On 2019-04-28, Rachel Roch <rroch@tutanota.de> wrote:
> Hi,
>
> I've read the delightful manual but its a little terse in this area, so I hope some knowledgeable soul can enlighten me:
>
> 1) Looking at tcpdumps, I've noticed (on 6.5 have no prior experience with nat-to random to compare against) that 'random' seems to operate more like 'round-robin' (e.g. if I send traffic, pause, send traffic again it just loops through the IP pool in order).
Unsure about this.
> 2) I'm unclear when 'sticky-address' should be appended to random ? In my mind I'm thinking about, say, "secure websites" which may track your (apparent) source-IP during the time you are logged in, and if it changes you could be booted out. Or am I overthinking things and 'sticky-address' is potentially less useful than I think it might be ?
Yes this is definitely still a problem in some cases. In particular some banks
(and some other sites) restrict sessions to a single source IP.
> Finally, is there any reason why there isn't (yet?) a more intelligent mapping ? (e.g. similar to the options in LACP ... e.g. source plus destination, not just source).
I've not seen that suggested before. I imagine tracking source+destination
would be a huge drain on memory though (and might not help in many situations
which want a "sticky" address)..
No comments:
Post a Comment