Forum Discussion
4 Replies
- James_ThomsonEmployee
Short answer, no it doesn't matter. Long answer: To the BIG-IP, it's pretty much the same. It still needs to track the flow, it has to build a connection. The fact that the IP address changes it immaterial. I've done performance tests (on version 11.X and later) which show that whether BIG-IP is doing NAT, VIP/NAT, SNAT, forwarding, doesn't really matter to the overhead. The only thing that changes it would be if there was a function you had configured which would stop the ASIC from running, like doing Layer7 inspection on a virtual server.
Now, me personally, if I have the option to run non-NAT'd traffic through, then I do that to make things easier for troubleshooting. It usually just depends on where my security perimeter is.
- Jeremy_Keen_133NimbostratusHi James, thanks for getting back to me with an answer - and what you're saying makes sense. Cheers, Jeremy
- James_Thomson_1Historic F5 Account
Short answer, no it doesn't matter. Long answer: To the BIG-IP, it's pretty much the same. It still needs to track the flow, it has to build a connection. The fact that the IP address changes it immaterial. I've done performance tests (on version 11.X and later) which show that whether BIG-IP is doing NAT, VIP/NAT, SNAT, forwarding, doesn't really matter to the overhead. The only thing that changes it would be if there was a function you had configured which would stop the ASIC from running, like doing Layer7 inspection on a virtual server.
Now, me personally, if I have the option to run non-NAT'd traffic through, then I do that to make things easier for troubleshooting. It usually just depends on where my security perimeter is.
- Jeremy_Keen_133NimbostratusHi James, thanks for getting back to me with an answer - and what you're saying makes sense. Cheers, Jeremy