A method for modifying packet data of a packet in a network device, where the method includes receiving, at an ingress pipeline of the network device, the packet, performing a lookup, in a packet translation ruleset, to compare the packet data to rule criteria of a rule in the packet translation ruleset, making a first determination that at least a portion of the packet data matches the rule criteria, and based on the first determination, adding a packet translation tag to the packet, where the packet translation tag includes a rule action, copying the packet translation tag and a portion of the packet to obtain a copied packet, modifying the copied packet as described in the rule action to obtain a modified copied packet, and forwarding the modified copied packet to an egress pipeline.

A multi-cloud service system establishes tunnels and network overlays across multiple CSPs while meeting a criterion for a latency threshold. The system conducts a latency benchmarking evaluation across each cloud region for multiple CSPs and based on the latency bench marking evaluation results, the system may identify a group of cloud regions that satisfy a criterion such as predetermined maximum latency threshold or geographical restriction. The system may provision the group of cloud regions by provisioning a tunnel between nodes of the multiple CSPs. The system further establishes an overlay network on top of the tunnel by encapsulating packets using encapsulation end point such as VTEP (VXLAN tunnel end point) over VXLAN (Virtual Extension Local Area Network), which may help to ensure reliable transmission of packets from pod to pod. The system may inject user data into each node to initiate operations across the provisioned nodes using injected user data.

A communication device, in which a protocol is workable, the protocol enabling formation of a redundancy configuration including a plurality of communication devices by use of a virtual IP address, includes: a table storage unit configured to store a table in which, for each of a plurality of destination networks connected to the communication device through a path, the virtual IP address and the destination network are associated with each other; and a control unit configured to identify, in response to detection of a failure in the path connected to one of the destination networks, the virtual IP address associated with the destination network by reference to the table and cause the identified virtual IP address to transition to another communication device, the another communication device forming the redundancy configuration with the communication device.

Traffic is received at an interface of a compute server. Identity information associated with the traffic is determined including an identifier of a customer to which the traffic is attributable. An egress policy configured for the first customer is used to determine whether the traffic is allowed to be transmitted to a destination where that destination is a resource of a second customer. If the traffic is allowed to be transmitted, the traffic and identity information is transmitted over a cross-customer GRE tunnel to a namespace of the second costumer on the compute server. An ingress policy configured for the second customer is used to determine whether the traffic is allowed to be transmitted to the destination, and if it is, then the traffic is transmitted.

Systems, methods and computer software are disclosed for providing network address translation with a tunnel identifier (TEID) in a cellular network. A HetNet Gateway (HNG) allocates at least a portion of a unique TEID for a user equipment (UE). The HNG receives a packet having a source field in the packet header including an Internet Protocol (IP) address. The HNG replaces the IP address in a source field of the packet header of the packet with the unique TEID for the UE and forwards the packet using the unique TEID to a packet gateway (PGW).

Disclosed are a communication method and apparatus based on edge computing, a computer storage medium, and an electronic device. The communication method based on edge computing includes: receiving an uplink Internet Protocol (IP) packet transmitted by a user equipment, a destination address of the uplink IP packet being a network address of a target application server; determining a network address of a local edge server that is configured to respond to the uplink IP packet according to the network address of the target application server; and modifying the destination address of the uplink IP packet to the network address of the local edge server, and forwarding the modified uplink IP packet to the local edge server for processing.

A method for configuring virtual private cloud (VPC) communication between a first and second VPC is provided. The first and second VPCs having a same private network address segment. The method includes binding a first VPC private network address with a first address, the first address belonging to the third VPC private network address segment; binding a second VPC private network address with a second address, the second address belonging to the third VPC private network address segment, the first address being different from the second address; configuring a packet source address to be the first address, the packet being sent by the first VPC and destined for the second VPC, using the first address, and configuring a packet destination address to be the second address. A third VPC private network address segment is different from the private network address segment of the first and second VPC

An IPsec tunnel request for establishing an IPsec tunnel from a customer router to an anycast IP address of a distributed cloud computing network is received. The same anycast IP address is shared among compute servers of the distributed cloud computing network. A handshake is performed with the customer router from a first compute server including generating security associations for encrypting and decrypting IPsec traffic. The security associations are propagated to each compute server and are used for encrypting and decrypting traffic.

Some embodiments of the invention provide a method for cloning a set of one or more applications implemented by a first set of machines connected through a first logical network that defines a virtual private cloud (VPC) in a set of one or more datacenters. The method detects that the first logical network does not have sufficient resources to process a set of network traffic destined for the set of one or more applications implemented by the first set of machines. Based on said detecting, the method uses a set of network configuration data that configures a set of logical forwarding elements (LFEs) of the first logical network to define a cloned, second logical network for connecting a cloned, second set of machines that implement a second set of one or more applications. The method uses the cloned, second logical network to process at least a subset of the network traffic destined to the set of applications.

An approach to establish connections between clusters having overlapping IP address ranges. A method includes receiving, at a service discovery server, from a first node in a first cluster, a service discovery request including a unique name, determining, at the service discovery server, that the unique name resolves to a destination IP address of a second node in a second cluster, determining that the destination IP address overlaps with an IP address range associated with the first cluster, in response to determining that the destination IP address overlaps with the IP address range belonging to the first cluster, configuring a gateway to expect a network connection request from the first node that includes an IP address of the gateway, and sending a service discovery response to the first node, the service discovery response including the IP address of the gateway, but not the destination IP address.