Forum Discussion
tyler_94987
Nimbostratus
NimbostratusLC ISP load balancing with SNAT question
Hi All.
My customer is using LC1600 v9.4.5 to do ISP LB.
They have multiple ISPs within a data center. Each ISP has their own gateway and different ip subnet.
I configure two vlans on 1600: external and internal. And add all ISP ip on external, private ip on internal.
Say if there are only 2 isps. I will need to add 2 VS to map to one server pool. And customer needs those servers to do SNAT with VS ip. That is, server can use VS ip to access to internet.
Customer has almost 200 server pools. And each ISP has almost 200 VS. And worse, I have to configure SNAT pool for each server pool to use their own SNAT pool. So I need to configure a lot of things on 1600...
My question is, for SNAT part. Is there any better way like writing an iRule to tell if this is from server pool then I will do SNAT for it with VS ip address?
And I am wondering if SNAT pool will know when do SNAT for the correct ISP?
6 Replies
- The_BhattmanWell a combination of a looking at the remote IP or the server IP you can choose which SNAT to use and which one you don't have to.
Here are some examples:
http://devcentral.f5.com/wiki/default.aspx/iRules/snat.html
http://devcentral.f5.com/wiki/default.aspx/iRules/snatpool.html
I hope this helps
CB 
tyler_94987cmbhatt thanks for your reply.
I am kinda looking for a solution like this:when LB_SELECTED { if { ([LB::server addr] eq "1.1.1.254") and ([matchclass [IP::client_addr] equals $::ip_server]) } { snat 1.1.1.X } else if { ([LB::server addr] eq "2.2.2.254") and ([matchclass [IP::client_addr] equals $::ip_server]) } { snat 2.2.2.X } }
I don't know how to map 1.1.1.X and 2.2.2.X to server's Virtual Server ip address. Is there any variable to auto replace 1.1.1.X and 2.2.2.X to ip_server's Virtual Server ip address?- The_BhattmanIf you have version 9.4 or higher then I believe you can direct the request to a virtual
http://devcentral.f5.com/Wiki/default.aspx/iRules/virtual.html
CB - tyler_94987Hi cmbhatt.
Let me explain it in more detail.
There are 3 different subnets on LC:
external: 1.1.1.1/24, 2.2.2.2/24
internal: 3.3.3.3/24
There are two ISP routers:
1.1.1.254/24, 2.2.2.254/24
There are around 200 internal servers.
For example. 3.3.3.10~3.3.3.200
And each ISP should have Virtual Server mapping to each server.
For example. VS 1.1.1.10 and VS 2.2.2.10 map to 3.3.3.10. VS 1.1.1.11 and VS 2.2.2.11 map to 3.3.3.11 and so on.
And each server should use their VS ip for SNAT ip for outbound connection.
For example. server 3.3.3.10 should use snatpool with member 1.1.1.10 and 2.2.2.10. 3.3.3.11 should use 1.1.1.11 and 2.2.2.11 and so on.
So, what I am trying to do here is to find a better way for doing this configuration. Any suggestions? - The_BhattmanBased on what I am reading you want a each server assigned 2 possibles from a snat block of 1.1.1.x or 2.2.2.x (depending on which path it takes) and from the details you explained you want to match it up by the last octet of the IP. From what I can tell this can be done on a smaller scale, but 200 internal servers will make for a
The following example can take the address of the client (the client is 3.3.3.0/24) and you can parse it
scan [IP::client_addr] %u.%u.%u.%u first second third last
Now each octet is in variable first, second, third, last
You can use that to assign a specific snat based on where the request is coming from and where it's going I.E. "snat 1.1.1.$last"
CB - dennypayne
Employee
Posted By tylerchen on 03/28/2009 9:30 AM
And I am wondering if SNAT pool will know when do SNAT for the correct ISP?
It will, but only if they are on different Links, which need to be on separate VLAN's usually. I don't think it will work the way you have it with both 1.1.1.x and 2.2.2.x on the same VLAN.
And unfortunately I don't see a better way of doing this across the 200 apps than you have already described.
Denny
