Forum Discussion

Nicolas_ROMERO_'s avatar
Nicolas_ROMERO_
Icon for Nimbostratus rankNimbostratus
Dec 30, 2015

iRule SNAT for multiple ISP

Hi,   I tried to configure an iRule to SNAT specific LAN to a specific ISP (wan link). When I bind this iRule to my default VS (in fastL4) the iRule doesn't match when I generate traffic from my l...
application delivery
iRules
isp
LTM
snat
Nicolas_ROMERO_'s avatar
Nicolas_ROMERO_
Icon for Nimbostratus rankNimbostratus
Jan 28, 2016

Hi Guys,

 

We are approaching the goal !

 

Using the FastL4 still doesn't work because as Kai explain, I have to configure different route for some specific LAN.

 

I switch the default VS to a Forwarding IP + iRule. It works with the LAN which have the iRule with next-hop but with others LAN which have the irule with the pool gateway I still have some timeouts because in the capture I see that the BIGIP still route some traffic through the incorrect Link.

 

I though that it was because the default VS have a pool which include the specific Link used by the iRule next-hop. I disble this link on the defautl pool and IT WORKS! I just would like to confirm with you if i'm right and if this is the correct configuration. To summerize : - VS_default in Forwarding IP with iRule (which route traffic through a specific next-hop for LAN1 and on the other hand a SNAT-pool for all others LAN) - Default_pool (bound to default_vs) : with two links (except the specific link for LAN1) - A SNAT_pool : to SNAT all LAN except the LAN1 - A SNAT : to SNAT the LAN1 on a specific Public_IP on the Link1 network.

 

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Jan 28, 2016
    Hey Romeo. You can't have pools on a "Forwarding (IP)" virtual. You may use a pool for the default_gw on your route domain. But is this required? Note: I tend to not use any default_gw_pools but use HSRP/VRRP on the upstream routers instead... ;-) Cheers, Kai
  • Nicolas_ROMERO_'s avatar
    Nicolas_ROMERO_
    Icon for Nimbostratus rankNimbostratus
    Jan 28, 2016
    Hi, Okey, I remove the pool on the Default_VS. You're right, I have a default route with a default_gw_pool which have 2 routers from 2 different ISP. That's why I have to use a pool. I also optimize the configuration deleting the SNAT entry for LAN1 because the SNAT is performed by the iRule. So now i think that everything is OK !
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Jan 28, 2016
    Glad to hear, that you've finally solved your Multi ISP / SNAT nightmare ;-)