NETWORK NODES

TECHNICAL FIELD The present disclosure, in some embodiments thereof, relates to data packets transfer between remote hosts connected to separate networks and, more specifically, but not exclusively, to data packets transfer between remote hosts connected to separate networks using virtual Layer 3 (L3) mapping of the remote hosts.

BACKGROUND

Networked services are constantly evolving for a plurality of applications, services and platforms ranging over practically every aspect of modem life. These networked services hence present multiple ever increasing challenges for the underlying networks which become ever more complex. These challenges may further increase and become more apparent with the rapid deployment of cloud services utilizing Software Defined Networks (SDN) for switching and routing network traffic between cloud hosts.

One of the major challenges such networked services face is a need to directly address, access and exchange network traffic between network nodes which are connected to different private networks (sites) each employing its local addressing scheme. In particular, it may be highly desirable, efficient and in some cases essential that network nodes connected to separate networks will be able to communicate with each other over a common multicast and/or broadcast domain shared by the two separate networks.

SUMMARY

An objective of the embodiments of the disclosure is to provide a solution which mitigates or solves the drawbacks and problems of conventional solutions. The above and further objectives are solved by the subject matter of the independent claims. Further advantageous embodiments can be found in the dependent claims.

The disclosure aims at providing a solution for mapping, in a local network, a remote network node connected to a separate network by creating an L3 based virtual presence of the remote node in the local network to form a common multicast and/or broadcast domain shared between the two separate networks by deploying mapping agents configured to emulate the remote node as if connected to the local network.

According to a first aspect of the present disclosure there is provided an apparatus for transferring data, comprising one or more processing circuitries connected to a first network and executing a first mapping agent having a Layer 3 (L3) address mapping of a destination node connected to a second network separated from the first network. The first mapping agent comprising a code configured to:

Receive, from a source node via the first network, a first packet destined to the destination node. Adjust the first packet to include a virtual L3 address assigned to a second mapping agent executed at the second network and associated with the destination node.

Encapsulate the adjusted first packet in an encapsulation packet comprising a traffic descriptor resolved according to the virtual L3 address.

Forward the encapsulation packet to the second mapping agent which is configured to transmit the adjusted first packet extracted from the encapsulation packet to the destination node via the second network.

According to a second aspect of the present disclosure there is provided a computer implemented method of transferring data, comprising:

Receiving, from a source node via a first network, a first packet destined to the destination node connected to a second network separated from the first network.

Adjusting the first packet to include a virtual Layer 3 (L3) address assigned to a second mapping agent executed at the second network and associated with the destination node. Encapsulating the adjusted first packet in an encapsulation packet comprising a traffic descriptor resolved according to the virtual L3 address.

Forwarding the encapsulation packet to the second mapping agent which is configured to transmit the adjusted first packet extracted from the encapsulation packet to the destination node via the second network.

Mapping the destination node into the first network using the virtual L3 mapping may allow creating unified multicast and/or broadcast domains common to multiple separated networks without adjusting the network addressing schemes applied in each of the networks while verifying that no address conflicts or overlaps occurs. Moreover, the virtual mapping is done in L3 may allow use of high level networking and communication protocols relying on L3 addressing which are highly common in a plurality of applications and services. Furthermore, since the mapping agents are created, deployed, initiated and configured in software the effort, time and/or cost for creating the network domains may be significantly reduced while supporting high scalability. In addition, since each pair of source and destination nodes may be associated with a dedicated pair of mapping agents, collisions over the networks may be significantly reduced and potentially completely avoided.

In a further implementation form of the first and/or second aspects, the traffic descriptor of the encapsulation packet further comprising a virtual F3 address assigned to the first mapping agent for receiving a second packet transmitted from the destination node to the source node via the second mapping agent and the first mapping agent. Most if not all networked applications and services require a two way communication path. Therefore supporting the reverse path (response path) in the virtual F3 mapping scheme may allow increased adoption of the virtual F3 mapping in a plurality of such application, services, systems and/or platforms.

In a further implementation form of the first and/or second aspects, the encapsulation packet is forwarded using one or more Fayer 2 (F2) tunneling protocols, the traffic descriptor comprises an identifier of the second mapping agent in metadata defined by the F2 tunneling protocol(s). Supporting F2 tunneling protocols may enable easy adoption and deployment of the virtual F2 mapping of remote network nodes (hosts) for applications, services and/or platforms utilizing such F2 tunneling protocols. In a further implementation form of the first and/or second aspects, the encapsulation packet is forwarded using one or more L3 networking protocols, the traffic descriptor comprises an L3 address of the second mapping agent. Supporting L3 networking protocols may enable easy adoption and deployment of the virtual L2 mapping of remote network nodes (hosts) for applications, services and/or platforms utilizing such L3 networking protocols.

In a further implementation form of the first and/or second aspects, the first network and the second network are virtual networks defined in a Software Defined Network (SDN), the first mapping agent is utilized in the first network by configuring a mapping record of the SDN to include the virtual L3 address mapping of the destination node in a list of virtual L3 addresses assigned to nodes connected to the first network. Supporting SDNs may allow for simple and reduced effort deployment, integration and adoption of the virtual L3 mapping in SDNs which are constantly expanding to support the ever increasing and developing cloud services.

In a further implementation form of the first and/or second aspects, the first network and the second network are physical networks connected to a common networking infrastructure via two respective network gateways. Supporting physical networks may be to support simple and reduced effort deployment, integration and adoption of the virtual L3 mapping in such physical networks which constitute the backbone of any networking system.

In a further implementation form of the first and/or second aspects, the first mapping agent is executed by the network gateway connecting the first network to the common networking infrastructure. Since the gateway deployed to connect the network to the common network is typical component in the network using it to execute the mapping agent(s) may eliminate the need to add application specific hardware thus reducing cost and simplifying the deployment of the mapping agent(s).

In a further implementation form of the first and/or second aspects, the first mapping agent is executed by a dedicated network node connected to the first network. Supporting dedicated network nodes for executing the mapping agent(s) may be efficient for supporting networks in which the gateway may be limited in resources and/or complex to configure. Moreover, using the dedicated network node having sufficient computing resources (e.g. processing resources, storage resources, network resources, etc.) may allow for initiating and executing a large number of mapping agent to map a plurality of remote destination network nodes. In a further implementation form of the first and/or second aspects, the first network is a virtual network defined in a Software Defined Network (SDN) and the second network is a physical network connected via a network gateway to network abstracted by the virtual network, a virtual port is deployed in the network gateway to map the destination node in the SDN, the first mapping agent is utilized in the first network by configuring a mapping record of the SDN to include the virtual L3 address of the virtual port in a list of virtual L3 addresses assigned to nodes connected to the first network. Supporting mixed networks constructed of both virtual and physical network segments may be essential to support simple and reduced effort deployment, integration and adoption of the virtual L3 mapping in such mixed networks.

In a further implementation form of the first and/or second aspects, the first packet includes a multicast packet destined to a group of nodes connected to the first network. The first mapping agent is configured to be part of the group in response to a request received from the second mapping agent to include the destination node in the group such that the first mapping agent encapsulate and forwards the multicast packet to the second mapping agent for delivery to the destination node. Forming a unified multicast domain stretching over the two separate networks may be highly desired and in some cases essential for a plurality of applications and services in which multicast groups may include nodes connected to separate networks.

In a further implementation form of the first and/or second aspects, the first packet includes a broadcast packet destined to all nodes connected to the first network, the first mapping agent is configured to encapsulate and forwards the broadcast packet to the second mapping agent for delivery to the destination host. Forming a unified broadcast domain stretching over the two separate networks may be highly desired and in some cases essential for a plurality of applications and services in which broadcasts are directed to nodes connected to separate networks.

In an optional implementation form of the first and/or second aspects, a plurality of first mapping agents are deployed. Each of the plurality of first mapping agents maps a respective one of a plurality of destination nodes connected to one or more second networks separated from the first network. Multiple simultaneous connections and communication path between multiple networking nodes may be required for a plurality of networked applications and/or services. Supporting deployment of the plurality of source and destination nodes may therefore allow for increased adoption and/or simplified integration of the virtual L3 mapping in a plurality of such applications and/or services.

In an optional implementation form of the first and/or second aspects, a single second mapping agent is deployed to map a destination node connected to the second network for a plurality of source nodes connected to one or more first networks separated from the second network. Each of the plurality of source nodes is associated with a respective first mapping agent executed at a respective first network. The respective first mapping agent of each source node which transmits the first packet to the second mapping agent is identified by tracking a connection of the respective first mapping agent. Some applications and/or services may deploy a single host node to serve a plurality of client nodes. Supporting such single-host multiple- clients deployments may therefore allow for increased adoption and/or simplified integration of the virtual L3 mapping in a plurality of such applications and/or services.

In an optional implementation form of the first and/or second aspects, the traffic descriptor is resolved according to a Uniform Resource Identifier (URI) of the destination node. Using domains names rather than actual addresses is highly common and frequent in a plurality of network domains as well as for a plurality of applications and/or services deployments. Supporting address resolution based on domain names may therefore allow for increased adoption and/or simplified integration of the virtual L3 mapping in a plurality of such applications and/or services.

A third aspect of the disclosure suggests a computer program product comprising computer readable code instructions which, when run in a computer will cause the computer to perform the method according to the second aspect, or any one of optional implementation forms of the second aspect of the disclosure.

A fourth aspect of the disclosure suggests a computer readable storage medium comprising computer program code instructions, being executable by a computer, for performing a method according to the second aspect, or any one of optional implementation forms of the second aspect of the disclosure when the computer program code instructions runs on a computer. The computer readable storage medium, comprises of one or more from the group: ROM (Read-Only Memory), PROM (Programmable ROM), EPROM (Erasable PROM), Flash memory, EEPROM (Electrically EPROM) and hard disk drive. The computer program product according to the third aspect or the computer readable storage medium according to the fourth aspect can be extended into implementation forms corresponding to the implementation forms of the first apparatus according to the first aspect. Hence, an implementation form of the method comprises the feature(s) of the corresponding implementation form of the first apparatus.

The advantages of the methods according to the third or fourth aspect are the same as those for the corresponding implementation forms of the first apparatus according to the first aspect of the disclosure.

Unless otherwise defined, all technical and/or scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the disclosure pertains. Although methods and materials similar or equivalent to those described herein can be used in the practice or testing of embodiments of the disclosure, exemplary methods and/or materials are described below. In case of conflict, the patent specification, including definitions, will control. In addition, the materials, methods, and examples are illustrative only and are not intended to be necessarily limiting.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

Some embodiments of the disclosure are herein described, by way of example only, with reference to the accompanying drawings. With specific reference now to the drawings in detail, it is stressed that the particulars shown are by way of example and for purposes of illustrative discussion of embodiments of the disclosure. In this regard, the description taken with the drawings makes apparent to those skilled in the art how embodiments of the disclosure may be practiced.

In the drawings: FIG. 1 presents flow charts of exemplary processes of transferring packets between network nodes connected to a local network and remote network nodes connected to a separate network by mapping the remote network nodes using virtual L3 mapping, according to some embodiments of the present disclosure; FIG. 2 is a schematic illustration of an exemplary networked system for transferring packets between network nodes connected to a local network and remote network nodes connected to a separate network by mapping the remote network nodes using virtual L3 mapping, according to some embodiments of the present disclosure; FIG. 3A, FIG. 3B, FIG. 3C and FIG. 3D are schematic illustrations of exemplary virtual and physical networks deployments employing virtual L3 mapping for transferring packets between network nodes connected to separate networks, according to some embodiments of the present disclosure;

FIG. 4 is a schematic illustration of an exemplary sequence for initializing a network to employ virtual L3 mapping for transferring packets from nodes connected to a local network and remote network nodes connected to separate networks, according to some embodiments of the present disclosure;

FIG. 5 is a schematic illustration of an exemplary embodiment of a network employing virtual L3 mapping for transferring packets between network nodes connected to two separate networks, according to some embodiments of the present disclosure;

FIG. 6 is a schematic illustration of an exemplary sequence applied by network nodes connected to two separate networks in an exemplary network embodiment to transfer packets to remote network nodes using virtual L3 mapping, according to some embodiments of the present disclosure; FIG. 7 is a schematic illustration of an exemplary networked system in which a single host network node is mapped to a plurality of client network nodes connected to separate networks using a single mapping agent for virtual L3 mapping of the network node for transferring packets between the host and client network nodes, according to some embodiments of the present disclosure; and FIG. 8A and FIG 8B are schematic illustrations of an exemplary sequence applied by a single host network node and multiple client network nodes connected to separate networks for transferring packets between the host and client network nodes using a single mapping agent for virtual L3 mapping of the host network node, according to some embodiments of the present disclosure. DETAILED DESCRIPTION

The embodiments of the present disclosure relates to data packets transfer between remote hosts connected to separate networks and, more specifically, but not exclusively, to data packets transfer between remote hosts connected to separate networks using virtual L3 mapping of the remote hosts.

The present disclosure presents devices, systems and methods for transferring data packets, for example, unicast, multicast and/or broadcast packets between network nodes (hosts) connected to separate (private) networks by virtually mapping the remote nodes to appear to each other as if connected to the same network. The network nodes may include one or more physical network nodes (hosts), for example, a mobile device, a computer, a server, a computing node, a cluster of computing nodes and/or the like connected to physical networks via one or more gateways, for example, a switch, a router and/or the like. The network nodes may also include one or more virtual network nodes (hosts), for example, a Virtual Machine (VM) and/or the like executed by one or more of the physical network nodes and utilizing their hardware resources. Moreover, the network nodes may be connected to one or more Software Defined Network s (SDN) via one or more SDN switches (gateways) as may typically be the case for cloud computing platforms, infrastructures and/or services.

A source network node connected to a first (private) network may transmit one or more (first) packets, for example, unicast, multicast and/or broadcast packets which are destined to network nodes connected to the first network. However, it may be desired that the transmitted packets are distributed to a remote destination network node which is connected to a second (private) network which is separated from the first network. The first and second networks are connected via one or more of the physical and/or software implemented gateways to a common physical network infrastructure comprising one or more switching and/or routing devices for routing traffic between the first and second network. The common network may include one or more network, for example, Local area Network (LAN), Wide Area Network (WAN), Metropolitan Area Network (MAN), the internet) and/or one or more SDNs deployed for cloud computing platforms and services. Since the destination node is not connected to the first network, direct L3 mapping and addressing between the source node and the destination node is impossible. The destination node is unable to receive and/or intercept data packets, for example, unicast, multicast and/or broadcast packets that are transmitted to network nodes having network addresses (e.g. L2 and/or L3 address) in an address range of the first network.

However, many popular applications and services, for example, media streaming, gaming groups, group clustering and/or the like may apply protocols for which it is essential and/or significantly more efficient to apply direct mapping such that the destination node connects to the same network as the source node and may hence receive communication packets transmitted by the source node using direct L3 mapping and/or addressing.

To this end, the destination node may be mapped to the first network using a (first) mapping agent deployed in the first network and serving as a virtual presence of the destination node on the first network which thus appears as if connected to the first network. The destination node is further associated with a second mapping agent deployed in the second network node.

The first mapping agent deployed in the first network is assigned a local L3 address in a range of L3 address of the first network to emulate a real network node for the L3 protocols used in the first network. Similarly, the second mapping agent deployed in the second network is assigned a local L3 address in a range of L3 address of the second network to emulate a real network node for the L3 protocols used in the second network.

The first mapping agent and the second mapping agent are further each assigned with a unique virtual L3 address in a range of virtual L3 addresses predefined to map a plurality of mapping agents associated with network nodes connected to separate networks which require direct mapping, in particular a source node connected to the first network and the destination node connected to the second network. The first and second mapping agents are therefore uniquely mapped in the predefined virtual address range.

The first mapping agent may communicate with the second mapping agent using the L3 virtual addresses to forward one or more (first) packets transmitted by the source node to the second mapping agent which in turn forwards the packet(s) to the destination node. As such, the packet(s) are transferred from the source node to the destination node transparently to the two nodes which may appear to each other as if connected to the same network. The first mapping agent may intercept each (first) packet transmitted by the source node that is destined to the destination node (unicast packet) or to one or more multicast groups (multicast) which the first mapping agent is included in (joined). The first mapping agent may further intercept each broadcast message transmitted by the source node.

The first mapping agent then forwards (transmit) the intercepted unicast, multicast and/or broadcast packets to the second mapping agent deployed in the second network and associated with the destination node.

The first mapping agent first adjusts the intercepted (first) packet(s) to include the destination address of the destination node, or more accurately the address of the second mapping agent associated with the destination node. Specifically, the first mapping agent adjusts the destination address field of the intercepted packet(s) which currently include the local L3 address of the first mapping agent to include the virtual L3 address of the second mapping agent. In addition the first mapping agent may adjust the source address field of the intercepted packet(s) which currently include the local L3 address of the source node to include the virtual L3 address of the first mapping agent.

The first mapping agent may encapsulate the adjusted (first) packets in one or more encapsulation packets which are transmitted to the second mapping agent via the common network connecting the first and second networks. The first mapping agent generates, adjusts and/or configures a traffic descriptor of the encapsulation packet(s) to indicate the second mapping agent, for example, include a network address of the second mapping agent. In particular, the traffic descriptor is resolved according to the virtual L3 address of the second mapping agent. For example, the first mapping agent may use and/or access one or more Domain Name systems (DNS) which are configured and/or updated to provide association and/or translation between the virtual L3 addresses of the mapping agents and network addresses of the first and/or second networks, in particular, network addresses of the gateways connecting the first and/or second networks to the common network. The DNS may be further configured and/or updated to provide association and/or translation between the virtual L3 addresses of the mapping agents and the local L3 addresses of the mapping agents. The DNS may be also configured and/or updated to resolve, associate and/or translate domain names to network addresses, in particular virtual L3 addresses of the mapping agents. The first mapping agent may construct the encapsulation packet(s) including the traffic descriptor according to one or more protocols applied by the first mapping agent to forward network traffic to the second mapping agent. For example, the first mapping agent may construct the encapsulation packet(s) according to one or more tunneling protocols such as, for example, Virtual LAN (VLAN) tunneling, MPLS, GRE.geneve, STT, L2-vpn, Ethernet over IP, VXLAN, IP over IP, Pseudo-tunnels and/or the like. In such case, the traffic descriptor may be inserted as metadata in one or more metadata fields defined by the tunneling protocol(s). In another example, the first mapping agent may construct the encapsulation packet(s) according to one or more L3 networking protocols such as, for example, Internet Protocol (IP) (e.g. IPv4, IPv6, etc.), IPX/SPX and/or the like. In such case the traffic descriptor may be inserted in a destination address field defined by the L3 networking protocol(s).

The second mapping agent may receive the encapsulation packet(s) from the first mapping agent and de-capsulate the received encapsulation packet(s) to extract the unicast, multicast and/or broadcast packets originally transmitted by the source node over the first network. The second mapping agent deployed and initiated in the second network to emulate a real network node connected to the second network may be therefore capable of transmitting network traffic directly to the destination node.

However, the second mapping agent may first adjust the extracted packet(s) to support such transmission of the extracted packet(s) to the destination node. In particular, the second mapping agent adjusts the destination address and source address fields of the extracted packets. The second mapping agent replaces the destination address field which currently includes the virtual L3 address of the second mapping agent to include the local L3 address of the destination node. The second mapping agent may further replace the source address field which currently includes the virtual L3 address of the first mapping agent to include the local L3 address of the second mapping agent.

After adjusting the extracted packet(s) to include local L3 addresses used in the second network, the second mapping agent may transmit the adjusted packet(s) to the destination node.

The first and second mapping agents may be further configured to support (second) packets transmission on the reverse path (response path), i.e., transmit one or more (second) packets from the destination node to the source node using the same methodology. On the reverse path, the second mapping agent performs the operations described herein above for the first mapping agent and complementary, the first mapping agent performs the operations described herein above for the second mapping agent.

The virtual L3 mapping may be scaled and extended to support a plurality of source and destination nodes pairs by deploying, configuring and initiating a plurality of first and second mapping agent pairs for a plurality of source and destination node pairs.

According to some embodiments of the present disclosure, a single mapping agent may be associated with a certain destination node, for example, a host node, a service and/or the like serving a plurality of client source nodes each associate with a respective one of a plurality of mapping agents. The mapping agents may follow the same methodology and concept described herein before for a single source node. However, in such deployments, the destination node (host node) may receive all packets from its associated single mapping agent regardless of the originating source node. To overcome this limitation, the mapping agent associated with the destination node may use one or more connection tracking provisions available from the forwarding protocols used by the first mapping agents associated with the source nodes to identify and track each received packet to its originating source node or more accurately to track each received packet to its originating mapping agent.

The first and second mapping agents may be deployed, configured, initiated and/or executed using one or more of a plurality of implementations which may depend on one or more operation characteristics and/or parameters of the first and/or the second networks (e.g. physical network, SDN), of the network nodes (e.g. physical nodes, virtual nodes, etc.) and/or the like. The first and second mapping agents may be therefore deployed and applied for virtual networks, physical networks and/or a combination thereof.

For example, in the SDN, the first and second mapping agents may be initiated by configuring, adjusting and/or creating one or more of the mapping records, for example, a mapping table, a switching table, a routing table and/or the like which define the switching and routing of network traffic via the SDN switch(s). One or more controllers controlling, switching and/or routing the network traffic in the SDN may use the adjusted mapping record(s) and thus facilitate the first and second mapping agents. In another example, in a physical network, the first and/or second mapping agents may be initiated as software modules executed by one or more computing devices connected to the first network and/or to the second network respectively. For example, the first mapping agent may be executed by a dedicated network node connected to the first network. In another example, the first mapping agent may be executed by a gateway (e.g. switch, router, etc.) connected to the first network, in particular a gateway connecting the first network to the common network. This may similarly apply for the second mapping agent executed by a network node connected to the second network.

The virtual L3 mapping may present significant advantages compared to currently existing methods and systems for routing network traffic between remote network nodes connected to separate private networks.

Some of the exiting routing methods may employ L2 Virtual Private Networks (VPN) (Ethernet VPN) to create a unified broadcast domain for two or more separate networks (sites) which share network configuration and addressing. However, the L2 VPN which is commonly shared by all network nodes which are part of the L2 VPN may be highly prone to collisions on the network. Moreover, it may be impossible to modify the L2 VPN configuration by software thus forcing every such modification to be carried out by a user, for example, a system administrator, a network expert and/or the like making the L2 VPN.

The virtual L3 mapping on the other hand assigns a dedicated pair of first and second mapping agents to each pair of source and destination nodes thus significantly reducing and potentially eliminating collisions. As such, each first mapping agent of each pair encapsulates and forwards to a respective second mapping agent only packets that are specifically directed to a corresponding destination node thus significantly reducing network traffic and hence collisions. In addition, the first and second mapping agents may be easily deployed, configured and/or modified by software since they are software agents which may be easily established, terminated and/or modified. Moreover, as each pair of the first and second mapping agents is associated with a single pair of source and destination nodes, adjusting these mapping agents may not impact the operation of other mapping agents deployed for mapping other source and/or destination nodes.

Other exiting routing methods may employ L3 VPNs to connect two or more separate networks (sites) as different sub-networks in which the network traffic is routed according to one or more routing rules. Such L3 VPN implementations must naturally abide to the L3 protocols used by the network nodes for communicating with each other. As such, the L3 VPN may require customization for each L3 protocol thus requiring significant time and effort for adopting the L3 VPN thus significantly increasing cost. This may further significantly limit scalability of the L3 VPN across different L3 protocols.

The virtual L3 mapping on the other hand relies on the virtual L3 network addressing and is thus agnostic to the L3 protocols used by the network nodes. The may significantly reduce the effort, time and cost for deploying the virtual L2 mapping agents and may thus make the virtual L3 mapping highly scalable.

In both the L2 VPNs and the L3 VPNs the network addresses of the network nodes must be unique across the VPNs such that none of the network addresses overlap. This may present major limitations since each private network typically employs its addressing scheme independently from any other network which is separated. Deploying the VPNs across private networks which are not synchronized with each other may result in network addressing overlaps which may render the VPN useless.

In the virtual L3 mapping such limitations do not apply since the networks are not sharing common addressing domains and are therefore oblivious address mapping used in the other networks. The identification and mapping of the mapping agents deployed in the separate networks is done exclusively according to the virtual L3 addresses assigned to each of the mapping agents. The virtual L3 addresses are selected in a virtual L3 address range that is not used by any of the networks and therefore poses no address conflict issues. Moreover, the communication between the first and second mapping agents deployed in the separate networks is done using encapsulation packets which adhere to the communication protocols used for network traffic between the separate networks while containing the originally transmitted packets in the encapsulation packets’ payload.

Before explaining at least one embodiment of the disclosure in detail, it is to be understood that the disclosure is not necessarily limited in its application to the details of construction and the arrangement of the components and/or methods set forth in the following description and/or illustrated in the drawings and/or the Examples. The disclosure is capable of other embodiments or of being practiced or carried out in various ways.

The present disclosure may be a system, a method, and/or a computer program product. The computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present disclosure.

The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing.

Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network.

The computer readable program instructions may execute entirely on the user's computer, partly on the user's computer such as the user equipment (UE), as a stand-alone software package, partly on the user's computer and partly on a remote computer such as the network apparatus or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider). In some embodiments, electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present disclosure.

Aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer readable program instructions. The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions.

Reference is now made to FIG. 1, which presents flow charts of exemplary processes of transferring packets between network nodes connected to a local network and remote network nodes connected to a separate network by mapping the remote network nodes using virtual L3 mapping, according to some embodiments of the present disclosure.

Exemplary processes 100, 300 and 400 may be executed to support direct mapping, in particular, L3 mapping of network nodes connected to different and separated networks connected via a common network infrastructure to support data packets exchange between such nodes using virtual L3 address mapping. This may be done by assigning one or more nodes connected to one network virtual L3 addresses mapping this node(s) in one or more other, separate networks.

The exemplary process 100 may be executed to initialize a first mapping agent 200A (mapping agent A) deployed in a (first) network (site) associated with a source node connected the first network to apply virtual L3 mapping of a destination network node connected to another (second) network (site) which is separated from the first network. The process 100 may further include initializing a second mapping agent 200B (mapping agent B) deployed in the second network and associated with the destination network node. The first mapping agent 200A and the second mapping agent 200B may each comprise one or more software modules, for example, a process, a script, an application, an agent, a utility, a tool and/or the like. Each of the software modules may include a plurality of program instructions executable by one or more processors to cause the processor(s) to carry out one or more operations.

Each of the first mapping agent 200A and the second mapping agent 200B are assigned virtual L3 address (e.g. IP addresses) in a range of a predefined L3 address range.

The exemplary process 300 may be executed by the first mapping agent 200A to forward network traffic, for example, unicast, multicast and/or broadcast (first) packets transmitted from the source network node to the destination network node. The first mapping agent 200A may adjust the L3 address of the (first) packets transmitted by the source node to the virtual L3 address assigned to the second mapping agent 200B and encapsulate the (first) packets in one or more encapsulation packets comprising a traffic indicator resolved according to the virtual L3 address of the second mapping agent 200B. The first mapping agent 200A may then transmit the encapsulation packet(s) to the second mapping agent 200B via a common network infrastructure connecting the first network to the second network. The first mapping agent 200A may forward (transmit) the encapsulation packet(s) to the second mapping agent 200B using one or more protocols, for example, an L2 tunneling protocol, an L3 networking protocol and/or the like

The exemplary process 400 may be executed by the second mapping agent 200B to receive the encapsulated packet(s) from the first mapping agent 200A, de-capsulate the encapsulated packet(s) to extract the (first) packets originally transmitted by the source node and transmit the extracted (first) packets to the destination node.

The first mapping agent 200A and the second mapping agent 200B may be further configured to support (second) data packets transfer on the response (reverse) path from the destination node to the source node.

Reference is now made to FIG. 2, which is a schematic illustration of an exemplary networked system for transferring packets between network nodes connected to a local network and remote network nodes connected to a separate network by mapping the remote network nodes using virtual L3 mapping, according to some embodiments of the present disclosure. An exemplary networked system 250 may include a first network 202A and a second network 202B which are separated from each while connected via a common network (infrastructure) 220, for example, an SDN, a Local Area Network (LAN), a Wide Area Network (WAN), a Municipal Area Network (MAN), a cellular network, the internet and/or the like. As such, since each of the networks 202A and 202B employs its local addressing scheme the nodes 210 connected to the different networks 202A and 202B cannot exchange data packets between them using direct L2 and/or L3 mapping. For example, a source node 210A connected to the first network 202A cannot directly communicate with a destination node 210B connected to the second network 202B.

The first network 202A and the second network 202B are connected to the network 220 via one or more gateways 212, for example, a router, a switch and/or the like. For example, the first network 202 A may include a gateway 212A to connect to the network 220 and the second network 202B may include a gateway 212B to connect to the network 220.

Naturally, the source node 210A may transmit and/or receive packets to/from the destination node 210B. However such traffic may typically involve one or more address translation protocols as known in the art typically applied by the gateway 212A and/or the gateway 212B. Due to this address translation, direct L2 (e.g. MAC address) and/or L3 mapping (e.g. IP address) the between these network nodes 210 as known in art is impossible.

To support the direct L3 mapping, mapping agents such as the mapping agents 200A and 200B may be deployed in the first network 202A and in the second network 202B respectively to create a virtual presence of the destination node 210B in the first network 202A thus emulating a direct connection of the destination node 210B to the first network 202A completely transparently to the source node 210A and the destination node 210B. The mapping agents 200A and 200B may be further configured to support the reverse (response) path for transmitting (second) packets from the destination node 210B to the source node 210A in a transparent manner for the destination node 210B and the source node 210A.

The first mapping agent 200A may be assigned a certain L3 address that may be directly mapped by the source node 210A. Upon reception of one or more data (first) packets destined for the destination node 210B, the first mapping agents 200A may adjust the (first) packet(s) to include a source virtual L3 address assigned to the first mapping agent 200A and a destination virtual L3 address assigned to the second mapping agent 200B. The virtual L3 addresses may be assigned in a virtual L3 address range predefined to support direct mapping between the source node 202A and the destination node 202B and optionally one or more additional network nodes 202 connected to the first network 200A, the second network 200B and/or another separate network 200. The first mapping agent 200A may then encapsulate (re-package) the received (first) packets to include a traffic identifier (e.g. an L2 identifier and/or an L3 identifier) indicating the second mapping agent 200B. In particular, the traffic identifier is resolved according to the destination virtual L3 address which is the virtual L3 address of the second mapping agent 200B. For example, the first mapping agent 200A may access and/or communicate with one or more DNS systems 230 to identify an address of the gateway 212B and the L3 address of the second mapping agent 200B according to the virtual L3 address of the second mapping agent 200B.

The DNS 230 may be updated to include the mapping of virtual L3 addresses assigned to the mapping agents 200A and 200B together with the network L2 and/or L3 addresses of the mapping agents 200A and 200B to support address translation to/from their respective virtual L3 addresses.

The DNS 230 may be deployed in one or more configuration, deployments and/or implementations as known in the art. For example, the DNS may be a distributed DNS comprising multiple local DNSs which are connected to one or more of the networks 202 and typically used by network nodes 210 connected to the respective network. For example, a local DNS 230A connected to the first network 202 A may serve the network node 210A and/or a local DNS 230B connected to the second network 202B may serve the network node 210B. In another example, the DNS may be a global DNS 230G comprising one or more global DNSs not restricted to a single network such as the first network 202a and/or the second network 202B and as such may be used by one or more of the network nodes 210, for example, 210A and/or 210B.

The first mapping agents 200A may employ one or more transmission protocols as known in the art for transmitting the encapsulated packets to the second mapping agent 200B. For example, the first mapping agents 200A may use one or more L2 based tunneling protocols such as, for example, L2TP, SSTP, IPSec and/or the like to transmit the encapsulated packets to the second mapping agents 200B. In another example, the first mapping agents 200A may use one or more L3 based networking protocols such as, for example, TCP, UDP and/or the like to transmit the encapsulated packets to the second mapping agents 200B.

The second mapping agent 200B receiving the encapsulated packets may de-capsulate the received encapsulation packets to extract the (first) packets originally transmitted by the source node 210A and transmit the extracted packets to the destination node 210B. In particular, the second mapping agent 200B extracts the adjusted (first) packets which include the virtual L3 addresses of the first mapping agent 200A and the second mapping agent 200B.

Moreover, the mapping agents 200A and 100B may be deployed to support transmission of unicast, multicast and/or broadcast (first) packets transmitted by the source node 210A to the destination node 210B. The first mapping agent 200A may be included in (join) one or more multicast groups created in the first network 202A. The first mapping agent 200A may be further configured to adjust the L3 addresses of broadcast packets and/or multicast packets directed to these joined multicast group(s) to include the virtual L3 addresses and encapsulate the (first) packets in encapsulation packets having traffic descriptors resolved according to the virtual L3 addresses. The first mapping agent 200A may then forward, to the second mapping agent 200B, one or more encapsulation packets which comprise the unicast, multicast and/or broadcast packets and have the traffic descriptor resolved according to the virtual L3 addresses. The second mapping agent 200B may then de-capsule the received encapsulation packet(s) to extract the unicast, multicast and/or broadcast packets and transmit them to the destination node 210B.

Reference is also made to FIG. 3A, FIG. 3B, FIG. 3C and FIG. 3D, which are schematic illustrations of exemplary virtual and physical networks deployments employing virtual L3 mapping for transferring packets between network nodes connected to separate networks, according to some embodiments of the present disclosure.

As seen in FIG. 3A, an exemplary SDN 250A such as the networked system 250 may be deployed for connecting a plurality of network nodes 210. The SDN is typically deployed for cloud computing platforms to provide network abstraction for efficient network configuration and management in order to improve network performance and monitoring. While following common networking protocols, the SDN 250A may centralize network intelligence in few network components by disassociating the forwarding process of network packets (data plane) from the routing process (control plane). The control plane may therefore consist of one or more SDN controllers which control the switching and routing of the network traffic.

The first network 202A hosting one or more network nodes 210, for example, the network node 210A may be an SDN defined network segment which connects to the SDN 250A via an SDN switch 212A. The second network 202B hosting one or more network nodes 210, for example, a network node 210B1 and a network node 210B2 may be another SDN defined network segment which connects to the SDN 250A via an SDN switch 212B. The network nodes 210 connected to the SDN 250B may include one or more physical network nodes, for example, a computer, a server, a computing node, a cluster of computing nodes and/or the like. Each of the physical network nodes 210 may include one or more processors (homogenous or heterogeneous) arranged for parallel processing, as clusters and/or as one or more distributed core processing units, one or more network interfaces for connecting to the network 202 A and/or 202B and a program store, for example, storage medium, either a volatile medium (e.g. a Random Access Memory (RAM), etc.) and/or a non-volatile medium (e.g. a hard drive, a Flash array, etc.) the storage medium may further include one or more local and/or remote network storage resources, for example, a storage server, a Network Attached Storage (NAS), a network drive, and/or the like accessible via one or more of the network interfaces.

However, as typical in cloud computing platforms and services, the network nodes 210 may include a plurality of virtual nodes (hosts), for example, a Virtual Machine (VM) and/or the like executed by one or more of the physical network nodes and utilizing their hardware resources.

The SDN switches such as the SDN switch 212A and the SDN switch 212B typically utilize virtual switches deployed and executed by one or more nodes 210 of the SDN 250A, for example, OpenFlow, netflow, ebpf enabled, an Open vSwitch (OVS) with DragonFlow control and/or the like to support switching and routing of network traffic between the network nodes 210, in particular between the virtual hosts.

The SDN switches, specifically the SDN switch 212A and the SDN switch 212B may be configured to deploy the mapping agents 200 for virtual F3 mapping of the source network node 210A connected to the first network 202A and destination nodes 210B1 and/or 210B2 connected to the second network 202B. As seen, each mapped destination node 210 may require deploying dedicated mapping agents 200 in both the first network 202A and in the second network 202B. For example, in order to facilitate the virtual F3 mapping between the source network node 210A and the destination node 210B1, a first mapping agent 200A1 associated with the source network node 210A may be deployed in the first network 202A to communicate with an instance of the second mapping agent 200B1 deployed in the second network 202B and associated with the destination node 210B1. Similarly, in order to facilitate the virtual F3 mapping between the source network node 210A and the destination node 210B2, a first mapping agent 200A2 associated with the source network node 210A may be deployed in the first network 202A to communicate with another instance of the second mapping agent 200B2 deployed in the second network 202B and associated with the destination node 210B2.

In the SDN 250A, the first and second mapping agents 200A and 200B may be utilized by configuring one or more mapping record of the SDN. For example, the mapping record(s) defined for the SDN switch 212A and/or the SDN switch 212B may be adjusted to include the virtual L3 addresses assigned to the destination nodes 210B1 and/or 210B2 in a routing table of the first network 202A which typically includes the L3 addresses of the nodes 210 connected to the first network 202A.

As seen in FIG. 3B, an exemplary physical network 250B such as the networked system 250 may be deployed for connecting a plurality of network nodes 210. The first network 202A hosting one or more of the network nodes 210, for example, the network node 210A may be private network (site) which connects to the network 220 via a gateway 212A, for example, a router, a switch and/or the like. The second network 202B hosting one or more other network nodes 210, for example, the network node 210B1 and/or the network node 210B2 may be another private network (site) which connects to the network 220 via another gateway 212B, for example, a router, a switch and/or the like.

The network nodes 210 of the network 250B may include one or more physical network nodes, for example, a mobile device, a computer, a server, a computing node, a cluster of computing nodes and/or the like. Optionally, one or more of the physical network nodes may execute and/or host one or more virtual nodes (hosts).

The gateway 212A and the gateway 212B may be computing devices which similarly to the network nodes 210, may comprise one or more processors, storage and one or more network interfaces.

As described for the SDN 250A, one or more destination nodes 210, for example, the destination node 210B1 and/or the destination node 210B2 may be mapped via virtual L3 mapping to the first network 202A by deploying one or more sets of the first mapping agent 200A and the second mapping agent 200B. This is because as stated before, each mapped destination node 210B may require a dedicated pair of the first mapping agent 200A and the second mapping agent 200B. The first mapping agent 200A and the second mapping agents 200B1 and/or 200B2 may use one or more DNSs such as the DNS 230 either a local DNS such as the local DNS 230A and/or 230B or a global DNS such as the global DNS 230G to resolve the actual network addresses of the network nodes 210 according to the virtual L3 addresses assigned to their associated mapping agents 200.

The first mapping agent 200A and the second mapping agent 200B may be deployed and executed in the first network 202A and/or in the second network 202B using one or more of a plurality of implementations, techniques and/or methods. For example, as seen in the first network 202A, one or more network nodes 210, either physical or virtual, for example, a network node 210H comprising one or more processor and memory resources may execute the first mapping agent 200A1 for mapping the destination node 210B1 and/or a first mapping agent 200 A2 for mapping the destination node 210B2. In another example, as seen in the second network 202A, the gateway 212B may execute a first instance 200B1 of the second mapping agent 200B associated with the destination node 210B1 and/or a second instance 200B2 of the second mapping agent 200B associated with the destination node 210B2.

As seen in FIG. 3C, an exemplary mixed network 250C such as the networked system 250 may include a first network 202A which is facilitated by an SDN as described in the network 250A and a second network 202B which is a physical network 250B. The first network 202A hosting one or more of the network nodes 210, for example, the network node 210A connects to the SDN via an SDN switch such as the SDN switch 212A as described for the network 250A. The physical second network 202B hosting one or more other network nodes 210, for example, the network node 210B1 and/or the network node 210B2 may be another private network (site) which connects to the network 220 via another gateway 212B, for example, a router, a switch and/or the like. In particular, the gateway 212B may be regarded as an edge gateway (edge switch) located at the edge of the SDN and connecting the SDN to the network nodes 210 of the second network 202B, in particular the network node 210B.

Such mixed network deployments are common for connecting one or more physical nodes such as the network node 210B having no virtualization layer to an SDN. For example, one or more single tenant physical servers and/or bare-metal servers to an SDN which constitutes at least part of a virtual cloud, for example, a Virtual Private cloud (VPC). Having no virtualization layer, the network node 210B is therefore incapable of applying one or more of the virtual network encapsulation protocols, for example, Virtual Extensible LAN (VXLAN), Network Virtualization using Generic Routing Encapsulation (NVGRE), Generic Network Virtualization Encapsulation (GENEVE), Stateless Transport Tunneling (STT) and/or the like.

In order to facilitate connection of the network node 210B to the SDN and allow traffic exchange between the network node 210A and the network node 210B, a virtual port 240 may be deployed in the second network 202B as known in the art. In particular, the virtual port 240 may be deployed to support encapsulation outgoing packets (egress traffic) from the network node 210B and de-capsulation of incoming packets (ingress traffic) according to the virtual network encapsulation protocol(s) used in the SDN first network 202A. The virtual port 240 may include one or more software modules optionally supported by one or more hardware elements and may be deployed using one or more implementations and/or deployment schemes. For example, the virtual port 204 may be executed by the gateway 212B connecting the network node 210B to the network.

In order to facilitate the virtual L3 mapping between the source node 210A and the destination node 210B, a first mapping agent 200A associated with the source network node 210A may be deployed in the first network 202A to communicate with a second mapping agent 200B deployed in the second network 202B and associated with the destination node 210B, in particular with the virtual port 240 mapping the physical destination node 210B.

As described herein before, while the first mapping agent 200A may be utilized by configuring one or more of the SDN mapping records, the second mapping agent 200B may use one or more DNSs such as the DNS 230 to resolve network mapping and/or routing addresses of the first mapping agent 200A, for example, a local DNS such as the local DNS 230B and/or a global DNS such as the global DNS 230G.

According to some embodiments of the present disclosure, as seen in FIG. 3D, a single second mapping agent such as the second mapping agent 200B may be deployed in the second network 202B and associated with a single network node connected to the second network 202B which serves as a destination node 210B (e.g. host, service, etc.) for a plurality of (client) network nodes, for example, a source node 210A and a source node 2 IOC connected to one or more other networks 202 separated from the second network 202B, for example, the first network 202A and a third network 202C. Each of the plurality of source nodes 210 is associated with a respective first mapping agent such as the second mapping agent 202A executed at the network 202 to which the respective source node 210 is connected. For example, the source node 210A may be associated with a first mapping agent 200A executed in the first network 202A and the source node 2 IOC may be associated with a first mapping agent 200C executed in the third network 202C.

In such deployments, the destination node 210B may view all (first) packets received via the single second mapping agent 200B as received from a single source while in fact they may originate from multiple sources, for example, the source node 210A and/or the source node 2 IOC. However, the second mapping agent 200B may apply one or more connection tracking methods, algorithms and/r techniques to identify the specific source node 210A and/or 210C from which each received (first) packet originated.

Reference is made once again to FIG. 1.

As shown at 102, the process 100 starts with initiating a first mapping agent such as the first mapping agent 200A associated with a source node such as the source node 210A connected to a first network such as the first network 202 A. The first mapping agent 200A is initiated for directly mapping, in the first network 202A, a destination node such as the destination node 210B connected to a second network such as the second network 202B such that the destination node 210B appears to be connected to the first network 202A.

The first mapping agent 200A is assigned with a unique local F3 address in an F3 address range of the first network 202A to map the first mapping agent 200A in the first network 202A. The first mapping agent 200A is further assigned with a unique virtual F3 address to map the first mapping agent 200A with respect to other mapping agents associated with the network nodes 210 connected to separate networks 202 and requiring direct mapping, for example, the source node 210A and the destination node 210B. The virtual F3 address assigned to the first mapping agent 200A is in an F3 address range predefined for mapping the network nodes 210 for which the direct mapping is setup, in particular the source node 210A and the destination node 210B.

The first mapping agent 200A may be configured to map the destination node 210B for unicast, multicast and/or broadcast packets. For example, the local F3 address assigned to the first mapping agent 200A may be included in one or more multicast groups thus mapping the destination node 210b in this multicast group(s).

The first mapping agent 200A may be initiated in a virtual network such as the SDN 250A, in a physical network such as the network 250B and/or in a combination thereof such as the mixed network 250C.

In the SDN 250A, the first mapping agent 200A may be initiated by configuring, adjusting and/or creating one or more of the mapping records, for example, a mapping table, a switching table, a routing table and/or the like which define the switching and routing of network traffic in the SDN 250A used by one or more SDN controllers to control switching and/or routing of network traffic in the SDN 250A. For example, the first mapping agent 200A may be initiated by adding the local L3 address assigned to the first mapping agent 200A to the mapping record(s) defined for the SDN switch 212A such that the SDN switch 212A routes network traffic to the first mapping agent 200A as if it was connected to the first network 202A. The mapping record(s) defined for the SDN switch 212A may be further adjusted, configured and/or updated to include the virtual L3 address of the first mapping agent 200A to identify the first mapping agent 200A with respect to other mapping agents 200 initiated to support the direct mapping of the network nodes 210A and 210B.

As such, the SDN switch 212A adapted to support the first mapping agent 200B may intercept one or more first packets, for example, a unicast packet, and/or a multicast packet transmitted in the first network 202A and destined to the local L3 address mapping the first mapping agent 200A. The SDN switch 212A may further intercept one or more (first) broadcast packets transmitted in the first network 202A.

In the physical network 250B, the first mapping agent 200A may be initiated by instructing a network node such as the network node 21 OH and/or a gateway such as the gateway 212A to launce the first mapping agent 200A. The executed first mapping agent 200A is assigned with the local L3 address to map the first mapping agent 200A in the first network 202A and with a virtual L3 address to map the first mapping agent 200A with respect to other mapping agents 200 associated the network nodes 210 for which the direct mapping is required, in particular the source node 210A and the destination node 210B. When executed, the first mapping agent 200A may therefore intercept one or more (first) packets destined for the local L3 address. The first mapping agent 200A may be further configured to join one or more multicast groups defined in the first network 202 A. Therefore, after executed, the first mapping agent 200A may intercept one or more (first) multicast packets destined for the multicast groups that the first mapping agent 200A is included in. Moreover, after executed, the first mapping agent 200A may intercept one or more (first) broadcast packets transmitted in the first network 202A.

In the mixed network 250C, the first mapping agent 200A may be initiated as described for the SDN 250A in case the first network 202A to which the source node 210A is connected is part of an SDN such as the SDN 250A. In case the first network 202A is a physical network such as the physical network 250B, the first mapping agent 200A may be initiated as described for the physical network 250B.

The first mapping agent 200A may be initiated by one or more users, for example, a system administrator and/or the like authorized to configure, manipulate and/or adjust the SDN 250A, the physical network 250B and/or the mixed network 250C. Optionally, specifically in the SDN 250A and/or the mixed network 250C, the first mapping agent 200B may be initiated by an SDN controller which may manipulate the mapping record(s) of the SDN switch 212A to include the local L3 address and the virtual L3 address assigned to the first mapping agent 200A.

After initiating the first mapping agent 200A, one or more DNSs such as the local DNS 230A and/or the global DNS 230G may be adjusted and/or updated to associate the virtual L3 address assigned to the first mapping agent 200A with the local L3 address of the first mapping agent 200A.

As shown at 104, a second mapping agent such as the second mapping agent 200A may be initiated and associated with the destination node 210B connected to the second network 202B to support the direct mapping of the destination node 210B in the first network 202A. In a similar manner as described for first mapping agent 200A, the second mapping agent 200B is initiated in the second network 202B and assigned with a unique local L3 address and a unique virtual L3 address. The local L3 address selected in the L3 address range of the second network 202B maps the second mapping agent 200B in the second network 202B. The virtual L3 address is selected in the virtual L3 address range predefined for mapping the mapping agents 200 associated with the directly mapped network nodes 210, in particular the source node 210A and the destination node 210B. The virtual L3 address therefore uniquely maps the second mapping agent 200B with respect to the other mapping agents 200, for example, the first mapping agent 200A.

Similarly, to the first mapping agent 200A, the second mapping agent 200B may be initiated in a virtual network such as the SDN 250A, in a physical network such as the physical network 250B and/or in a combination thereof such as the mixed network 250C.

The second mapping agent 200B may be initiated and configured in the SDN 250A, in the physical network 250B and/or in the mixed network 250C as described for the first mapping agent 200A with the exception of course that all is done in the second network 202B. Similarly to the first mapping agent 200A, the second mapping agent 200B may be initiated by one or more of the users adjusting the SDN 250A, the physical network 250B and/or the mixed network 250C. Optionally, as described for the first mapping agent 200A, specifically in the SDN 250A and/or the mixed network 250C, the second mapping agent 200B may be initiated by one or more of the SDN controllers which may manipulate the mapping record(s) of the SDN switch 212B to include the local L3 address and the virtual L3 address assigned to the second mapping agent 200B.

After initiating the first mapping agent 200A, one or more DNSs such as the local DNS 230A and/or the global DNS 230G may be adjusted and/or updated to associate the virtual L3 address assigned to the first mapping agent 200A with the local L3 address of the first mapping agent 200A.

After the first mapping agent 200A and the second mapping agent 200B are properly initiated and configured they may execute the processes 300 and 400 respectively.

As shown at 302, the first mapping agent 200A may receive (intercept) one or more (first) packets destined for the destination node 210B transmitted in the first network 202A from one or more source nodes, for example, the source node 210A. The source node 210A may be configured to define the destination node 210B as the destination node for the (first) packet(s) by including the local L3 address of the first mapping agent 200A in these packets.

The first mapping agent 200A may therefore intercept (first) unicast packets specifically directed to the destination node 210B which include the local L3 address of the first mapping agent 200A. However, the first mapping agent 200A may further intercept one or more (first) multicast packets transmitted to one or more multicast groups which the first mapping agent 200A joined in order to map the destination node 210B in this multicast group(s). The first mapping agent 200A may also intercept one or more (first) broadcast packets transmitted in the first network 202A.

As shown at 304, the first mapping agent 200A may adjust the intercepted (first) packets to include the virtual L3 address of the second mapping agent 200B as the destination address. The first mapping agent 200B may further adjust the intercepted (first) packets to include the virtual L3 address of the first mapping agent 200A as the source address. For example, the first mapping agent 200A may adjust the destination L3 address in the intercepted (first) packet(s) to replace the local L3 address of the first mapping agent 200A with the virtual L3 address of the second mapping agent 200B. Similarly, the first mapping agent 200A may adjust the source L3 address in the intercepted (first) packet(s) to replace the local L3 address of the source node 210A with the virtual L3 address of the first mapping agent 200A.

As shown at 306, the first mapping agent 200A may encapsulate the intercepted (first) packet(s) in one or more encapsulation packets comprising a traffic descriptor generated by the first mapping agent 200A to identify (indicate) the second mapping agent 200B as the target (destination).

The traffic descriptor, in particular the source and destination addresses in the traffic descriptor may be resolved according to the virtual L3 address of the second mapping agent 200B and optionally the virtual L3 address of the first mapping agent 200A. Resolving the traffic descriptor may be done using the one or more of the DNSs 230, for example, the local DNS 230A and/or the global DNS 230G which are configured to associated the virtual L3 addresses assigned to the mapping agent 200 with actual network addressing and routing addresses. The traffic descriptor may therefore include the network routing and mapping information for transferring the encapsulation packet(s) to the second network 202B in which the second mapping agent 200B is executed.

The first mapping agent 200A may generate, construct and/or configure the traffic descriptor to include one or more destination addresses, for example, L2 address, L3 address and/or the according to the transfer protocol used to forward the encapsulation packet(s) to the second network 202B. For example, assuming the first mapping agent 200A communicates with the second mapping agent 200B using one or more L2 tunneling protocols, for example, VLAN tunneling, MPLS, GRE.geneve, STT, L2-vpn, Ethernet over IP, VXLAN, IP over IP, Pseudo tunnels and/or the like. In such case, the first mapping agent 200A may construct the traffic descriptor to include a destination L2 address of the second mapping agent 200B resolved using the DNS(s) 230. The first mapping agent 200A may include the traffic descriptor as metadata associated with the L2 encapsulation packet(s) as available and supported by the L2 tunneling protocol(s). In another example, assuming the first mapping agent 200A communicates with the second mapping agent 200B using one or more L3 based networking protocols, for example, IP (e.g. IPv4, IPv6, etc.), IPX/SPX and/or the like. In such case, the first mapping agent 200A may construct encapsulation packet(s) as L3 based packets assigned with the traffic descriptor comprising an L3 address of the second mapping agent 200A resolved using the DNS(s) 230. The first mapping agent 200A may insert the traffic descriptor, for example, in the appropriate destination address field(s) of the L3 encapsulation packet(s).

As shown at 308, the first mapping agent 200A may forward (transmit) the encapsulation packet(s) to the second mapping agent 200B using one or more of the L2 tunneling protocols and/or one or more of the L3 networking protocols.

As shown at 402, the second mapping agent 200B may receive the encapsulation packet(s) transmitted by the first mapping agent 200A using the L2 tunneling protocol(s) and/or the L3 networking protocol(s).

As shown at 404, the second mapping agent 200B may de-capsulate the received encapsulation packet(s) and extract the (first) packet(s) originally transmitted by the source node 210A and intercepted by the first mapping agent 200A at the first network 202A. In particular, the (first) packet(s) extracted by the second mapping agent 200B from the encapsulation packet(s) are the adjusted (first) packets rather comprising the virtual L3 addresses of the first mapping agent 200A (source address) and the second mapping agent 200B (destination address). As described in step 302 of the process 300, the extracted (first) packet(s) originally transmitted by the source node 210A may include one or more unicast, multicast and/or broadcast packets.

As shown at 406, the second mapping agent 200B may adjust the extracted (first) packet(s) to include the local L3 address of the destination node 210B as the destination address. The first mapping agent 200B may further adjust the extracted (first) packets to include the local L3 address of the second mapping agent 200B as the source address. For example, the second mapping agent 200B may adjust the destination L3 address in the extracted (first) packet(s) to replace the virtual L3 address of the second mapping agent 200B with the local L3 address of the destination node 210B. Similarly, the second mapping agent 200B may adjust the source L3 address in the extracted (first) packet(s) to replace the virtual L3 address of the first mapping agent 200A with the local L3 address of the second mapping agent 200B.

As shown at 408, the second mapping agent 200A may transmit the (first) packet(s) adjusted with the local L3 address of the destination node 210B which may thus intercept them.

The first mapping agent 200A and the second mapping agent 200B may be further configured to support a reverse transmission path, i.e., a response path to support transmission of one or more (second) packets, for example, unicast, multi -cast and/or broadcast packets from the destination node 20 IB to the source node 210A. To achieve this, the first mapping agent 200A and the second mapping agent 200B may switch their operations modes such that the second mapping agent 200B may execute the process 300 while the first mapping agent 200A executes the process 400.

The virtual L3 mapping described in the processes 100, 300 and 400 may be scaled and extended to support a plurality of source and destination nodes pairs such as the source node 210A and the destination node 210B. A plurality of pairs of the first mapping agent 200A and the second mapping agent 200B may be deployed such that each pair is associated with a respective specific pair of source node and a destination node.

An exemplary such network is presented in FIG. 3B where tow destination nodes 210B1 and 210B2 are mapped into the first network 202A. As seen, a respective pair of the first mapping agent 200A and the second mapping agent 200B is initiated for mapping each of the destination nodes 210B1 and 210B2. Specifically, a first mapping agent 200A1 and a second mapping agent 200B1 are initiated for mapping the destination nodes 210B1 for the source node 210A while a first mapping agent 200A2 and a second mapping agent 200B2 are initiated for mapping the destination nodes 210B2 for the source node 210A.

According to some embodiments of the present disclosure, the traffic descriptor may be resolved according to name of the network nodes 210, for example, source node 210A and/or the destination node 210B. In particular, the traffic descriptor may be resolved according to a Uniform Resource Identifier (URI) of the respective network node 210, for example, a Uniform Resource Locator (URL) and/or the like. In such embodiments, one or more higher level protocols may be applied, for example, Layer 7 (L7) protocols, such as, for example, Hypertext Transfer Protocol (HTTP) and/or the like to resolve the traffic descriptor. For example, the address of the source node 210A and/or of the destination node 21 OB may be inferred from one or more parameters of one or more HTTP requests issued by the source node 210A and/or of the destination node 210B.

Moreover, in such embodiments the first mapping agent 200A may forward the encapsulated packet(s) to the second mapping agent 200B using one or more tunneling protocols which support name (i.e., URI, URL, etc.) mapping.

Reference is now made to FIG. 4, which is a schematic illustration of an exemplary sequence for initializing a network to employ virtual L3 mapping for transferring packets from nodes connected to a local network and remote network nodes connected to separate networks, according to some embodiments of the present disclosure. An exemplary sequence 410 describes configuration and operation of a first mapping agent such as the first mapping agent 200A and a second mapping agent such as the second mapping agent 200B deployed and configured to map a destination node such as the destination node 210B connected to a second network such as the second network 202B for a source node such as the source node 210A connected to a first network such as the first network 202A and optionally vice versa.

As seen, the sequence 410 includes a configuration phase for initiating and configuring the first and second mapping agents 200A and 200B and a traffic phase in which network traffic comprising one or more first packets, for example, a unicast packet, a multicast packet and/or a broadcast packet transmitted from the source node 210A to the destination node 210B.

During the configuration phase, one or more controllers 402, for example, a user (e.g. a system admin, etc.), an SDN controller and/or the like may instruct initiation of the first mapping agent 200A at the first network 202A. For example, as presented in the exemplary sequence 410, the controller 402 initiates the first mapping agent 200A to be executed by a gateway such as the gateway 212A, for example, an SDN switch, a router and/or the like which connects the first network 202A to a common network such as the network 220.

The controller 402 assigns a local L3 address mapping the first mapping agent 200A in the first network 202 A for directly mapping the destination node 210 to the source node 210A. As such the source node 210A may use the local L3 address of the first mapping agent 200A to transmit one or more (first) packets to the destination node 21 OB.

The controller 402 further configures the first mapping agent 200A to have a unique virtual L3 address in the address range predefined to support direct mapping of a plurality of network nodes 210, in particular the source node 210A and the destination node 210B.

Moreover, the controller 402 may include /join) the local L3 address of the first mapping agent 200A in one or more multicast groups which the destination node 210B should be part of. The controller 402 also configures the first mapping agent 200A to forward intercepted (first) packets having its local L3 address to the second mapping agent 200B using one or more of the L2 tunneling protocols and/or one or more of the L3 networking protocols as described in the processes 300 and 400.

In response, the gateway 212A may initiate and execute the first mapping agent 200A.

The controller 402 may instruct initiation of the second mapping agent 200B at the second network 202B. For example, as presented in the exemplary sequence 410, the controller 402 initiates the second mapping agent 200B to be executed by a gateway such as the gateway

212B, for example, an SDN switch, a router and/or the like which connects the second network 202B to the network 220.

The controller 402 assigns a local L3 address mapping the second mapping agent 200B in the second network 202B and used for directly mapping the destination node 210 to the source node 210A. Using its local L3 address, the second mapping agent 200B may therefore transmit one or more packets to the destination node 210B.

The controller 402 further configures the second mapping agent 200B to have a unique virtual L3 address in the address range predefined to support direct mapping of a plurality of network nodes 210, in particular the source node 210A and the destination node 210B. The controller 402 also configures the second mapping agent 200B to forward to the destination node 210B the (first) packets received from the first mapping agent 200A, in particular packets extracted from encapsulation packet(s) received from the first mapping agent 200A. In response, the gateway 212B may initiate and execute the second mapping agent 200B.

During the operational (traffic) phase, as described in step 302 of the process 300, the source node 210A may transmit one or more (first) packets, for example, unicast, multicast and/or broadcast packets which may be intercepted by the first mapping agent 200A. For example, in case one or more unicast packets are transmitted by the source node 210A to the destination node 210B, the first mapping agent 200A may intercept these unicast packet(s). In another example, in case one or more multicast packets are transmitted by the source node 210A to a multicast group which the first mapping agent 200A joined, the first mapping agent 200A may intercept these multicast packet(s). In another example, the first mapping agent 200A may intercept any broadcast packet transmitted by the source node 210A.

As described in step 306 of the process 300, the first mapping agent 200A may encapsulate the intercepted (first) packet(s) in one or more encapsulation packets according to the L2 and/or L3 forwarding protocols that the first mapping agent 200A is configured to support. The first mapping agent 200A may include in the encapsulation packet(s) a traffic descriptor indicating the L2 and/or L3 network address of the second mapping agent 200B where the traffic descriptor is resolved according to the virtual L3 address of the second mapping agent 200B.

As described in step 308 of the process 300, the first mapping agent 200A may then transmit (forward) the encapsulation packet(s), which are routed via the gateway 212A to the network 220. The encapsulation packet(s) comprising the traffic descriptor with the L2 and/or L3 network address of the second mapping agent 200B may be routed via the network 220 to the gateway 212B connecting the second network 202B to the network 220.

The gateway 212B may transfer the encapsulation packet(s) to the second network 202B where the second mapping agent 200B may intercept each encapsulation packet having the traffic descriptor with the L2 and/or L3 network address assigned to the second mapping agent 200B as described in step 402 of the process 400. As described in step 404 of the process 400, the second mapping agent 200B may de-capsulate the received encapsulation packet(s) and extract the unicast, multicast and/or broadcast packet(s) originally transmitted by the source node 210A via the first network 202 A. The second mapping agent 200B may further adjust the extracted packets to include the L3 address of the destination node as described in step 406 of the process 400. Finally, as described in step 408 of the process 400, the second mapping agent 200B transmits via the second network 202B the unicast, multicast and/or broadcast packet(s) extracted from the encapsulation packet(s) and having the adjusted destination L3 address. The destination node 210B may intercept these unicast, multicast and/or broadcast packet(s), which are assigned with the destination L3 address of the destination node 210B.

As evident, deploying the first and second mapping agents 200A and 200B allows the destination node 210B to receive the unicast, multicast and/or broadcast packets as if the destination node 210B is connected directly in the first network 202 A. Moreover, neither the source node 210A nor the first mapping agents 200A need to be familiar with the local network mapping applied in the second network 202B (i.e., the local L3 addresses) since the network traffic in particular the encapsulation packets are transmitted using the virtual L3 addresses of the second mapping agent 200B.

Reference is now made to FIG. 5, which is a schematic illustration of an exemplary embodiment of a network employing virtual L3 mapping for transferring packets between network nodes connected to two separate networks, according to some embodiments of the present disclosure. Reference is also made to FIG. 6, which is a schematic illustration of an exemplary sequence applied by network nodes connected to two separate networks in an exemplary network embodiment to transfer packets to remote network nodes using virtual L3 mapping, according to some embodiments of the present disclosure.

An exemplary network 500 such as the network 250 includes a first network such as the first network 202A and a second network such as the second network 202B. The first network 202A is connected to a common network such as the network 200 via a gateway such as the gateway 212A having an outer address, for example, an outer L3 address (IP address) 134.25.85.14. The second network 202B is connected to the network 200 via a gateway such as the gateway 212B having an outer address, for example, an outer IP address 164.27.19.200.

A network node such as the source network node 210A is connected to the first network 202A and assigned with a local L3 address (IP address) 192.168.1.3. A first mapping agent such as the first mapping agent 200A associated with the source node 210A is initiated in the first network 202A and assigned with a local L3 address 192.168.200.4. The first mapping agent 200A is further assigned with a virtual L3 address to map the first mapping agent 200A with respect to the other mapping agents 200 to support the direct mapping of the network nodes 210A and 210B. In particular, the first mapping agent 200A is assigned with a virtual L3 (IP address) 128.0.0.1 which is in a predefined L3 address range 128.0.x.x.

A network node such as the destination network node 210B is connected to the second network 202B and assigned with a local L3 address (IP address) 10.0.0.5. A second mapping agent such as the second mapping agent 200B associated with the destination node 210B is initiated in the second network 202B and assigned with a local L3 address 10.0.7.3. The second mapping agent 200B is further assigned with a virtual L3 address to map the second mapping agent 200B. In particular, the second mapping agent 200B is assigned with a virtual L3 (IP address) 128.0.0.7 in the predefined L3 address range 128.0.x.x.

A local DNS such as the DNS 230A which is connected to the first network 202 A is configured to map the first mapping agent 200A in the network 500 by associating the first mapping agent 200A with its local L3 address (192.168.200.4), its virtual L3 address (128.0.0.1) and the outer address of the gateway 212A (134.25.85.14). The local DNS 230A is further configured to map the second mapping agent 200B in the network 500 by associating the second mapping agent 200B with its local L3 address (10.0.7.3), its virtual L3 address (128.0.0.7) and the outer address of the gateway 212B (164.27.19.200).

A local DNS such as the DNS 230B which is connected to the second network 202B is also configured to map the first mapping agent 200A and the second mapping agent 200B in the network 500 as done for the DNS 230A.

An exemplary sequence 600 may be executed by the first mapping agent 200A and the second mapping agent 200B initiated in the networked system 500 and executing the processes 300 and 400 respectively.

As seen in the sequence 600, the network node 210A being the source node may send (transmit) one or more (first) packet(s) destined for the network node 210B being the destination node. The source node 210A may therefore construct the sent packet(s) to include the local L3 address (IP address) of the first mapping agent 200A, i.e., 192.168.200.4.

The first mapping agent 200A may discover the virtual L3 addresses assigned to itself and to the second mapping agent 200B. The first mapping agent 200A and the second mapping agent 200B are each assigned with a unique virtual L3 address which may be assigned using one or more methods, techniques, tools and/or protocols. For example, the first mapping agent 200A and the second mapping agent 200B may be manually assigned with respective virtual L3 addresses. In another example, one or more network management systems and/or services, for example, the controller 402 may assign respective virtual L3 addresses to the first mapping agent 200A and the second mapping agent 200B. After each of the mapping agents 200 is assigned with a unique virtual L3 address, the assigned virtual L3 addresses may be published to the other mapping agent(s). For example, the virtual L3 address assigned to the second mapping agent 200B may be published to the first mapping agent 200A and vice versa, the virtual L3 address assigned to the first mapping agent 200A may be published to the second mapping agent 200B. Publishing the virtual L3 addresses may be done using one or more of the methods, techniques, tools and/or protocols used for assigning the virtual L3 addresses. The first mapping agent 200A may then adjust the received (first) packet(s) as described in step 304 of the process 300. Specifically, the first mapping agent 200A replaces the local L3 address of the source node (192.168.1.3) in the source address field of the packet(s) to the virtual L3 address of first mapping agent 200A (128.0.0.1). The first mapping agent 200A further replaces the local L3 address of the first mapping agent 200A (192.168.200.4) in the destination address field of the (first) packet(s) to the virtual L3 address of second mapping agent 200B (128.0.0.7).

The first mapping agent 200A encapsulates the adjusted (first) packet(s) in one or more encapsulation packets(s) and includes in the encapsulation packets(s) a traffic descriptor resolved according to the virtual L3 address of the second mapping agent 200B as described in step 306 of the process 300. For example, the first mapping agent 200A may use and/or access the DNS 230A to resolve the network addresses of the gateway 212B and optionally of the destination node 210B based on the virtual L3 addresses of the second mapping agent. For example, assuming the encapsulation packet(s) are forwarded using one or more of the L3 networking protocols, the first mapping agent 200A may construct the traffic descriptor to include the outer L3 address (IP address) of the gateway 212B (164.27.19.200) in the destination field of the traffic descriptor. Similarly, the first mapping agent 200A includes the outer L3 address (IP address) of the gateway 212A (134.25.85.14) in the source field of the traffic descriptor.

The first mapping agent 200A may forward (transmit) the encapsulation packet(s) which are routed in the network 500 according to the network addresses indicated in their traffic descriptor(s) and may thus arrive to gateway 212B which may route these encapsulation packet(s) to the second mapping agent 200B. The second mapping agent 200B may de-capsulate the received encapsulation packet(s) as described in step 404 of the process 400 to extract the (first) packet(s) originally transmitted by the source node 210A, in particular, the adjusted (first) packet(s). The second mapping agent 200B may then adjust the extracted packet(s) as described in step 406 of the process 400 such that they indicate the destination node 210B as the destination of the packet(s). Specifically, the second mapping agent 200B replaces the virtual L3 address of the first mapping agent (128.0.0.1) in the source address field of the packet(s) to the local L3 address of second mapping agent 200B (10.0.7.3). The second mapping agent 200B further replaces the virtual L3 address of the second mapping agent 200B (128.0.0.7) in the destination address field of the packet(s) to the local L3 address of destination node 210B (10.0.0.5).

The second mapping agent 200B may then transmit (send) the adjusted packet(s) to the destination node 210B via the second network 202B and since the destination address in the packet(s) indicate the destination node 210B, the destination node 210B intercepts these packet(s).

Evidently, as seen in the sequence 600, the first mapping agent 200A transmits the encapsulated packets using the virtual L3 address of the second mapping agent 200B and may therefore be completely ignorant of the local network mapping of the second network 202B. The same applies for the response path where the second mapping agent 200B transmits encapsulated packets using the virtual L3 address of the first mapping agent 200A and may therefore be completely ignorant of the local network mapping of the first network 202A.

As described herein before, according to some embodiments of the present disclosure, a single second mapping agent such as the second mapping agent 200B may be deployed in a second network such as the second network 202B and associated with a single network node connected to the second network 202B which serves as a host destination node 210B for a plurality of client network nodes such as the source nodes 210A and 2 IOC connected to one or more other networks 202 separated from the second network 202B, for example, the first network 202A and/or the third network 202C.

Reference is now made to FIG. 7, which is a schematic illustration of an exemplary networked system in which a single host network node is mapped to a plurality of client network nodes connected to separate networks using a single mapping agent for virtual L3 mapping of the network node for transferring packets between the host and client network nodes, according to some embodiments of the present disclosure. Reference is also made to FIG. 8A and FIG 8B, which are schematic illustrations of an exemplary sequence applied by a single host network node and multiple client network nodes connected to separate networks for transferring packets between the host and client network nodes using a single mapping agent for virtual L3 mapping of the host network node, according to some embodiments of the present disclosure.

An exemplary network 700 such as the network 250, in particular the network 250D includes a first network such as the first network 202A, a second network such as the second network 202B and a third network such as the third network 202C. The first network 202A is connected to a common network such as the network 200 via a gateway such as the gateway 212A having an outer address, for example, an outer L3 address (IP address) 134.25.85.14. The second network 202B is connected to the network 200 via a gateway such as the gateway 212B having an outer address, for example, an outer IP address 164.27.19.200. The third network 202C is connected to the network 200 via a gateway such as the gateway 212C having an outer address, for example, an outer IP address 19.85.44.3.

A network node such as the source network node 210A is connected to the first network 202A and assigned with a local L3 address (IP address) 192.168.1.3. A first mapping agent such as the first mapping agent 200A associated with the source node 210A is initiated in the first network 202A and assigned with a local L3 address 192.168.200.4. The first mapping agent 200A is further assigned with a virtual L3 address to map the first mapping agent 200A with respect to the other mapping agents 200, specifically the first mapping agent 200A initiated to support the direct mapping of the network nodes 210A and 210B. In particular, the first mapping agent 200A is assigned with a virtual L3 (IP address) 128.0.0.1 which is in a predefined L3 address range 128.x.x.x.

A network node such as the destination network node 210B is connected to the second network 202B and assigned with a local L3 address (IP address) 10.0.0.5. A second mapping agent such as the second mapping agent 200B associated with the destination node 210B is initiated in the second network 202B and assigned with a local L3 address 10.0.7.3. The second mapping agent 200B is further assigned with a virtual L3 address to map the second mapping agent 200B. In particular, the second mapping agent 200B is assigned with a virtual L3 (IP address) 128.0.0.7 in the predefined L3 address range 128.x.x.x. A network node 2 IOC such as the source network node 210A is connected to the third network 202C and assigned with a local L3 address (IP address) 172.23.0.7. A third mapping agent 200C such as the first mapping agent 200A associated with the source node 2 IOC is initiated in the third network 202B and assigned with a local L3 address 172.24.1.19. The third mapping agent 200C is further assigned with a virtual L3 address to map the third mapping agent 200C. In particular, the third mapping agent 200C is assigned with a virtual L3 (IP address) 128.0.0.19 in the predefined L3 address range 128.x.x.x.

A local DNS such as the DNS 230A which is connected to the first network 202 A is configured to map the first mapping agent 200A in the network 500 by associating the first mapping agent 200A with its local L3 address (192.168.200.4), its virtual L3 address (128.0.0.1) and the outer address of the gateway 212A (134.25.85.14). The local DNS 230A is further configured to map the second mapping agent 200B in the network 500 by associating the second mapping agent 200B with its local L3 address (10.0.7.3), its virtual L3 address (128.0.0.7) and the outer address of the gateway 212B (164.27.19.200).

A local DNS 230C such as the DNS 230A which is connected to the third network 202C is configured to map the third mapping agent 200C and the second mapping agent 200B in the network 500 as done for the DNS 230A.

A local DNS such as the DNS 230B which is connected to the second network 202B is configured to map the first mapping agent 200A, the third mapping agent 200C and the second mapping agent 200B in the network 500.

An exemplary sequence 800 presented in FIG. 8A and continued in FIG. 8B may be executed by the first mapping agent 200A, the third mapping agent 200C and the second mapping agent 200B initiated in the networked system 500 and executing the processes 300 and 400 respectively.

As seen in the sequence 800, the source network node 210A may send (transmit) one or more (first) packets destined for the network node 210B serving as the destination (host) node. The source node 210A may therefore construct the sent packet(s) to include the local L3 address (IP address) of the first mapping agent 200A, i.e., 192.168.200.4. The first mapping agent 200A may adjust the received (first) packet(s) and encapsulate the (first) packet(s) as described in steps 304 and 306 of the process 300 and as described for the sequence 600. The first mapping agent 200A may adjust the source and destination address fields of the (first) packet(s). As such, the first mapping agent 200A replaces the local L3 address 192.168.1.3 in the source address field of the (first) packet(s) to the virtual L3 address 128.0.0.1. The first mapping agent 200A further replaces the local L3 address 192.168.200.4 in the destination address field to the virtual L3 address 128.0.0.7. The first mapping agent 200A encapsulates the adjusted (first) packet(s) in one or more encapsulation packets(s) having a traffic descriptor resolved according to the virtual L3 address of the second mapping agent 200B. For example, the traffic descriptor may include the outer IP address of the gateway 212B (164.27.19.200) in the destination field and the outer IP address of the gateway 212A (134.25.85.14) in the source field. The first mapping agent 200A may then forward (transmit) the encapsulation packet(s) which are routed in the network 700 according to the network addresses indicated in their traffic descriptor(s) and may thus arrive to gateway 212B which may route these encapsulation packet(s) to the second mapping agent 200B.

Similarly, the source network node 2 IOC may send (transmit) one or more (first) packets destined for the network node 21 OB serving as the destination (host) node. The source node 2 IOC may therefore construct the sent (first) packet(s) to include the local L3 address (IP address) of the third mapping agent 200C, i.e., 172.24.1.19. The third mapping agent 200C may adjust the received (first) packet(s) and encapsulate the (first) packet(s) as described in steps 304 and 306 of the process 300 and as described for the sequence 600. The third mapping agent 200C may adjust the source and destination address fields of the (first) packet(s). As such, the third mapping agent 200C replaces the local L3 address 172.23.0.7 in the source address field of the (first) packet(s) to the virtual L3 address 128.0.0.19. The third mapping agent 200C further replaces the local L3 address 172.24.1.19 in the destination address field to the virtual L3 address 128.0.0.7. The third mapping agent 200C encapsulates the adjusted (first) packet(s) in one or more encapsulation packets(s) having a traffic descriptor resolved according to the virtual L3 address of the second mapping agent 200B. For example, the traffic descriptor may include the outer IP address of the gateway 212B (164.27.19.200) in the destination field and the outer IP address of the gateway 212C (19.85.44.3) in the source field. The third mapping agent 200C may then forward (transmit) the encapsulation packet(s) which are routed in the network 700 according to the network addresses indicated in their traffic descriptor(s) and may thus arrive to gateway 212B which may route these encapsulation packet(s) to the second mapping agent 200B. Evidently, the encapsulation packet(s) transmitted by the first mapping agent 200A as well as the encapsulation packet(s) transmitted by the third mapping agent 200C arrive at the single second mapping agent 200B associated with the destination node 210B.

The second mapping agent 200B may therefore track every connection created for each packet(s) transfer with each mapping agent 200 associated with one of the plurality of source nodes 210. For example, the second mapping agent 200B may create and track a first connection (1) established with the first mapping agent 200A and a second connection (2) established with the third mapping agent 200C. The second mapping agent 200B may use one or more connection tracking protocols, algorithms and/or tools supported by the forwarding protocols used by the first mapping agent 200A and/or the third mapping agent 200C to forward the encapsulation packet(s). For example, the second mapping agent 200B may use one or more provisions available in one or more Fayer 4 (F4) protocols, for example, TCP, UDP and/or the like to track the connections. For example, the second mapping agent 200B may identify and log the source F3 address of the encapsulation packets comprising the outer IP address of the originating gateway 212 to track the connection to the gateway 212A and/or the gateway 212C. In another example, the second mapping agent 200B may identify and log the source F3 address of the (first) packet(s) extracted from the encapsulation packets comprising the virtual F3 address of the originating mapping agent to track the connection to the first mapping agent 200a and/or to the third mapping agent 200C.

The second mapping agent 200B may de-capsulate the received encapsulation packet(s) as described in step 404 of the process 400 to extract the (first) packet(s) originally transmitted by the source node 210A. The second mapping agent 200B may then adjust the extracted (first) packet(s) as described in step 406 of the process 400 such that they indicate the destination node 210B as the destination of the (first) packet(s) and the second mapping agent 200B as the source of the (first) packet(s). Specifically, the second mapping agent 200B replaces the virtual F3 address 128.0.0.1 in the source address field to the local F3 address 10.0.7.3. The second mapping agent 200B further replaces the virtual F3 address 128.0.0.7 in the destination address field to the local F3 address 10.0.0.5.

The second mapping agent 200B may then transmit (send) the adjusted (first) packet(s) to the destination node 210B via the second network 202B and since the destination address in the (first) packet(s) indicate the destination node 210B, the destination node 210B intercepts these (first) packet(s).

On the return (response) path, the second mapping agent 200B may execute the process 300 to forward to the mapping agents 200 associated with the source nodes 210A and/or 210C one or more (second) packets transmitted by the destination node 210B in response to the (first) packets received from the source nodes 210A and/or 2 IOC. However, since there may potentially be multiple connections with multiple mapping agents associated with multiple source nodes 210, for example, the first mapping agent 200A and the third mapping agent 200C, the second mapping agent 200B may use the connection information in order to identify the exact originating mapping agent 200. Based on the identification of the originating mapping agent 200A and/or 200C, the second mapping agent 200B may adjust the (second) packets received from the destination node 210 to include the virtual L3 address of the identified mapping agent 200A and/or 200C. Similarly, based on the identification of the originating mapping agent 200A and/or 200C, the second mapping agent 200B may resolve the outer IP address of the respective gateway 212 of the network 202 hosting the identified mapping agent 200A and/or 200C and may construct the traffic descriptor accordingly.

The descriptions of the various embodiments of the present disclosure have been presented for purposes of illustration, but are not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein was chosen to best explain the principles of the embodiments, the practical application or technical improvement over technologies found in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

It is expected that during the life of a patent maturing from this application many relevant technologies will be developed and the scope of the terms virtual networking, virtual node and virtual switch are intended to include all such new technologies a priori.

As used herein the term “about” refers to ± 10 %.

The terms "comprises", "comprising", "includes", "including", “having” and their conjugates mean "including but not limited to". This term encompasses the terms "consisting of' and "consisting essentially of'. The phrase "consisting essentially of' means that the composition or method may include additional ingredients and/or steps, but only if the additional ingredients and/or steps do not materially alter the basic and novel characteristics of the claimed composition or method.

As used herein, the singular form "a", "an" and "the" include plural references unless the context clearly dictates otherwise. For example, the term "a compound" or "at least one compound" may include a plurality of compounds, including mixtures thereof.

The word “exemplary” is used herein to mean “serving as an example, instance or illustration”. Any embodiment described as “exemplary” is not necessarily to be construed as preferred or advantageous over other embodiments and/or to exclude the incorporation of features from other embodiments.

The word “optionally” is used herein to mean “is provided in some embodiments and not provided in other embodiments”. Any particular embodiment of the disclosure may include a plurality of “optional” features unless such features conflict.

Throughout this application, various embodiments of this disclosure may be presented in a range format. It should be understood that the description in range format is merely for convenience and brevity and should not be construed as an inflexible limitation on the scope of the disclosure. Accordingly, the description of a range should be considered to have specifically disclosed all the possible subranges as well as individual numerical values within that range. For example, description of a range such as from 1 to 6 should be considered to have specifically disclosed subranges such as from 1 to 3, from 1 to 4, from 1 to 5, from 2 to 4, from 2 to 6, from 3 to 6 etc., as well as individual numbers within that range, for example, 1, 2, 3, 4, 5, and 6. This applies regardless of the breadth of the range.

Whenever a numerical range is indicated herein, it is meant to include any cited numeral (fractional or integral) within the indicated range. The phrases “ranging/ranges between” a first indicate number and a second indicate number and “ranging/ranges from” a first indicate number “to” a second indicate number are used herein interchangeably and are meant to include the first and second indicated numbers and all the fractional and integral numerals there between.

It is appreciated that certain features of the disclosure, which are, for clarity, described in the context of separate embodiments, may also be provided in combination in a single embodiment. Conversely, various features of the disclosure, which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable sub combination or as suitable in any other described embodiment of the disclosure. Certain features described in the context of various embodiments are not to be considered essential features of those embodiments, unless the embodiment is inoperative without those elements.

All publications, patents and patent applications mentioned in this specification are herein incorporated in their entirety by reference into the specification, to the same extent as if each individual publication, patent or patent application was specifically and individually indicated to be incorporated herein by reference. In addition, citation or identification of any reference in this application shall not be construed as an admission that such reference is available as prior art to the present disclosure. To the extent that section headings are used, they should not be construed as necessarily limiting. In addition, any priority document(s) of this application is/are hereby incorporated herein by reference in its/their entirety.