The carrier-grade network address translation (CGNAT) module on the BIG-IP system supports large groups of translation addresses using large-scale NAT (LSN) pools and grouping of address-translation-related options in an ALG profile, which can be assigned to multiple virtual servers. It also has the ability to match virtual servers based on client address to destination addresses and ports. Other characteristics of the CGNAT module are listed here.
The CGNAT module can assign the same external (translation) address to all connections originated by the same internal client. For example, providing endpoint-independent address mapping.
CGNAT can accept inbound external connections to active translation address/port combinations to facilitate endpoint-independent filtering as described in section 5 of RFC 4787. This is also known as a full-cone NAT.
Log messages that map external addresses and ports back to internal clients for troubleshooting and law enforcement/legal compliance are supported.
Deterministic mode is an option to assign translation address and port based on the client address/port and destination address/port. It uses reversible mapping to reduce logging, while maintaining translated IP address discoverability for troubleshooting and law compliance. Deterministic mode also provides an option to configure backup-members.
Geared toward service providers, the CGNAT module is offered as a stand-alone license or as an add-on license for Local Traffic Manager (LTM) and Policy Enforcement Manager (PEM).
Perform these tasks to deploy a source translation using CGNAT.