For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rick_Turner_771's avatar
Rick_Turner_771
Icon for Nimbostratus rankNimbostratus
Jul 02, 2010

Same Segment Load Balancing

I have a new requirement to provide same segment load balancing. Up till now we've used the LTMs only for pass-thru load balancing. Basically client on VLAN1 to servers on VLAN2.   Now I have w...
application delivery
dev
devops
iRules
Rick_Turner_771's avatar
Rick_Turner_771
Icon for Nimbostratus rankNimbostratus
Jul 15, 2010
Thanks for the replies. I've had a couple conversations with my SE and he has encouraged us to perform the SNAT against a virtual server rather than all traffic like I was driving. There are pros and cons for both directions. The SE is conviced that this will be more difficult than SNAT against a virtual. He did come back with an iRule that SNATs to the virtual address rather than the SNATPOOL. I like this in that it virtually eliminates my concern to running out of ephemeral ports. This tested out nicely in my lab.

 

 

when LB_SELECTED {

 

set ClientIP [clientside {IP::remote_addr}]

 

set VirtualIP [clientside {IP::local_addr}]

 

set NodeIP [LB::server addr]

 

log local0. "Client: $ClientIP VIP: $VirtualIP Node: $NodeIP"

 

if { [IP::addr $ClientIP/24 equals $NodeIP/24] } {

 

log local0. "Going to SNAT Client: $ClientIP to VIP: $VirtualIP targeting Node: $NodeIP"

 

snat $VirtualIP

 

}

 

}