Forum Discussion
Solved
NAT GW operation
In a course, the below image is used to illustrate the operation of NAT GW.
What I don't understand here is how asymmetric traffic is avoided. If an Azure resource is accessed over its associated public IP and the response comes back via the NAT GW performing SNAT using a different IP address, then most probably this traffic would be dropped by any well-behaving source entity. For instance, assuming HTTP traffic, I can't imagine a TCP session established like that.
How does this work ?
- I think this is explained briefly here: https://learn.microsoft.com/en-us/azure/architecture/networking/guide/well-architected-network-address-translation-gateway
So if the direction of the traffic is originally outbound, it will use the NAT GW. If it is inbound like connecting to LB FE this will use the LB FE to reply and avoid asymmetric routing.
- I think this is explained briefly here: https://learn.microsoft.com/en-us/azure/architecture/networking/guide/well-architected-network-address-translation-gateway
So if the direction of the traffic is originally outbound, it will use the NAT GW. If it is inbound like connecting to LB FE this will use the LB FE to reply and avoid asymmetric routing.Thank you anas86 , this explains the operation clearly.
For completeness sake the article referenced puts it this way:
"NAT gateway will take precedence over a load balancer with or without outbound rules, and over public IP addresses assigned directly to VMs. Azure tracks the direction of a flow, and asymmetric routing will not occur. Inbound originated traffic will be translated correctly, such as a load balancer frontend IP, and it will be translated separately from outbound originated traffic through a NAT gateway. This separation allows inbound and outbound services to coexist seamlessly."
