For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

wowchens's avatar
wowchens
Icon for Nimbostratus rankNimbostratus
Jun 17, 2008

Design Issues with F5 LTM for IIS and .Net Remoting

Please help with a design issue that I am having.     At one of my client here we have a requirement to setup F5 LTM for load balancing a couple of .Net Remoting Application Servers. These ...
config
design
Deb_Allen_18's avatar
Deb_Allen_18
Historic F5 Account
Jun 17, 2008
Denny: Quick clarification on the SNAT solution:

The nature of the applications here is that, 90% of the apps are 2-tiered, meaning web servers directly talk to Database and other back end stuff without an intermediate app layer. If we use SNAT, I am wondering how the servers will be able to talk to these backend systems as the return traffic will not have a route to the servers, since they would return to the servers private IP.

The SNAT translation will translate the source to an address held by LTM. LTM will forward the traffic to the DB with an LTM source address, and track the connection in the SNAT table. When the response comes back from the db, it will be bound for the LTM address. When the response gets to LTM, the SNAT is reversed, and the response is forwarded to the original requester:
 
         clientIP 
            | ^ 
            V | 
           VS-IP 
    ------------------- 
    |      (LTM)      | 
    ------------------- 
          SNAT-IP 
            | ^ 
            V | 
          serverIP

The client never sees the server's real IP, and the server never sees the client's real IP. As long as the destination device has a route back to the LTM address, traffic will flow as expected.

hth

/deb