Forum Discussion

Bciesz_171056's avatar
Feb 24, 2017

Choose SNAT based on URL in HTTP_REQUEST

Hi, Due to lack of external IPs I have two URLs that are resolved to a single IP. This IP is further NATTED to an internal IP in my network (the one of a VS on F5). Based on URL in HTTP_REQUEST an iRule is sending traffic to a node in one of two networks: 10.0.0.32/27 (VLAN 1001) and 10.0.0.64/27 (VLAN 1002)

when HTTP_REQUEST {
switch -glob [string tolower [HTTP::host]] {
"*.url1.com*"{
node 10.0.0.83 80
log local0 "Redirected to live pool [HTTP::host]"
}
"*.url2.com*"{
node 10.0.0.41 80
log local0 "Redirected to live pool [HTTP::host]"
}
}
}

The VS has (now) has VLAN and Tunnel traffic enabled on VLAN 1002 and address 10.0.0.88 in it's SNAT pool list.

Due to my DC design when a VS is in the same subnet as the node everything is perfect. When the subnet is different the traffic needs to go through same firewall couple of times and it makes any future troubleshooting difficult.

What i would like to achieve is to force F5 to use a different SNAT address, depending on which URL it received the traffic. I tried adding VLAN 1001 to enabled VLANS in VS, adding address 10.0.0.60 to SNAT pool and adding a line:

snat 10.0.0.60
to the second part of the iRule. Needles to say no luck, and so far only the works fine, and does not.

I have version 12 if that's relevant.

  • I believe, we can set SANT based on every condition. can you please try in stage environment or non prod hour with these irule & let us know if any help require.

    Option 1.

         when HTTP_REQUEST {
            switch -glob [string tolower [HTTP::host]] {
            "*.url1.com*"{
            snat 10.0.0.60
                    node 10.0.0.83 80
                    log local0 "Redirected to live pool [HTTP::host]"
            }
            "*.url2.com*"{
            snat 10.0.0.52
                    node 10.0.0.41 80
                    log local0 "Redirected to live pool [HTTP::host]"
                    }
                }
             }  
    

    Option 2. Create two different pool & add nodes as per below details & try

    Pool A Member: 10.0.0.83 80

    Pool B Member: 10.0.0.41 80

     when HTTP_REQUEST {
        switch -glob [string tolower [HTTP::host]] {
        "*.url1.com*"{
        snat 10.0.0.60
                pool A
                log local0 "Redirected to live pool [HTTP::host]"
        }
        "*.url2.com*"{
        snat 10.0.0.52
                pool B
                log local0 "Redirected to live pool [HTTP::host]"
                }
            }
         } 
    
    • Bciesz_171056's avatar
      Bciesz_171056
      Icon for Cirrus rankCirrus

      I tried that. And I even caught the packets going out from 10.0.0.60.

       

      However the problem is no one is listening on 10.0.0.60 for returning traffic...