Forum Discussion
Simple balancing doesn't work
- Apr 10, 2022
Hi Lucas,
Is SNAT active on the virtual server? If SNAT is not active, your connection may fail due to asymmetric traffic. When you telnet over the CLI, there is no connection problem because the source IP is F5. The same goes for monitor requests.
K7820: Overview of SNAT features:
https://support.f5.com/csp/article/K7820
Hi Lucas,
Is SNAT active on the virtual server? If SNAT is not active, your connection may fail due to asymmetric traffic. When you telnet over the CLI, there is no connection problem because the source IP is F5. The same goes for monitor requests.
K7820: Overview of SNAT features:
https://support.f5.com/csp/article/K7820
HI Enes_Afsin_Al, thank you for reply.
I read the page you linked me, and understand the concept behind SNAT, now is working. What I did is create a simple SNAT where external network 10.3.0.0/24 is translated to 10.2.0.3 (so the internal F5 interface), so that NODE can reply.
Before SNAT, I did a trace on one of the server NODE and I can see:
So, node receives SYN from external client (10.3.0.128) but is not able to reply since NODE cannot reach that IP. That's probably the reason because it doesn't work.
After using SNAT, NODE receives packet from internal F5 interface IP and is now able to reply to that interface:
Am I right? Is what i did correct?
./Lucas
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com