Forum Discussion

Nimbostratus

May 05, 2009

Load Balance Outbound Connections

I have a Big-IP v. 4.5 I used to have it load balance inbound traffic for a website. I just erased the config and need to use it to load balance outbound SMTP connections. Pretty simple setup...

config

design

dennypayne

Employee

May 12, 2009

Hi Matt,

So, what's happening is:

10.0.0.10 makes a connection to 10.0.0.20. The LTM selects a server, let's say 10.0.0.22, and sends the connection to it. If everything is left at default, the LTM preserves the source address of 10.0.0.10 from the client.

So, 10.0.0.22 goes to respond to 10.0.0.10, which, since it's on the same subnet, it can do directly without going back through the LTM.

10.0.0.10 receives the packet from 10.0.0.22 and drops it, because he never opened a connection to 22, he opened it to 20.

You must always SNAT connections like this to prevent asymmetrical packet path. SNAT will change the source IP to an address that lives on the LTM (you can either define an address or use Automap, which uses the self-IP of the LTM). That way, when 10.0.0.22 goes to respond to the client, he thinks it's the SNAT address and therefore sends the response back to LTM, which in turn responds back to the client, which is where the client expects the response to come from.

Denny

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)