Forum Discussion

JWhitesPro_1928

Cirrostratus

Jun 30, 2016

AFM NAT vs LTM NAT

This feature seems to have creeped up somewhere in the 12.x release for AFM? Or maybe it's been there but I've never seen it... https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/produc...

Nimbostratus

Jul 24, 2017

hi peter,

so what is difference between the standalone CGNAT module and CGNAT module that integrated in the AFM NAT ?

Peter_Mills_697
Historic F5 Account
Jul 24, 2017
Nothing actually. The same code is used for both. It is repackaging exercise since AFM users prefer to use ACLs. It also reduces the number of virtual servers required since you can setup a wildcard VIP and use ACL rules to filter the traffic. AFM is also gradually leap frogging the CGNAT module in other respects e.g. by adding support for proxy ARP (both source and destination) and adding other forms of 1:1 static NAT.

dynamic-pat == CGNAT
Peter_Mills_697
Historic F5 Account
Jul 24, 2017
CGNAT ALGs are still provisioned as they are today by attaching a profile to the Virtual Server but they interoperate with AFM dynamic-pat.

CGNAT LSN pools and dynamic-pat are mutually exclusive.
bassam_gohar_26
Nimbostratus
Jul 24, 2017
thanks a lot peter :), so in dynamic pat we should take care from the CMP hash on the inbound and outbound vlans like the CGNAT module ?
Peter_Mills_697
Historic F5 Account
Jul 24, 2017
The same configuration steps are required to deploy dynamic-pat as CGNAT LSN pools in terms of the SP-DAG i.e. still have to specify the correct VLAN hash. static-nat does not have the same dependency on the DAG i.e. it also works with the default DAG.
bassam_gohar_26
Nimbostratus
Jul 24, 2017
thanks peter :)