A method of setting a user-defined virtual network is disclosed. A method of setting a virtual network includes configuring a virtual network including a controller, at least one network address translation (NAT) and at least one edge node, checking an operation type of the at least one edge node, setting a tunnel between the at least one edge node based on the operation type, and performing data transmission between the at least one edge node through the set tunnel.

A method performed by a computing system includes receiving a first request from a first pod being executed on the computing system, responding to the first request with an Internet Protocol (IP) address and a first port range, receiving a second request from a second pod being executed on the computing system, and responding to the second request with the Internet Protocol (IP) address and a second port range that is different than the first port range. The method further includes, with a networking service implemented within the kernel, processing network traffic between external entities and the first and second pods by updating source and destination IP addresses and ports of packets of the network traffic.

Aspects of the disclosure provide for a proxyless NAT infrastructure with dynamic port allocation. A proxyless NAT infrastructure is configured to perform NAT between a network of virtual machines (VMs) and a device external to the network, without a device, such as a NAT server or a router, acting as a proxy. A system can include a control plane for provisioning VMs of a network, including configuring each VM to perform NAT and initially assigning a number of ports for communicating with other devices. The control plane maintains a feedback loop—receiving data characterizing port usage and network traffic at ports allocated to the various VMs and scaling the port allocation for each VM based on the received data. The control plane can allocate additional ports as determined to be needed by a VM, and later retrieve the ports to be reused for other VMs.

Systems and methods for transparent high availability for customer virtual machines using a hypervisor-based side channel bonding and monitoring are disclosed herein. The method can include creating a network path bond between at least one compute instance and a plurality of Network Virtualization Devices (“NVD”), the network path bond including a plurality of network paths, each network path connecting the compute instance with the Virtualized Network Interface Card (“VNIC”) of one of the plurality of NVDs, identifying a first one of the network paths as an active network path and a second one of the network paths as an inactive network path, performing a health check on the active network path, determining that the active network path failed the health check, marking the first one of the network paths as failed subsequent to determining that the active network path failed the health check, and identifying the second one of the network paths as the active network path.

Methods, systems, and computer storage media for providing a local protocol server associated with a secure networking engine that provides client-side forwarding in a secure networking system. The local protocol server (e.g., local TCP/UDP server)—on a client device—operates based on client-side forwarding operations that include: IP assignment, operating system (OS) routing, destination network address translation, and original destination retrieval to support accessing a network resource (e.g., socket connection) on the client device and support communications between client applications on the client device and the local protocol server on the same client device. In this way, the local protocol server supports communications of a diverse set of data traffic or network traffic (e.g., different types of cross-platform communications), where the diverse set of network traffic is initially communicated from a client application and processed for network security operations at the local protocol sever of within the same client device.

A method performed by a computing system includes receiving a first request from a first pod being executed on the computing system, responding to the first request with an Internet Protocol (IP) address and a first port range, receiving a second request from a second pod being executed on the computing system, and responding to the second request with the Internet Protocol (IP) address and a second port range that is different than the first port range. The method further includes, with a networking service implemented within the kernel, processing network traffic between external entities and the first and second pods by updating source and destination IP addresses and ports of packets of the network traffic.

Embodiments herein describe a describe an interface shell in a SmartNIC that reduces data-copy overhead in CPU-centric solutions that rely on hardware compute engine (which can include one or more accelerators). The interface shell offloads tag matching and address translation without CPU involvement. Moreover, the interface shell enables the compute engine to read messages directly from the network without extra data copy—i.e., without first copying the data into the CPU's memory.

An electronic device is provided. The electronic device includes a network connection device, at least one processor, and a memory operably connected to the at least one processor, wherein the memory store instructions which are configured to, when executed, control the electronic device to receive a data packet from the network connection device, identify an Internet protocol (IP) type of a server, based on header information of the received data packet, identify information related to packet mergence set according to the identified IP type of the server and an IP type of the electronic device, and merge the data packets received from the network connection device or flush the data packets as a network stack, based on the identified information related to the packet mergence.

A method of wireless communication by a wireless device calculates a first latency for a first wireless interface using a DNS (domain name service) protocol. The method also calculates a second latency for a second wireless interface using the DNS protocol. The method stores the first latency and the second latency in a database; and selects the first interface or the second interface based on the calculated first latency and second latency.

Disclosed are various embodiments for extending cloud-based virtual private networks to user equipment on radio-based networks. In one embodiment, a request is received from a client device for service from a radio-based network. The client device is provided with access to a virtual private cloud network through the radio-based network in response to receiving the request from the client device for service from the radio-based network. Encapsulated network traffic is forwarded from the client device to the virtual private cloud network via a network link between the radio-based network and a cloud provider network that hosts one or more resources on the virtual private cloud network.