Forum Discussion
swo0sh_gt_13163
Altostratus
AltostratusOneConnect and SNAT
Dear Folks,
I have got confused while learning OneConnect, need your help for better understanding. I am referring SOL7208 and got stuck with following line under the section OneConnect and SNATs.
When a client makes a new connection to a BIG-IP virtual server configured with a OneConnect profile and Secure Network Address Translation (SNAT), the BIG-IP system parses the HTTP request, selects a server using the load-balancing method defined in the pool, translates the source IP address in the request to the SNAT IP address, and creates a connection to the server. When the client's initial HTTP request is complete, the BIG-IP system temporarily holds the connection open and makes the idle TCP connection to the pool member available for reuse. When a new connection is initiated to the virtual server, the BIG-IP system performs SNAT address translation on the source IP address, and then applies the OneConnect source mask to the translated SNAT IP address to determine whether it is eligible to reuse an existing idle connection.
Please help me understanding the BOLD lines.
Thank you,
JGCumulonimbus
There are plenty of examples of the use of OneConnect in sol5911:
http://support.f5.com/kb/en-us/solutions/public/5000/900/sol5911.htmlBasically, it is the SNAT address, instead of the client's real IP address, that is evaluated to determined the eligibility of a new request to re-use an existing idle connection.
swo0sh_gt_13163Thank you Jie,
The article helped a lot.
- swo0sh_gt_13163
In case if someone wants to refer more comprehensive article about OneConnect, please refer the following OneConnect Deployment Guide.
https://www.f5.com/pdf/deployment-guides/oneconnect-tuning-dg.pdf