A system and method for optimizing processing of keyboard/video/mouse (KVM) data in an internet protocol (IP) network environment receives via public interface access requests from users directed to KVM targets. The system includes a public and private virtual local area network (VLAN) linked by a bonded interface and general-purpose and optimized application containers. The general-purpose container initiates a KVM session and creates a network address translation (NAT) route (associated with an IP address visible to the user) and a dedicated interface via which the user may send KVM data directly and through the optimized application container, which prioritizes KVM data so it can pass without preemption through the private VLAN and to its intended KVM target in real-time or near real-time. The NAT route and external IP address may be reused for multiple access sessions to different KVM targets from the same user.

Disclosed are a communication method and apparatus based on edge computing, a computer storage medium, and an electronic device. The communication method based on edge computing includes: receiving an uplink Internet Protocol (IP) packet transmitted by a user equipment, a destination address of the uplink IP packet being a network address of a target application server; determining a network address of a local edge server that is configured to respond to the uplink IP packet according to the network address of the target application server; and modifying the destination address of the uplink IP packet to the network address of the local edge server, and forwarding the modified uplink IP packet to the local edge server for processing.

A cellular data communication network includes a gNodeB connected to a UPF by an IP network. A first translation module translates GFP packets into IP packets transmitted over the IP network. A second translation module translates the IP packets back into IP packets and forwards the IP packets to the UPF. A PFCP proxy snoops information and provides it to a BGP module that programs the translation modules and a routing module to perform routing of packets in bypass of the UPF. The BGP module may program the first translation module with an SR policy associated with a binding SID that is bound to an interface to the gNodeB. The SR policy may invoke translation according to a function. The routing module may be programmed to embed GTP information in an SRH header that is used by the first translation module. BGP module may also distribute routing and VPN updates.

Provided are systems, methods, and computer-program products for a proxy network that can determine, for a set of objects, an initial differential, where the initial differential is determined using a rules data store of a host network. The proxy network can further determine a supplemental differential for the set of objects. The proxy network can further determine a final differential that is the sum of the initial differential and the supplemental differential. The proxy network can further determine a final sum for the set of objects that is the object value less the final differential. The proxy network can further generate an outbound data packet that includes values corresponding to the set of objects and the final sum. When the host network receives the outbound data packet, the host network can modify an object data store using the values corresponding to the set of objects and the final sum.

A method for configuring virtual private cloud (VPC) communication between a first and second VPC is provided. The first and second VPCs having a same private network address segment. The method includes binding a first VPC private network address with a first address, the first address belonging to the third VPC private network address segment; binding a second VPC private network address with a second address, the second address belonging to the third VPC private network address segment, the first address being different from the second address; configuring a packet source address to be the first address, the packet being sent by the first VPC and destined for the second VPC, using the first address, and configuring a packet destination address to be the second address. A third VPC private network address segment is different from the private network address segment of the first and second VPC

Methods and systems for performing a Mapping of Address and Port using translation (MAP-T) data plane verification. A method for performing a MAP-T data plane verification includes initiating, by a diagnostic server provisioned with at least MAP-T diagnostic rules, a MAP-T diagnostic on a border relay provisioned with MAP-T rules, generating, by the diagnostic server, a diagnostic packet per the MAP-T diagnostic rules, sending, by the diagnostic server, the diagnostic packet to the border relay, performing, by the border relay, a translation on the diagnostic packet per the provisioned MAP-T rules, analyzing, by the diagnostic server to generate a report, at least a translation accuracy of a received translated diagnostic packet, and configuring at least one device based on a received report.

Techniques for providing localization at scale for a cloud-based security service are disclosed. In some embodiments, a system/method/computer program product for providing localization at scale for a cloud-based security service includes receiving a connection request at a network gateway of a cloud-based security service; performing a source Network Address Translation (NAT) from a registered set of public IP addresses associated with a tenant; and providing secure access to a Software as a Service (SaaS) using the cloud-based security service.

Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

A wireless communication method is provided. In the wireless communication method, a service request transmitted by a terminal device to a local server is received. A target address of the service request is changed from a first IP address to a second IP address. The first IP address is a virtual address of the local server. The second IP address is a real address of the local server in an edge data center. A service response transmitted by the local server to the terminal device for the service request is received. A source address of the service response is changed from the second IP address to the first IP address.

The present disclosure provides a method for implementing communication continuity at a computer device acting as an application function (AF) device corresponding to user equipment (UE), the UE establishing a wireless connection to a source application server (AS) using allocated UE source network address information. The method includes: determining a data service migration from the source AS to a target AS; transmitting a network address translation (NAT) parameter to a session management function (SMF), so that the SMF determines a target user plane function (UPF)/protocol data unit (PDU) session anchor (PSA) for performing NAT translation on a received data packet according to the NAT parameter; and configuring a third NAT parameter for the target AS according to the NAT parameter, and migrating the data service from the source AS to the target AS, so that the target AS performs NAT translation on the data packet according to the third NAT parameter.