Forum Discussion

Type11_8030's avatar
Icon for Nimbostratus rankNimbostratus
Jun 08, 2011

Changing SNAT IP based on client destination IP and resulting alarms

With some help from this forum I have an irule that works to route outgoing (initiating from server behind BigIP) traffic to clients via different SNAT IPs based on the destination it is going to. We need this as the clients will only allow connections from a certain IP and it depends based on the network subnets it is going to.



To do this we made a virtual server with the iRule attached and no members to the server. This works fine and sends to the right place from the server pool when it initiates connections.




However these LBs are being monitored and the f5 keeps sending traps saying the virtual server has no members up. there is no monitor on the VS and no pool to have a monitor on so not sure why it is doing this or how to get it to stop




To work around this I tried to just add my main app server pool to the rule and do a ping monitor to stop the SNP trap being sent. This stopped the trap but now the iRule doesn't work on outgoing traffic!




Any help or a better way to do this would be MUCH appreciated.






3 Replies

  • John_Alam_45640's avatar
    Historic F5 Account
    Please clarify:



    The messages would say the "Pool has no active members", not the virtual servers. If so, what pool is it. What is that pool doing? if there isn't one attached to your virtual?
  • Actually it is saying virtual server not available. I am guessing this is because it's status is blue. Honestly the only reason we have it is to apply the iRule to which then looks for outbound connections, looks at dest ip, and sends from the corrrect SNAT IP. There are no pools associated with it.



    Again I thought if I put a pool on it and pinged the members and got it green the trap would stop and it did, it just broke the irule working like it did before. Hope this makes sense and thanks!


  • can u post actual trap message here?



    i checked /var/run/bigip_error_maps.dat but couldn't find it.