SOLVED

NAT GW operation

Copper Contributor

In a course, the below image is used to illustrate the operation of NAT GW.

What I don't understand here is how asymmetric traffic is avoided. If an Azure resource is accessed over its associated public IP and the response comes back via the NAT GW performing SNAT using a different IP address, then most probably this traffic would be dropped by any well-behaving source entity. For instance, assuming HTTP traffic, I can't imagine a TCP session established like that.
How does this work ?

 

 

lafrankhu_0-1706881084258.png

 

2 Replies
best response confirmed by lafrankhu (Copper Contributor)
Solution
I think this is explained briefly here: https://learn.microsoft.com/en-us/azure/architecture/networking/guide/well-architected-network-addre...

So if the direction of the traffic is originally outbound, it will use the NAT GW. If it is inbound like connecting to LB FE this will use the LB FE to reply and avoid asymmetric routing.

Thank you @anas86 , this explains the operation clearly.

For completeness sake the article referenced puts it this way:

"NAT gateway will take precedence over a load balancer with or without outbound rules, and over public IP addresses assigned directly to VMs. Azure tracks the direction of a flow, and asymmetric routing will not occur. Inbound originated traffic will be translated correctly, such as a load balancer frontend IP, and it will be translated separately from outbound originated traffic through a NAT gateway. This separation allows inbound and outbound services to coexist seamlessly."

1 best response

Accepted Solutions
best response confirmed by lafrankhu (Copper Contributor)
Solution
I think this is explained briefly here: https://learn.microsoft.com/en-us/azure/architecture/networking/guide/well-architected-network-addre...

So if the direction of the traffic is originally outbound, it will use the NAT GW. If it is inbound like connecting to LB FE this will use the LB FE to reply and avoid asymmetric routing.

View solution in original post