For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jason_Keating's avatar
Jason_Keating
Icon for Altostratus rankAltostratus
Mar 04, 2008

IP Forwarding or Multiple VLANs

Hi,     I have some virtual servers on my external VLAN and a search engine on my internal VLAN, I'm using the search engine to index content on the virtual servers.     I see two ways of ...
config
design
The_Bhattman's avatar
The_Bhattman
Icon for Nimbostratus rankNimbostratus
Mar 05, 2008
It sounds like you want something called VIP bounceback.

 

 

I can only think of 3 ways to do this.

 

 

Way 1: Autosnat all requests from the VIP.

 

 

Way 2 : Use an IRULE and datagroups

 

 


when CLIENT_ACCEPTED {
if { [matchclass [IP::remote_addr] equals $::dg_internal]} {
  snat automap
 }
}

 

 

What 3 use irule and switch command.

 

 


when CLIENT_ACCEPTED {
  switch [IP::remote_addr] {
    "IP ADDRESS/MASK" { snat automap }
    "2nd IP ADDRESS/MASK" { snat automap }
  }
}

 

 

Way 1 will work but it snats EVERYTHING coming into the Virtual server

 

Way 2 will work and selectively snats based on the Clients IP address. The irule is reusable

 

Way 3 might be more efficient because it doesn't use a datagroup object, but the code cannot be reused because the "IP Address/MASK" is specifically in the IRULE statements

 

 

My personal preference is WAY 2, but you can use any of these.

 

 

I hope this helps.

 

 

CB