F5 Issue

is snatpool and pool really correct? one is vlan12 but the other one is vlan25.

 

 

virtual reversenpath_vlan20_vs {

 

snatpool vlan12_sp <<<<<

 

pool reversenpath_vlan25_pl <<<<<

 

destination any:any

 

mask 0.0.0.0

 

profiles fastl4_reversenpath_default {}

 

vlans 20 enable

Sorry about that...a typo..correct config is as below

 

 

virtual reversenpath_vlan20_vs {

 

snatpool vlan12_sp

 

pool reversenpath_vlan12_pl

 

destination any:any

 

mask 0.0.0.0

 

profiles fastl4_reversenpath_default {}

 

vlans 20 enable

 

 

configuration looks ok to me except vlan name. anyway, i think it might be a typo.

 

 

have you tried to capture packet?

 

tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x or host 63.25.36.7

 

x.x.x.x is client ip

Will generate the dump and let you know.

 

 

meanwhile, want some clarifications,

 

 

A) This virtual has no VIP, how will then the client access this virtual ?

 

 

B) Assuming, a client is sending a request to this virtual,what will the commd, do to the client request.?

 

 

genseek

 

A) This virtual has no VIP, how will then the client access this virtual ? i understand you are asking about wildcard virtual server e.g. any:any. the wildcard virtual server accepts traffic destined to any ip address. anyway, you know we have to make sure client traffic passes through bigip e.g. routing.

 

 

B) Assuming, a client is sending a request to this virtual,what will the commd, do to the client request.? you may use "b conn" command to display active entry in connection table.

Is it normal to use SNAT pool command, as if i'm correct is used to change the source address of the client.

 

 

The below Snat pool command,

 

 

< snatpool vlan12_sp >

 

 

is it being used for the same purpose?

 

Is it normal to use SNAT pool command, as if i'm correct is used to change the source address of the client. yes, it is.

 

 

is it being used for the same purpose? it is also used to force return traffic coming to bigip before sending back to client since source address is translated to bigip selfip when sending request to pool member (server). this is needed because pool member's default gateway might not be bigip. so, return traffic will go to client directly.

A) This virtual has no VIP, how will then the client access this virtual ? i understand you are asking about wildcard virtual server e.g. any:any.

 

 

 

 

here any IP...means? Does it mean any from the specific pool?

 

or sopmething else.

 

 

If the client has to sent packet to this virtual, what virtual IP....will it be sending request to? Or will it be directly to pool ip, 63.25.36.1?

here any IP...means? Does it mean any from the specific pool?

 

or sopmething else.it means any destination address and any destination port.

 

 

If the client has to sent packet to this virtual, what virtual IP....will it be sending request to? Or will it be directly to pool ip, 63.25.36.1?client sends packet to real destination address. pool i.e. 63.25.36.1 is gateway the packet is sent to. when sending packet to the gateway, destination address and destination port won't be changed i.e. they are still real destination address and destination port as client sends.

 

 

this is not really exact what you are asking but hoping it can give you some idea how bigip works with wildcard virtual server and gateway pool.

 

 

LTM: Per-VLAN Default Gateways by Deb

 

http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/247/LTM-Per-VLAN-Default-Gateways.aspx

 

 

hope this helps.

 

Normally, when reversenapth is configured for a VIRTUAL, what would or should be the pool server gateway?

 

 

Upstream router or F5 ?