Forum Discussion

aj1's avatar
aj1
Icon for Nimbostratus rankNimbostratus
May 02, 2015

IP Forwarding Virtual Server v/s SNAT

Trying to understand the difference between the two. Can either one of them be used for forwarding traffic from load balanced nodes (private addresses) to the internet?

 

We have LTMs in an HA pair that are configured with both a wildcard IP forwarding vserver and a SNAT pool (containing standard virtual server addresses). An irule is being used on the forwarding vserver that SNATs a node to its public standard vserver address for anything originating from the node and destined to a host on the internet. From what i understand, LTM can forward traffic (from nodes to the internet) only using a IP forwarding vserver. That is the closest way to emulate the same behavior as a stateless router, which works just fine for now.

 

I'd like to know if SNAT is another way to do the same (forwarding). If it is, can we delete the forwarding vserver and only configure a SNAT object, and still make the internal nodes connect to the internet through the LTM?

 

Would also like to get an opinion on keeping standard vserver addresses inside a SNAT pool, so that individual SNAT addresses can be referenced in an irule for selectively SNAT'ing a set of nodes to their vserver address. We recently did this, and traffic from the internal nodes (mail servers specifically) to certain destinations just didn't work. We have done a lot of packet captures and are still clueless.

 

Any explanation or config pointers would be great. Thank you!

 

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    aaaa,

     

    On your first point, yes you can use a SNAT object to forward traffic without the need for a forwarding IP vs. A SNAT is a listener just like a virtual server (and a NAT too).

     

    N