CPC H04L 45/586 (2013.01) [H04L 45/748 (2013.01); H04L 61/5061 (2022.05)] | 20 Claims |
1. A method comprising:
receiving, by a router associated with a cloud, a first network packet via a branch device, wherein the branch device is external to the cloud and wherein the first network packet comprises a first destination internet protocol address and a first source internet protocol address;
selecting, by the router, a second source internet protocol address from a network address translation pool, wherein the network address translation pool comprises a group of internet protocol addresses;
inserting, by the router, the second source internet protocol address into the first network packet as an updated first network packet source internet protocol address, resulting in a modified first network packet;
storing, by the router, a mapping data structure comprising a relation between the second source internet protocol address and the first source internet protocol address;
forwarding, by the router, the modified first network packet via a firewall to a cloud workload associated with the cloud;
receiving, by the router, a second network packet via the firewall and from the cloud workload, wherein the second network packet comprises a third source internet protocol address associated with the cloud workload, and a second destination internet protocol address, wherein the second destination internet protocol address matches the second source internet protocol address;
using, by the router, the mapping data structure and the second destination internet protocol address to identify the first source internet protocol address;
inserting, by the router, the first source internet protocol address into the second network packet as an updated second network packet destination address, resulting in a modified second network packet; and
forwarding, by the router, the modified second network packet via the branch device and towards the updated second network packet destination address.
|