OneConnect with SourceMask

Question

Looking for an explanation on OneConnect with SourceMask 255.255.255.255 Are new connections made for each new client connection or is the same connection used from the same client even though client Ip's would be different? Since OneConnect uses a SNAT would the SNAT IP be the only Client IP that is being reused based on source mask?

nathe · Answer

ShadowBot,&nbsp;
Without SNAT, OneConnect configured with a 255.255.255.255 mask means that idle serverside tcp connections will only be re-used for the same, returning client (assuming it has the same IP address at the time of the previous connection).&nbsp;
With SNAT then the source IP is SNATed first and THEN is evaluated for the mask. In this case, all new connections, using the same SNAT address will re-use those idle connections.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

OneConnect with SourceMask

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

AST Configuration Assistance

Adding logging to APM per-request policy without SWG license

Single LTM with multiple GTM domains

License activation

Syslog server not visible in GUI

Related Content

How OneConnect Profile works with Cookie Persistence

What is HTTP Part VII - OneConnect

Lightboard Lessons: OneConnect

How OneConnect Profile's max-size works

oneconnect (Source Prefix Lengt = None)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS