NimbostratusHello,
I have several pool members that are that are reachable/available through with their native IP addresses or NAT'ed addresses configured on the LTM (v11.4.1).
For non-load balanced connections (backups, monitoring etc), is it best/more efficient to connect to the native or NAT addresses?
Thanks in advance.
Cheers, Jeremy
EmployeeShort answer, no it doesn't matter. Long answer: To the BIG-IP, it's pretty much the same. It still needs to track the flow, it has to build a connection. The fact that the IP address changes it immaterial. I've done performance tests (on version 11.X and later) which show that whether BIG-IP is doing NAT, VIP/NAT, SNAT, forwarding, doesn't really matter to the overhead. The only thing that changes it would be if there was a function you had configured which would stop the ASIC from running, like doing Layer7 inspection on a virtual server.
Now, me personally, if I have the option to run non-NAT'd traffic through, then I do that to make things easier for troubleshooting. It usually just depends on where my security perimeter is.
NimbostratusShort answer, no it doesn't matter. Long answer: To the BIG-IP, it's pretty much the same. It still needs to track the flow, it has to build a connection. The fact that the IP address changes it immaterial. I've done performance tests (on version 11.X and later) which show that whether BIG-IP is doing NAT, VIP/NAT, SNAT, forwarding, doesn't really matter to the overhead. The only thing that changes it would be if there was a function you had configured which would stop the ASIC from running, like doing Layer7 inspection on a virtual server.
Now, me personally, if I have the option to run non-NAT'd traffic through, then I do that to make things easier for troubleshooting. It usually just depends on where my security perimeter is.
Nimbostratus