AbstractThe Linux Kernel has a known race condition when doing source network address translation (SNAT) that can lead to SYN packets being dropped. SNAT is performed by default on outgoing connections with Docker and Flannel using iptables masquerading rules. The race can happen when multiple containers try to establish new connections to the same external address concurrently. In some cases, two
![A reason for unexplained connection timeouts on Kubernetes/Docker](https://cdn-ak-scissors.b.st-hatena.com/image/square/ba9b3f8f317577c62de0e2a45ad6682ecfee938e/height=288;version=1;width=512/https%3A%2F%2Fmiro.medium.com%2Fv2%2Fresize%3Afit%3A886%2F1%2A8gfknIaQ2nbtAF597Tk7QQ.png)