Forum Discussion
EmployeeMigrating between Traffic Groups when using SNAT Pool
I need to migrate many Virtual Servers between 2 devices using Traffic Groups. Using TMSH, it's simple to move each Virtual Address between Traffic Groups (K53040085 ).
However, most of these Virtual Servers use one of a few SNATPools. With a SNATPool, the source IP is chosen using "Least Connections". SNAT Pool members on the egress VLAN are preferred over other IP's, but that's the only priority applied (K7820). While it is possible to assign SNAT Pool members to a Traffic Group (K02610993), this does not affect the priority in which SNAT Pool members are used.
Testing this is simple. The result is that if multiple Virtual Servers use the same SNAT Pool, and some are migrated the new Traffic Group, I have IP conflicts on the network. This occurs because both devices will process traffic for different Virtual Servers, but forward to pool members using the same source IP's.
My ideas for overcoming this problem are:
- Migrate all VS's using the same SNAT Pool at the same time (there are thousands, so this is not realistic)
- Create a new SNAT Pool with new IP addresses. For every VS that uses a SNAT Pool, the migration must update the TG of the Virtual Address, and also re-configure the VS to use the new SNAT Pool. (more complex automation and touching of large config)
- Similar to #2: create a new SNAT Pool, write an iRule for SNAT Pool selection, and attach it to every VS that uses a SNAT Pool. (example).
I have thousands of Virtual Servers. I must move them in groups using automation. I want to touch my BIG-IP configuration as little as possible. If you have any other ideas, please help!
