Forum Discussion
NimbostratusDYNAMIC SNAT Question
New to F5 and iRules, seeking assistance in creating an iRule to perform a dynamic SNAT rule. I have the LTM set up with a network for my VIP’s and a network for source NAT. What we want to do is grab the 4th octet of the VIP address and use it as the 4th octet on the source NAT network.
Example: VIP Network = 10.1.90.0/24 SNAT Network = 10.1.91.0/24 Create VIP 10.1.90.100, when I assign a pool to the VIP automatically have the SNAT address assigned to be 10.1.91.100. Having numerous SNAT pools will be difficult to manage and prone to mistakes We have numerous VIP’s to migrate from the Cisco ACE and having a specific source NAT address for each VIP makes trouble shooting issues easier to do with a specific SNAT address per VIP.
Any assistance or guidance on getting me started on this would be very helpful.
3 Replies
- Kevin_Stewart
Employee
Not sure about automatically assigning a SNAT address based on pool assignment, but here's something that might work:
when LB_SELECTED { if { [class match [LB::server addr] equals snat_assign_test_dg] } { snat [class match -value [LB::server addr] equals snat_assign_test_dg] } }Where "snat_assign_test_dg" is a sample address-based data group. Example:
Address (network): 10.70.0.0 Mask: 255.255.255.0 Value: 10.70.0.100This will assign a SNAT address based on pool member selection, as defined in the data group.
RKnudson_131750Kevin Thanks for the repley, I will fumble around with it and see what I can get working with it. complete iRule virgin here so any guidedence is appreciated. Thanks for you input.
- Kevin_Stewart
Very well. Then perhaps something like this:
when CLIENT_ACCEPTED { scan [IP::local_addr] "%*d.%*d.%*d.%d" lastoctet snat 10.1.91.$lastoctet }
