General Networking

ICMP with High RTT - May indicate link congestion and QoS Shaping in place

ICMP Code:

• !!!!! --- OK

• ..... --- No routes

• U.U --- Upper stream have routes for destination, but host is not reachable

• M.M --- MTU issue, Fragmentation needs at upper stream

• N.N --- Upper stream have routes for destination, but network/subnet is not unreachable

SNAT is abbreviation for Source Network Address Translation. It is typically used when an internal/private host needs to initiate a connection to an external/public host. The device performing NAT changes the private IP address of the source host to public IP address. It may also change the source port in the TCP/UDP headers.

DNAT stand for Destination Network Address Translation. Destination NAT changes the destination address in IP header of a packet. It may also change the destination port in the TCP/UDP headers. The typical usage of this is to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network. Destination NAT is performed on incoming packets, where the firewall translates a public destination address to a private address. DNAT is a 1-to-1, static translation with the option to perform port forwarding or port translation. Users over Internet Accessing a Web Server hosted in a Data Center is a typical example where DNAT is used to hide the private Address of Web Server and NAT device translates the Public Destination IP reachable to Internet Users to Private IP address of Web Server.

CGNAT use the Shared Address Space address range is 100.64.0.0/10.

BGP Anycast

Google IAP - Identity awareness proxy (VPN replacement)