Forum Discussion

vvskaladhar_488's avatar
vvskaladhar_488
Icon for Nimbostratus rankNimbostratus
Dec 22, 2016

irule to Source NAT specific IP address to avoid asymmetric routing

HI All,   I have an issue related to asymmetric routing. can some one pls help .   problem :   I have Source and Destination are in same subset 10.250.8.x./23 and F5 is gateway for them. I h...
application delivery
iRules
Ed_Summers's avatar
Ed_Summers
Icon for Nimbostratus rankNimbostratus
Dec 22, 2016

If I understand correctly, you only want to snat if the source of the traffic hitting the virtual server is in 10.250.8.0/23.

  1. You could create a SNAT object with 10.250.8.0/23 as the origin. Since no SNAT is configured on the virtual service, this SNAT object would take effect for traffic sourced from that subnet. However this may not be your desired solution as it may impact traffic from that subnet connecting to other virtual services or simply transiting the device. Added here just as an option.

  2. Add the subnet 10.250.8.0/23 to a datagroup (let's call it "source_network") and match in an iRule. Something like (untested - verify operation prior to applying in production):

    when CLIENT_ACCEPTED {
if { ([class match [IP::client_addr] equals source_network] } {
    snat automap
}
}

You could replace automap snat with a snat pool if desired. See this answer for an example. Additional subnets can be added to the datagroup later if needed.