Forum Discussion

Ian_Cartwright1's avatar
Icon for Nimbostratus rankNimbostratus
Nov 29, 2011

Link Controller and outbound NAT

Hello All,



I've inherited an F5 Link Controller that is being used to load balance two ISPs. It is not doing any inbound load balancing at all (no Listeners or Wide IPs are configured). There are three Load Balancing Pools: default_gateway_pool for round robin load balancing across both ISPs, prefer_ISP1 to force traffic to ISP1 (but fail back to ISP2 if necessary), and prefer_ISP2, which does just the opposite of prefer_ISP1. I also have four virtual servers, one for load balancing general outbound traffic (wildcard, all ports) that points to default_gateway_pool, and three other virtual servers that are wildcards for specific ports ( port 22, etc.) and point to one of the other pools to force traffic to one ISP or the other.




Right now, all the virtual servers have Address Translation and Port Translation enabled and no SNAT pool assigned. All the pools have Allow SNAT and Allow NAT enabled.




I need to turn NAT off for all outbound traffic (the traffic is already NATed at the firewall inside the LC and needs to keep the addresses from the firewall, and yes they are public addresses).




My main question is what happens of traffic goes out one one ISP and comes back in on the other? Will the LC drop the traffic (like a firewall) or will it pass it back to the source IP address (like a router)?






3 Replies

  • Hi Ian,



    I am sure i am missing something but if you "talk" with public address from ISP1 why the response will come on public address from ISP2 ?


    If the tcp connection is establish beetween (client , one of yours public address) and (server somewhere in the internet) , i can't see a reason why will send traffic to a diiferent IP.






  • It wouldn't, but if the packets going from to go out through ISP1, the response packets coming back from to could potentially come back through ISP2 (which is a different interface on the Link Controller). Would those response packets be dropped because they are seen on a different interface? That's what a firewall would do.









  • Hi Ian,



    I think you can set the db key, connection.vlankeyed, to disabled to prevent LTM from dropping responses which come back on a different interface than they left on.



    bigpipe db Connection.VlanKeyed disable