--> In the Last topic, I discussed how the virtual server changes the destination IP address on request packets and source IP address on response packets.
--> A NAT is a feature in BIG IP LTM provides the ability of one to one mapping between private and public IP address.
--> NAT is basically used in BIG IP LTM when you don't want to use any of the load balancing algorithms and send the request directly to an internal node.
--> When you implement NAT in BIG IP LTM, all the ports in the internal node are open. This creates a security risk and it can be solved by using SNAT.
--> When you implement Virtual Server in BIG IP LTM, it listens for only one particular port on the internal node.
--> With NAT, whenever the client from external network sends the request to public IP address which is NATTED on BIG IP LTM System.
--> NAT object on BIG IP LTM System translates the destination ip address ( Public IP Address) to the private IP address of an internal node.
--> When the Internal node sends the response back to BIG IP LTM System, The source address ( private IP address) is changed to public ip address configured on BIG IP LTM System.
--> The problem with using NAT on BIG IP LTM is it opens all the ports of the internal node.
--> NAT object on BIG IP LTM System accepts the traffic for any port as long as it matches destination IP address.
--> We can solve this issue by using SNAT in BIG IP LTM System.
SNAT:
--> SNAT is also called as Source NAT or Secure NAT in BIG IP LTM.
--> NAT provides only one to one mapping whereas SNAT provides many to one mapping.
--> NAT requires one public IP address for each internal node, SNAT needs only one public IP address for all the internal nodes.
--> NAT is bidirectional and SNAT is unidirectional.
--> SNAT is also used in BIG IP LTM System to avoid routing complexities.
--> With SNAT, we can change both source and destination ip address of the packet.
--> Source address is changed by SNAT and destination ip address is changed by Virtual Server.
Ref: F5.com
Md.Kareemoddin
CCIE # 54759
--> A NAT is a feature in BIG IP LTM provides the ability of one to one mapping between private and public IP address.
--> NAT is basically used in BIG IP LTM when you don't want to use any of the load balancing algorithms and send the request directly to an internal node.
--> When you implement NAT in BIG IP LTM, all the ports in the internal node are open. This creates a security risk and it can be solved by using SNAT.
--> When you implement Virtual Server in BIG IP LTM, it listens for only one particular port on the internal node.
--> With NAT, whenever the client from external network sends the request to public IP address which is NATTED on BIG IP LTM System.
--> NAT object on BIG IP LTM System translates the destination ip address ( Public IP Address) to the private IP address of an internal node.
--> When the Internal node sends the response back to BIG IP LTM System, The source address ( private IP address) is changed to public ip address configured on BIG IP LTM System.
--> The problem with using NAT on BIG IP LTM is it opens all the ports of the internal node.
--> NAT object on BIG IP LTM System accepts the traffic for any port as long as it matches destination IP address.
--> We can solve this issue by using SNAT in BIG IP LTM System.
SNAT:
--> SNAT is also called as Source NAT or Secure NAT in BIG IP LTM.
--> NAT provides only one to one mapping whereas SNAT provides many to one mapping.
--> NAT requires one public IP address for each internal node, SNAT needs only one public IP address for all the internal nodes.
--> NAT is bidirectional and SNAT is unidirectional.
--> SNAT is also used in BIG IP LTM System to avoid routing complexities.
--> With SNAT, we can change both source and destination ip address of the packet.
--> Source address is changed by SNAT and destination ip address is changed by Virtual Server.
Ref: F5.com
Md.Kareemoddin
CCIE # 54759
0 Comments