Forum Discussion

Michael_J__Whee's avatar
Michael_J__Whee
Icon for Nimbostratus rankNimbostratus
Jan 05, 2012

Issues with Backup Software and Forwarding (IP) Virtual Server

We are having issues backing up servers that are behind the F5 devices. They are on the "internal" F5 network, and our backup server is "external" to the F5.

 

 

We have set up a forwarding (ip) virtual server for the "internal" network. However, when we make connections through it, the source IP that the server being backed up sees is the default SNAT IP address.

 

 

 

This breaks the backup process because it relies on DNS resolution to work. So, the server being backed up sees an incoming connection from the SNAT IP, tries to resolve it, and it's different that what it expects, so it bails out.

 

 

 

How do I configure it so that the source IP address is preserved when going through the Forwarding (IP) virtual server? Do I instead need to be using a Forwarding (Layer 2) virtual server?

 

  • if you do not need snat, why won't you remove snat from configuration?

     

     

    anyway, if you want to disable snat on forwarding (ip) virtual server only, can you try "snat none" in irule?

     

     

    snat wiki

     

    http://devcentral.f5.com/wiki/iRules.snat.ashx
  • e.g.

    [root@ve1023:Active] config  b virtual bar list
    virtual bar {
       ip forward
       destination any:any
       mask 0.0.0.0
    }
    [root@ve1023:Active] config  b snat snat_all list
    snat snat_all {
       automap
       snatpool none
       origins default inet
    }
    
    200.200.200.101 is translated to 172.28.19.80 (selfip).
    
    [root@ve1023:Active] config  tcpdump -nni 0.0 icmp
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
    10:23:04.381704 IP 200.200.200.101 > 8.8.8.8: ICMP echo request, id 63498, seq 1, length 64
    10:23:04.383676 IP 172.28.19.80 > 8.8.8.8: ICMP echo request, id 63498, seq 1, length 64
    
    [root@ve1023:Active] config  b virtual bar list
    virtual bar {
       ip forward
       destination any:any
       mask 0.0.0.0
       rules myrule
    }
    [root@ve1023:Active] config  b snat snat_all list
    snat snat_all {
       automap
       snatpool none
       origins default inet
    }
    [root@ve1023:Active] config  b rule myrule list
    rule myrule {
       when CLIENT_ACCEPTED {
            snat none
    }
    }
    
    after applying the irule, 200.200.200.101 is not translated.
    
    [root@ve1023:Active] config  tcpdump -nni 0.0 icmp
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
    10:24:32.153696 IP 200.200.200.101 > 8.8.8.8: ICMP echo request, id 64266, seq 1, length 64
    10:24:32.153863 IP 200.200.200.101 > 8.8.8.8: ICMP echo request, id 64266, seq 1, length 64
    
  • The problem is that we need SNAT for certain things, but we also need to be able to back up these servers behind the LTMs.

     

     

    Are there any other solutions that require less overhead than an iRule?