> In the first, if Alice served by Bob and Bobby, it is probable that > Alice's administration lists both the Alice-via-Bob and the Alice-via- > Bobby address in DNS. If Carol seeks to connect to Alice, Alice will > pick among those addresses at random unless she has a good explicit > reason to have an affinity to one of them. However, routing within > Alice's network may choose a different exit gateway than the ingress > gateway Carol in effect chose when she chose an address to use for > Alice. Thus, when Carol sends a SYN to Alice-via-Bob, the SYN-ACK > might come from Alice-via-Bobby. One hopes that Carol would eventually > retry Alice-via-Bobby and get through.
It can get even worse is Carol is served by Dan and Danny. In the worse case, we get something like: 1) Carol sends a SYN to Alice-via-Bob. It gets routed through Dan, because of local preferences at Carol's network. 2) Alice sends a SYN-ACK to Carol-via-Dan. It gets routed through Bobby, due to local preferences at Alice's network. 3) Of course, the SYN-ACK gets dropped by the NAT66-via-Dan entry point in Carol's network. 4) Carol retries, sends a SYN to Alice-via-Bobby. It gets routed through Danny, because of local preferences at Carol's network. 5) Alice sends a SYN-ACK to Carol-via-Danny. It gets routed through Bob, due to local preferences at Alice's network. 6) Tough luck, uh.. -- Christian Huitema _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
