Tunneling is a technique of encapsulating packets constructed in one network protocol format within another protocol for transmission over a network, such that the packets being encapsulated appear as data to the network. For instance, Foo-over-UDP (FOU) is a unidirectional user datagram protocol (UDP) header encapsulation/tunneling mechanism. Any Internet Protocol (IP) packet can be encapsulated using FOU, and the FOU UDP encapsulation can provide advantages such as Network Overlay creation, hardware/software optimizations such as Receive Side Scaling (RSS) and Equal Cost Multipath (ECMP) routing, UDP checksum offload, etc.
Some tunneling mechanisms such as FOU are stateless, meaning that no information is maintained at a local tunnel endpoint about the state or availability of the remote tunnel endpoint. FOU also lacks a control plane, which would otherwise be responsible for managing the FOU tunnels (e.g., by establishing authenticated connections, and the like). Instead, FOU tunnels are typically configured statically based on, e.g., configuration information input by a user.
Source network address translation (SNAT) is a technique of translating source IP addresses and/or source ports in packet headers to other IP addresses and/or ports. For example, a router's firewall may convert private IP addresses contained in packets sent from devices on a private network to public IP addresses when those packets pass through the firewall to a public network. With tunneling mechanisms such as FOU that are stateless and lack a control plane, tunnel endpoints receiving SNATed FOU traffic are traditionally unable to recognize the SNATing and respond back to the translated IP address and/or port.