F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Matt_D_109285's avatar
Matt_D_109285
Icon for Nimbostratus rankNimbostratus
May 05, 2009

Load Balance Outbound Connections

I have a Big-IP v. 4.5   I used to have it load balance inbound traffic for a website. I just erased the config and need to use it to load balance outbound SMTP connections. Pretty simple setup...
config
design
dennypayne's avatar
dennypayne
Icon for Employee rankEmployee
May 12, 2009
Hi Matt,

 

 

So, what's happening is:

 

 

10.0.0.10 makes a connection to 10.0.0.20. The LTM selects a server, let's say 10.0.0.22, and sends the connection to it. If everything is left at default, the LTM preserves the source address of 10.0.0.10 from the client.

 

 

So, 10.0.0.22 goes to respond to 10.0.0.10, which, since it's on the same subnet, it can do directly without going back through the LTM.

 

 

10.0.0.10 receives the packet from 10.0.0.22 and drops it, because he never opened a connection to 22, he opened it to 20.

 

 

You must always SNAT connections like this to prevent asymmetrical packet path. SNAT will change the source IP to an address that lives on the LTM (you can either define an address or use Automap, which uses the self-IP of the LTM). That way, when 10.0.0.22 goes to respond to the client, he thinks it's the SNAT address and therefore sends the response back to LTM, which in turn responds back to the client, which is where the client expects the response to come from.

 

 

Denny