Forum Discussion

Christopher_Ach's avatar
Christopher_Ach
Icon for Nimbostratus rankNimbostratus
Dec 15, 2008

Load Balancing to mulitple SNAT Pools - VIP Sandwich

Hi

 

 

I have been told that what im trying to do is coined a VIP (virtual server) Sandwich, but im not sure how to configure it or if it can be done better via a Irule

 

 

Issue:

 

Internal Traffic destined for Internet passes through a LTM. Essentially I want to perform a SNAT on the traffic but I want to load balance the traffic (ratio LB) across 2 SNAT different Pools.

 

 

The reason for this is I need to control traffic back into my 2 ISP different links. I can control this at my Internet PE via advertising. So I want to SNAT traffic to Public IPs and I want to be able to control the ratio the LB SNATs to the two SNAT Pools

 

 

I was thinking that I could have 3 Vips.

 

first VIP is the front end VIP 0.0.0.0

 

second and third VIP are pool members of the first VIP and have associated SNAT pools on them.

 

They could be FastL4, but im not too sure where to enable the NAT check box and if all 3 VIPs would need to be 0.0.0.0?

 

 

Im trying to think of a way that I can use Irules to do this. The research I have done so far show me ways to snat based on source or dst IP, but I cannot use this method as all source IP must be LB'd and all dest traffic is random

 

 

Also I will have a default route on this LTM to my Internet PE, i.e all the traffic with either SNAT1 or SNAT2 will hit the same GW and then go out one of 2 ISP links that I control via advertising.

 

 

Any Ideas?

 

 

Thanks

 

 

Chris

 

 

 

 

config
design

3 Replies

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Dec 20, 2008
    You could do that if your are at least at 9.4 with the virtual name command, but if I'm understanding your requirement correctly, couldn't you just snat every third connection to a different snat address?

     

  • Christopher_Ach's avatar
    Christopher_Ach
    Icon for Nimbostratus rankNimbostratus
    Dec 21, 2008
    Hi Thanks for your post

     

     

    Im on version BIG-IP 9.2.4 Build 16.0

     

     

    What im trying to do is this

     

     

    I have a incoming traffic stream that I want to SNAT.

     

    I want to control the way I SNAT the incoming traffic based on a pre-defined ratio (60-40).

     

     

    So I want to have 2 separate SNAT Pools with obviously different Subnets in each.

     

     

    Im no sure how to do this, without using an Irule.

     

    I was wondering if anyone has needed to to this before and use a combination of VIPs, like a 0.0.0.0 VIP with its pool members being VIPs themselves that have SNAT Pools associated to them.

     

     

    Chris

     

  • L4L7_53191's avatar
    L4L7_53191
    Icon for Nimbostratus rankNimbostratus
    Dec 23, 2008
    I am not entirely sure that this will meet your requirements, but you may be able to simply use a gateway pool with your two ISP links as pool members, with a ratio of 3:2. Then turn on SNAT automap on your 0.0.0.0 virtual server so the LTM will tag the traffic with the appropriate IP space for the respective links.

     

     

    An even simpler solution may be to create your gateway pool with the appropriate ratios, then use this pool as your default route (see SOL7215).

     

     

    Hope this helps.

     

     

    -Matt