Forum Discussion
sam_111661
Nimbostratus
Nimbostratuscan a node connect to it's VIP in version 4?
This virtual server is ENABLED -- a.b.c.d:25
Pool: pool_name
This node is UP. -- Total Connections: 6003589 1.1.1.1:25
This node is UP. -- Total Connections: 5928724 1.1.1.2:25
This node is UP. -- Total Connections: 3593351 1.1.1.3:25
VLAN1---(2.2.2.x)---BIGIP---(1.1.1.x)---VLAN2
The nodes 1.1.1.x is in VLAN2 and have the bigip as their default gateways, no SNAT used. Bigip's default gateway is through vlan1, suppose 2.2.2.1 and ipforwarding is enabled to allow traffic from VLAN1 to access the internet
The issue is that these nodes require to connect to the VIP a.b.c.d:25 sometimes and this fails. The syn is sent from the node to the bigip (default gateway) as the VIP is from a different VLAN, the syn reaches the bigip and it dies there.
Is there a way to make this work on bigip version 4 (4.6.4)? this looks to work fine on version 9
Thanks
- That connection would need to be SNAT'd, since the response from the server to which the request is LB would go back to the server making the request without traversing the BIG-IP to reverse the destination address change: Request comes from 1.1.1.1 bound for a.b.c.d:25, is LB to 1.1.1.x. Without SNAT, source address is still 1.1.1.1, destination is now 1.1.1.x. 1.1.1.x replies directly to 1.1.1.1, who was expecting a reply from a.b.c.d instead, so the connection fails.
HTH
/deb 
sam_111661Thanks deb, but SNAT is disabled on the pool so that the nodes see the real IP address of the clients. I suppose the only way to do this is to use selective SNAT by creating an iRule that will do SNAT based on the source IP address- That would be correct - I'd define a SNAT with the server subnet as the origin.
