F5 LTM SNAT features Question

Dear Ahmed,

this is more a network design question. As you already stated, it's a question where the GW of the servers are pointing to. And of course if the BIG-IP itself has an IP interface in the same VLAN as the servers. But if you are looking to a more generell answer, you need to guarantee, that the response traffic from the server has to go back through the BIG-IP. With SNAT enabled response traffic is forced to go back through the BIG-IP. Otherwise the client is getting the response from the servers IP instead of the VIP. Yes, there might be exceptions for this allowing asynchronous routing, but that's not recommended.

And I don't think your application owner will answer you this question. They normally have no idea about the underlying network design. You as the BIG-IP service owner should have the required network information and knowledge. Also a mixed setup, like it seems to be configured in your case, within the same environment is not recommended.

The main disadvantage of using SNAT is, that the original sourceIP gets lost for the server. For HTTP-traffic you can use the XFF-header, but for other protocols this might be an issue.

Hope that helps!

Regards Stefan 🙂