Forum Discussion

Kalpesh_48932's avatar
Kalpesh_48932
Icon for Nimbostratus rankNimbostratus
Jan 08, 2013

Issue with SNAT

Hello, I have configured VIP with specific SNAT. snat IP is other than the LAN subnet. VIP works with AUTOMAP, however when specific SNAT configure is do not work,

 

 

below is the config of VIP.

 

 

 

virtual r_vs_agr {

 

snat automap

 

pool Pool_AGR

 

destination 10.155.65.39:https

 

ip protocol tcp

 

persist persist_sso

 

profiles {

 

http_sso {}

 

r_clientssl_uat-sso {

 

clientside

 

}

 

serverssl {

 

serverside

 

}

 

tcp {

 

clientside

 

}

 

tcp-lan-optimized {

 

serverside

 

}

 

}

 

vlans INTERCO enable

 

}

 

 

pool Pool_AGR {

 

lb method member observed

 

monitor all my_http_GET and tcp_halfopen_8446

 

members {

 

10.155.51.29:8446 {}

 

10.155.51.30:8446 {}

 

10.155.51.53:https {}

 

10.155.51.54:https {}

 

}

 

}

 

 

 

 

When I configure SNAT with an IP of 10.155.70.x range VIP becomes non accessible.

 

 

I also checked on pool nodes for route and found default route pointing to my core switches from which SNAT IP is accessible with source IP.

 

 

I dont understand, why it is not working with specific SNAT if it works with AUTOMAP. which IP VIP takes to communicate with nodes if automap is configured for VIP?

 

 

Regards,

 

Kalpesh

 

 

config
design

19 Replies

Show More
  • Kalpesh_48932's avatar
    Kalpesh_48932
    Icon for Nimbostratus rankNimbostratus
    Jan 08, 2013
    Yes..ok..I will be doing testing on Friday Morning and will runs this test that time.

     

     

    I can ping floating IP from servers...need to check if SNAT is reachable or not.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 08, 2013
    Can you please confirm me command to verify snat config.. can you try this?

     

     

    b snatpool list

     

    or

     

    tmsh list ltm snatpool
  • Kalpesh_48932's avatar
    Kalpesh_48932
    Icon for Nimbostratus rankNimbostratus
    Jan 08, 2013
    Hi Nitass..I have checked and found that the SNAT is pingable from server.

     

     

    snat configuration is as below

     

     

    SNATPOOL snat_vs_sso

     

    | (cur, max, limit, tot) = (1, 89, 0, 457518)

     

    | (pkts,bits) in = (7.138M, 9.986G), out = (6.000M, 20.94G)

     

    +-> SNAT POOL MEMBER snat_vs_sso/10.155.70.214

     

    | (cur, max, limit, tot) = (1, 89, 0, 457518)

     

    | (pkts,bits) in = (7.138M, 9.986G), out = (6.000M, 20.94G)

     

     

     

    note: SNAT Ip is 10.155.70.214 and not 70.144
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 08, 2013
    I have checked and found that the SNAT is pingable from server.so, routing should be correct. let us see what we get from tcpdump.
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 08, 2013
    If the SNAT is 10.155.70.214, not .144, then do you need to change the route on your core switch?

     

    ip route 10.155.70.144/32 10.155.48.84
  • Kalpesh_48932's avatar
    Kalpesh_48932
    Icon for Nimbostratus rankNimbostratus
    Feb 01, 2013
    Issue has been resolved. It was an issue on self IP which was not allowing to perform HTTP action.
  • prince204_12055's avatar
    prince204_12055
    Icon for Nimbostratus rankNimbostratus
    Jun 08, 2013

    I just met the similar problem.What do you mean by self IP which was not allowing to perform HTTP action?Could you please tell me more about it and the solution?Thx in advance.