On 17/07/17 12:22, Alex Balashov wrote:
On Mon, Jul 17, 2017 at 12:19:47PM +0300, Nikolay Shopik wrote:
- protect you from async routing of packets (we had issue where we protect TCP stream with VPN tunnel, but at some point something broke at farend side and packets keep flowing around tunnel and UDP gladly accept them since there no session establishing)
Assuming that firewall rules make this possible, wouldn't this occur with TCP as well, by way of the client or server simply opening a new TCP connection next time one needs to contact the other?
Our case was with multi homing, TCP won't accept SYN.ACK response on different interface since its binding to IP when sending SYN. Unfortunately I don't remember all details now. So yeah TCP doesn't protect from all async cases but helps in some.