Forum Discussion
sstaples2_87446
Nimbostratus
NimbostratusMaintain the Src IP while SNATing to multiple pools
All,
Apologies if this is answered here already -- I looked for a while and could not find it, but please directly to that thread if appropriate.
I have BigIP LTM 9.4.4 and I need a configuration to allow pools of source IP addresses to SNAT to a common IP on the "internal" side.
So in a simplified example, servers are pooled together, and I want the target server to see a common IP address for all servers in a pool, but this IP needs to be unique across different pools.
I hope my diagram doesn't make the question more confusing. Everything is on the same as the LTM is being used in a "loopback" configuration just to translate within the same subnet. I need a common VIP (IP/port) used by all client servers in the network:
+- F5 LTM ----------------+ + server --+
Server A --\ | IP A --\ | | |
Server B ------> | IP B -----> SNAT_POOL_1 | <-> | src IP 1 |
Server C --/ | IP C --/ | | |
| | | |
Server D ------> | IP D -----> SNAT_POOL_2 | <-> | src IP 2 |
Server E --/ | IP E --/ | | |
+-------------------------+ +----------+
I've created SNAT lists containing the client server IPs (A,B,C,D,E) and associated these with created SNAT pools containing the new source IP (1,2). When I create the VIP, I need to associate a specific SNAT_POOL, auto-map which uses the self IP, or none which passes through the client server IP. I don't see how I can get the combination.
Is it possible?
Thanks in advance for your help.
-Scott
sstaples2_87446BTW -- I have successfully done this with an iRule. We already have a complex iRule in place inspecting the packet and making routing decisions based on specific payload. We are very concerned with performance, and I was hoping to keep this clean within core functionality. If the only way to do it is an iRule than I'll be interested to confirm that as well.
If this isn't core functionality, what is the purpose of the Origon IP Address list in the SNAT definition?
Thanks Again.
hoolioCirrostratus
Hi Scott,
Do you want to apply the source address translation based on source IP no matter which VIP the client makes a request to? Or do you want to apply the SNAT only to a specific VIP?
For the former, you can create a standard SNAT with a list of origin addresses which will get mapped to a single translation address (or a pool of addresses using a SNAT pool). Or for the latter case, if you want to apply a specific translation address to specific client addresses on a particular VIP, you'd need to use an iRule to specify which source addresses to apply the SNAT for. The non-iRule SNAT option on the VIP would apply to all client connections.
You can get details on these options in the LTM config guide:
Manual Chapter: Configuration Guide for BIG-IP Local Traffic Management: 13 - Configuring SNATs and NATs:
(Click here}
Aaron- sstaples2_87446Aaron -- Thanks for the info.
It's the former case, but in all my tweaking of configuration to/from various options I hadn't removed the SNAT assocaition on the virtual server which overrides the generic SNAT configuration. Setting this back to "none" resulted in the expected outcome. Thanks for your feedback.
Cheers,
Scott