Forum Discussion
SNAT and Next hop based on Node address
vbhugra Any particular reason you can't always have a static route for the single host that is behind the router? In addition to that I do not recommend using snat automap and instead I would use a snatpool and then use the IP of the virtual server in question in that snatpool and name that snatpool as SNAT-<VS_IP>. The other thing I would do is create 2 pools, one for the device directly connected to the F5 and then the other with the device that is behind the router. After you have done that you should be able to use the following iRule to accomplish what you would like. Make sure the pool that has the pool member that is directly connected to the F5 is associated as the default pool for the Virtual Server in question.
when CLIENT_ACCEPTED priority 500 {
set DEFAULT_POOL [LB::server pool]
}
when HTTP_REQUEST priority 500 {
if { [active_members [LB::server pool]] == 0} {
snatpool SNAT-<VS_IP>
pool POOL-ServerBehindRouter
} else {
pool ${DEFAULT_POOL}
}
}
Hello Paulius,
The reason for not having a static route is we have clients coming from different interfaces.
The second thing is we do not have HTTP traffic coming to this VIP. we have TCP traffic (SQL).
What else we can have other than HTTP_REQUEST?
when CLIENT_ACCEPTED priority 500 {
set DEFAULT_POOL [LB::server pool]
}
when <> priority 500 {
if { [active_members [LB::server pool]] == 0} {
snatpool SNAT_REP
pool DBS5G_REP_REMOTE
nexthop /DBS/DBS_CLIENT_174 10.219.30.65
} else {
pool ${DBS5G_REP_LOCAL}
}
}
- PauliusNov 15, 2023MVP
vbhugra The following iRule should work for the SQL communication.
when CLIENT_ACCEPTED priority 500 { set DEFAULT_POOL [LB::server pool] if { [active_members [LB::server pool]] == 0} { snatpool SNAT-<VS_IP> pool POOL-ServerBehindRouter } else { pool ${DEFAULT_POOL} } }
I do not see why you cannot have the permanent route in place even if traffic is coming from different interfaces because the way the F5 reaches it will always be the same direction.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com