I’ve heard that on some corporate networks, outbound traffic from the same user can hop around different “from” IPs. Does that break two-way UDP, or do the networks only act that way for TCP?
If it does break two-way UDP, is there a common way two-way UDP applications deal with it, besides falling back on TCP?
Answer
from the same user can hop around different “from” IPs. Does that break two-way UDP, or do the networks only act that way for TCP?
Yes, that does happen when you are using NAT with a pool of public addresses, but it doesn’t break because the system performing the NAT keeps a translation table that maps things to the correct place.
Since UDP is connectionless those translation table entries do expire after a while though. Where ‘a while’ is defined locally on the firewall. The translation would break if nothing is sent or received after a certain period of time.
If you do have an UDP app that crosses a firewall you usually need to provide an option that sends periodic keep-alive messages so your NAT translation stays active. Ideally this value will be tune-able.
Attribution
Source : Link , Question Author : Abscissa , Answer Author : Zoredache
