[Ietf-behave] GoogleWifi NAT

["David Barrett" <dbarrett@xxxxxxxxxxxx>]

I’m working on a p2p layer and testing on a variety of networks, and it appears that the Google WiFi network in Union Square (San Francisco) uses a NAT with unusual properties.  It’s a pretty normal symmetric NAT (address/port-dependent mapping and filtering), except it lets each UDP port only receive from precisely one remote host.

 

To give an example:

1)       Open a UDP socket on port A

2)       Send from A to remote host B

3)       B receives the packet and responds

4)       A receives B’s response just fine

5)       Send from A to remote host C

6)       C receives the packet and responds

7)      A never receives C’s response

 

That’s right, A can apparently send to any number of remote hosts, but can only receive from the first one it sends to.  Each remote host is assigned a different mapping (ie, if you send to two different STUN servers, each server sees a different port for A), but only the first server contacted can actually reply back along the route it sees.

 

I don’t recall the BEHAVE spec mentioning anything about this behavior, though speaking as a p2p developer, it’s pretty awful.  Has anyone else seen anything like this?

 

-david