Forum Discussion
dmoon57_23603
Nimbostratus
Nimbostratusis snat the solution?
here's my situation:
I have two servers that have two apps listening on separate ports (one listening on 8080, the other on 8081). The server's default gateway is not the LTM. On the LTM, I ha...
hoolio
Cirrostratus
CirrostratusHere is a simplified version of the trace:
11:26:46.095783 - Client:54403 > VIP:8081: SYN
11:26:46.095802 - VIP:8081 > Client:54403: SYN ACK
11:26:46.096034 - Client:54403 > VIP:8081: . ACK
11:26:46.096252 - SNAT:54403 > Node:8081: SYN
11:26:46.096317 - Client:54403 > VIP:8081: PSH ACK
11:26:46.195878 - VIP:8081 > Client:54403: . ACK
11:26:47.096001 - SNAT:54403 > Node:8081: SYN
11:26:48.296162 - SNAT:54403 > Node:8081: SYN
11:26:49.496319 - SNAT:54403 > Node:8081: SYN
11:26:50.695996 - VIP:8081 > Client:54403: R ACK
11:26:51.698644 - Client.54408 > VIP:8081: SYN
11:26:51.698663 - VIP:8081 > Client.54408: SYN ACK
11:26:51.699132 - Client.54408 > VIP:8081: . ACK
11:26:51.699335 - SNAT:54408 > Node:8081: SYN
11:26:51.699341 - Client.54408 > VIP:8081: PSH ACK
11:26:51.798994 - VIP:8081 > Client.54408: . ACK
You can see that the node never responds to the SNAT address to estabblish a TCP connection. If you capture a trace on the node, do you see the response going out a different interface?
If you try the same test with SNAT automap, LTM should use a self IP on the node's subnet and the response should be sent back to LTM on the same interface the node received the request on. I'm surprised that SNAT automap wouldn't work here.
Aaron
