resources on same VLAN

Question

As I am new to F5 LTM, have ACE and CSS experience, I am in need of some guidance on the best way to handle the flow of traffic as follows

Nodes in the pool are in VLAN X, web services, that need to access DB server in the same VLAN X.

As I understand it, assuming I am, I could do a snat using the IP of the VIP or an Irule if i have it right)

when CLIENT_ACCEPTED {

if { [IP::addr [IP::client_addr] equals x.x.x.x/bit mask }{

snat automap

}

Is the above correct? is there a better way?

Thanks in advance

hooleylist · Answer

Hi Stuart, 
&nbsp;  
&nbsp; If all clients are on the same subnet as the servers being load balanced, you could just enable SNAT on the virtual server (either automap or an explicit pool) without using an iRule.  Else, you could use that iRule if you only want to apply SNAT for a specific subnet(s).  Here's an option for using SNAT only when the client and server are on the same subnet: 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/iRules.SelectiveSNAT.ashx 
&nbsp;  
&nbsp; Aaron

colin_walker_12 · Answer

Aaron's right, you don't need an iRule for this and would likely be better served without one. But just in case you try your iRule, you're missing a bracket 😉

when CLIENT_ACCEPTED { 
  if { [IP::addr [IP::client_addr] equals x.x.x.x/bit mask] }{ 
    snat automap
  }   
}

Colin (The pedantic coder)

Forum Discussion

resources on same VLAN

2 Replies

Recent Discussions

Sugar Defender:Order from sugar.defender.com

Fitspresso: The Perfect Morning Coffee to Jumpstart Your Weight Loss

Tetra Bliss CBD Gummies Reviews and Where to buy

Blue Steel Gummies:Order from blue.Steel.gummies.com

Kerassentials: Order now from - kerassentials.colibrip.com

Related Content

DevCentral Resources

OWASP Resources for Security Education and Training

OWASP Tactical Access Defense Series: Unrestricted Resource Consumption

F5 Resources for COVID-19

BIG-IP Terraform Resources