Address Translation (NAT) services. The method includes configuring an SMF or a UPF to initiate an association with a corresponding UPF or SMF. The SMF registers first information with a Network Repository Function (NRF) enabling the remote UPF to communicate with the SMF through a NAT service. The method further includes obtaining second information from the NRF enabling the SMF to communicate with the remote UPF through the NAT service. The method also includes sending an association request to the remote UPF based on the second information and receiving an association response from the remote UPF through the NAT service.