Forum Discussion
rubbishking_110
Nimbostratus
NimbostratusQuery on using iRules with SNAT
Hi Experts,
I need help on configuring LTM to support the following scenarios.
There are three machine and two LTMs. one of the machine is acting as a client, while the others are servers.
The connection between client, servers and LTM (not the management subnet) are all located in the same subnet/VLAN.
The packet flow is shown below.
0. Assume pool="pool1" has member server1, and pool="pool2" has member server2.
1. Client send a packet to LTM on virtual IP (IP1)
2. The iRules in the LTM extract and check some specified strings and decide which pool to be used.
3. F5 will changed the source address (original is = cleint IP) using SNAT before sending to server according to the iRules detection.
4. Server response the packet and send an acknowledgement back to virtual IP (IP1).
5. Now, the iRules will check the packet again and then send to client.
6. Before sending to client, again, the source address (original is = server IP) is SNAT.
Question:
1. on point 3, can the SNAT address set as virtual IP 1(IP1)?
2. same question on point 6.
-rk
hoolioCirrostratus
You can configure LTM to use any IP address for source IP translation without a rule. You can create a snat pool and add the virtual server IP as the pool member. Then set the VIP to use the SNAT pool.
Hopefully, the pool members have a route back to LTM for the VIP address. If the VIP and servers aren't on the same subnet and the servers don't have LTM as their default gateway, they may not have a route back.
If you did want to use an iRule for some reason, you can use the snat command (snat 1.1.1.1) where 1.1.1.1 is the address you want to use for the source IP translation.
Aaron