LTM persistence with a SNAT pool

Hi Kevin,

 

 

Source address persistence is based on the client IP address. Persistence is evaluated before SNAT'ing is done. So you should still be able to use source address persistence with SNAT.

 

 

If I've missed something in your scenario, can you elaborate?

 

 

Thanks,

 

Aaron

Thanks for the quick reply.

 

 

Maybe I am worrying for nothing..

 

 

To further explain..

 

 

Client comes in with an IP of 1.2.3.4 and get load-balanced to server A.

 

 

The packet gets SNAT'd on the way out to 10.1.1.1 and server A sees the connection come from 10.1.1.1

 

 

Client then clicks on a link and another packet comes in to the VIP with source IP of 1.2.3.4 but gets SNAT'd to 10.1.1.2

 

 

So will it go back to server A with source_IP persistence set up? or will server A think it's a different connection because the IP is changed?

 

 

But the LTM is creating the persistence record before the packet leaves then I should be ok.

 

 

Thanks for your help.

 

I don't think there is a way to "persist" the client so the same IP in a SNAT pool is used over multiple TCP connections. Most apps do not check the client IP address though so this shouldn't be an issue. If the app uses NTLM authentication or the web app itself enforces the client IP address does not change over the course of a session, this would be a problem. In that case you might want to use an iRule to select the SNAT IP based on the client IP. If you need to do this, reply here and we can come up with some suggestions.

 

 

Aaron

Thanks Aaron,

 

 

I think the iRule would be a great idea but it's not a vital thing at this point. If you have a quick one already wrote out, I would be glad for the help...but if not, like I said, it's not a mission critical thing at this point.

 

 

Thanks for your help.