NAT traversal improvements, pt. 2: Challenges in cloud environments

In the second installment of a series on NAT traversal improvements, the focus is on the challenges faced when establishing secure connections in public cloud environments, particularly with Tailscale. The major cloud providers, such as AWS, Azure, and Google Cloud, offer NAT solutions that are optimized for outbound traffic but present obstacles for peer-to-peer connectivity due to their symmetric design and randomized port assignments. To address these challenges, various strategies are discussed, including assigning public IPs to cloud instances, using custom NAT instances or firewalls, leveraging specific cloud provider features, and employing subnet routers or exit nodes for traffic routing. The article suggests that while public IPs simplify direct connections, alternative configurations can mitigate NAT constraints, with the promise of future enhancements as cloud networks slowly adapt to these connectivity needs.