Worker Role TCP packets modified by MSFT's NAT/PAT?

Question

Is there any public information on the NAT translation (or Port translation) involved at the MSFT datacenters?  I know there is some port translation through my work with Silverlight and Azure-hosted WCF so that makes me skeptical about how "raw" my connection is outbound.

My worker role has its own DNS resolver and I would like to know *IF* I need to be concerned with ftp://ftp.rfc-editor.org/in-notes/rfc2182.txt section 4.2.

Specifically I would like to know if there is an Application Layer Gateway that understands DNS and will translate my RFC-Compliant DNS packets as necessary

Answer 1

Same question stated differently:  What happens to my packets when they enter and leave the datacenter?  ... is there any port translation?


Here is a real-world example of what I'm asking:

http://en.wikipedia.org/wiki/DNS_cache_poisoning

...  routers, firewalls, proxies, and other gateway devices that perform network address translation (NAT), or more specifically, port address translation (PAT), often rewrite source ports in order to track connection state. When modifying source ports, PAT devices typically remove source port randomness implemented by nameservers and stub resolvers

The underlined part is a bad thing.  I want to keep port randomness, do Azure-hosted worker roles with outbound connections have to worry about this?

Answer 2

I didn't see any information about this in PDC, or from channel 9... *bump*