For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SJ_88814's avatar
SJ_88814
Icon for Nimbostratus rankNimbostratus
Oct 08, 2012

iRules conflicting with SNAT'ed requests

I've F5 BIGIP 8900 running TMOS 10.x. My configuration is one-armed wherein client and server blades lie on same network. To avoid server blades responding directly to client, i'm SNAT'ng the requests once the F5 load balancing is executed. Distribution is done via iRules which use IP address contained within the request PDU.

 

My problem is while the server blades respond back to F5 (on return path), final response never reach the final destination (client). It seems F5 is not routing the response out to Client. When i remove the iRule from VS config and use a default pool of server blades, i get the correct behaviour. Responses are correctly routed back to client via F5.

 

Clearly, something doesn't work in favour of iRules. Did i miss any critical configuration portion ?

 

application delivery
dev
devops
iRules

2 Replies

  • Richard__Harlan's avatar
    Richard__Harlan
    Historic F5 Account
    Oct 08, 2012
    I would check the /var/log/ltm log file for errors from the iRule, this will point you in the correct direction.
  • Mohamed_Lrhazi's avatar
    Mohamed_Lrhazi
    Icon for Altocumulus rankAltocumulus
    Oct 08, 2012
    Use tcpdump to findout what's happening.

     

     

    final response never reach the final destination (client)

     

     

    why? does it leave the LTM with wrong destination IP? or does not leave the LTM at all? is this TCP or UDP? what protocol is it? what does the iRule do? does it use "snat"? or the SNAT enabled on the virtual server level only?