Forum Discussion
NimbostratusForce one of the snat IPs to a pool member
Hi guys,
I am looking for a solution for this:
I have a SNAT pool with 2 IPs, and I have a POOL with two pool members. POOL is using this SNAT pool.
Is it possible ( with irule or without ) to force the first snat ip to the first pool member?
For example:
SNAT pool:
10.10.10.1
10.10.10.2
server POOL members:
10.10.10.10
10.10.10.11
When the load balancing method selects 10.10.10.10 as a destination server then use 10.10.10.1 as snat address.
When the load balancing method selects 10.10.10.11 as a destination server then use 10.10.10.2 as snat address.
Thank you in advance.
youssef1Cumulonimbus
Hi,
can you try this one:
when LB_SELECTED { log "lb selected [LB::server addr]" if { [LB::server addr] eq "10.10.10.10" }{ snat 10.10.10.1 } elseif { [LB::server addr] eq "10.10.10.11" }{ snat 10.10.10.2 } else { } }I could not test it, I let you give me a feedback
StephanMantheyNacreous
Hi csobi,
if I got your question right, you want to stick to a member of a snatpool based on the poolmember selected. Ideally this works dynamically without specifying the members of the snatpool and serverpool. You may want to use a concept as described below. (It´s a similar concept but makes sure a client gets always connected to a poolmember with the same SNAT address. And yes, it can be put down as an unreadable one-liner as well.)when HTTP_REQUEST { determine associated snatpool (assigned to virtual server) set snatpool_name [getfield [LB::snat] " " 2] log -noname local0. "snat-pool: ${snatpool_name}" retrieve list of current snatpoool members set snatpool_members [members -list [getfield [LB::snat] " " 2]] log -noname local0. "snat-members ${snatpool_members}" determine number of snat addresses in pool; can be retrieved via llength too set snatpool_count [members [getfield [LB::snat] " " 2]] calculate modulus for last digit of client IP address set snatpool_index [expr {[getfield [IP::remote_addr] "." 4]%${snatpool_count}}] log -noname local0. "snat-pool-index ${snatpool_index}" determine snat address from pool set snatpool_select [lindex [lindex ${snatpool_members} ${snatpool_index}] 0] log -noname local0. "snat-select ${snatpool_select}" specify the snatpool member snatpool ${snatpool_name} member ${snatpool_select} } when SERVER_CONNECTED { log -noname local0. "server-connect [IP::local_addr]:[TCP::local_port]=>[IP::remote_addr]:[TCP::remote_port]" }Instead you would use the event LB_SELECTED to determine the selected node and figure out its list index in the list of serverpool members. Now use the determined index as modulus for the list of snatpool members. (Fortunately the
functions work for snatpools as well.)membersBe aware, that under TMOS v12 it turned out, that variables iniated under CLIENT_ACCEPTED dont seem to be generally available in other contexts when using HTTP/2.
That´s why my sample evaluates the SNAT IP in the context of the HTTP_REQUEST event. Cheers, Stephan PS: Please let me know, if you need further help with your specific use case.