F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Manuel_Gabaldon's avatar
Manuel_Gabaldon
Icon for Nimbostratus rankNimbostratus
Apr 29, 2008

Outbound SNAT matching inbound Virtual Servers

Hi,

 

 

Our customers are always asking us for a load balancing solution that provides bi-directional correspondence between a virtual server address (inbound) and the SNAT address being applied to the real servers belonging to its pool when going outside through our wildcard outgoing virtual server.

 

 

We've been configuring two objects for every virtual server that our customer asks us to define:

 

- A virtual server listening on the public interface (i.e. 4.4.4.4:80) with a virtual server pool (i.e 2.2.2.10:80 and 2.2.2.11:80)

 

- An SNAT that translates traffic coming from the pool (2.2.2.10 and 2.2.2.11) and replaces source IP with the virtual server address (4.4.4.4)

 

 

 

I'm trying to figure out a dynamic way of implementing the SNAT with an iRule, by querying the configuration, but I consider it unelegant. I think it could be done by querying if which pool belongs the source IP to, and then querying which virtual server belongs to, and then apply the SNAT, but I can't find a way of doing it.

 

 

Has anybody tried to address this issue with an iRule?

 

 

Thanks in advance.

 

 

config
design

11 Replies

Show More
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Apr 20, 2010
    Hi Bilal,

    You can create a SNAT pool with the virtual server IP as a member and add that to the virtual server. Or if you want to do this for many virtual servers, you can use an iRule like this: 

    
when CLIENT_ACCEPTED {
    Use the VIP address for serverside source address transaction
   snat [IP::local_addr]
}

    Aaron