A method of setting a user-defined virtual network is disclosed. A method of setting a virtual network includes configuring a virtual network including a controller, at least one network address translation (NAT) and at least one edge node, checking an operation type of the at least one edge node, setting a tunnel between the at least one edge node based on the operation type, and performing data transmission between the at least one edge node through the set tunnel.

Techniques are disclosed for configuring a virtual machine instance accessed over a publically routable network address to host intranet applications. A virtual (or “dummy”) interface on the virtual machine instance is assigned an IP address that is inaccessible from the public interface. An application executed on the virtual machine instance is bound to a port on the network address assigned to this dummy interface. A virtual private network server assigns client's IP addresses that can be routed to the dummy interface. When a client computing system connects to the VPN server over the virtual machine instance's public interface, the client forwards traffic destined for the dummy interface's inaccessible network over the VPN connection.

There is proposed a mechanism for a connection control conducted in a communication network (such as IMS) when a back to back user agent (B2BUA) and network address translation function are involved in the establishment of the connection. When a control network element, such as a P-CSCF, receives a signaling message related to the establishment of the communication connection, via a communication leg coming from a network address translation device, it is determined whether address information contained in an SDP element of the signaling message matches with preset address information allocated to a border gateway function or BGF. When no matching is determined, normal processing like an initiation of a latching procedure at an own BGF is conducted. Otherwise, if a matching address information is determined, i.e. a mirrored SDP is deemed to be present, a latching processing at an own BGF is inhibited and the received BGF's address information are used in the connection establishment procedure. This processing is conducted at all session ends coming from the B2BUA, so that a communication connection with media flow can be established through pinholes of the BGF(s).

Provided are an IoT device and an IoT communication method. The IoT device may: be connected to a server via NAT; execute a first session for service connection; and execute a second session for calculating a particular keep-alive value corresponding to a period in which an IP address mapped by the NAT expires. The present invention can minimize transmission of a keep-alive value of an IoT device, enables an IoT device to share a particular keep-alive value with other IoT devices, and thus can minimize a network load which may be caused by a keep-alive value of an IoT communication device.

A method for selecting between a plurality of paths for sending an encrypted packet from a source endpoint to a destination endpoint is provided. The method selects a first path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, each of the plurality of paths associated with a different one of a plurality of source ports, the encrypted packet being encrypted based on a security association established between the source endpoint and the destination endpoint in accordance with an IPSec protocol. The method further encapsulates, based on the SA having NAT-T enabled, the encrypted packet with a UDP header having a first source port associated with the first path. The method then transmits the encapsulated encrypted packet from the source endpoint to the destination endpoint via the first path.

A method, a device, and a system for network address translation traversal are provided. The method is performed by a system in which a first terminal communicates with a second terminal. The first terminal is in a network constructed by a first NAT device, the second terminal is in a network constructed by a second NAT device, and the first NAT device is different from the second NAT device. The method implements NAT traversal through bidirectional dynamic detection of TTL values at both ends of the NAT traversal, to resolve a problem of low NAT traversal efficiency.

A cross-network wake-up method and a related device. In the method, an Internet of things platform sends a wake-up instruction to an agent device that maintains a heartbeat connection to the Internet of things platform, and then sends, through the agent device, a wake-up message to a to-be-woken-up Internet of things device that is deployed on a same private network as the agent device. This resolves a technical problem that after a public-private network address mapping becomes invalid, a message from the Internet of things platform cannot reach the Internet of things device through a NAT device, and the Internet of things device cannot receive the message.

In one example, a network management system discovers a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of a seed network device, generate a first activation configuration and commit the first activation configuration on the seed network device. The network management system may connect to the seed network device and discover neighboring devices from information in the seed network device. The network management system may connect to the neighboring devices, automatically create a model of the neighboring network devices, generate s activation configurations for the neighboring network devices and commit the activation configurations on the neighboring network devices. The network management system may iterative perform these steps until it discovers all the discoverable network devices behind the network address translation device.

A method, a device, and a system for network address translation traversal are provided. The method is performed by a system in which a first terminal communicates with a second terminal. The first terminal is in a network constructed by a first NAT device, the second terminal is in a network constructed by a second NAT device, and the first NAT device is different from the second NAT device. The method implements NAT traversal through bidirectional dynamic detection of TTL values at both ends of the NAT traversal, to resolve a problem of low NAT traversal efficiency.

An integrated security system integrates broadband and mobile access and control with conventional security systems and premise devices to provide a tri-mode security network having remote connectivity and access. The integrated security system delivers remote premise monitoring and control functionality to conventional monitored premise protection and complements existing premise protection equipment. The integrated security system integrates into the premise network and couples wirelessly with the conventional security panel, enabling broadband access to premise security systems. Automation devices can be added, enabling users to remotely see live video or pictures and control home devices via a personal web portal or other client device. Camera management enables automatic configuration and management of cameras in the premise network. The camera management extends to remote control and monitoring from outside the firewall of the premise network to include routing of images or video from a streaming source device to a requesting client device.