Forum Discussion

EIT_Network's avatar
EIT_Network
Icon for Altostratus rankAltostratus
Feb 07, 2019

SNAT-AutoMap , IP Enforcer & AXR

Hi All,

 

Would like to have clarity of "Source Address Translation" Option Under VS in LTM. While drop down there are 03 available options. 1- SNAT , 2-AutoMap , 3- None. What are specific importance of each one.

 

Requesting to please help to me understand SNAP and Automap in easiest way along with a example. I know there are lot many documents available for SNAT and AutoMap but still there is confusion.

 

Also requesting to provide information on "IP Enforcer" and "AXR" . What are the roles and improtance.

 

Regards

 

application delivery
LTM
  • Dylan_375544's avatar
    Dylan_375544
    Icon for Cirrocumulus rankCirrocumulus
    Feb 07, 2019

    Well, for SNAT:

     

    Automap basically means that the system will translate the source address from the clients original address to a floating IP on the BIG-IP. It will pick a floating IP over a non floating one even if the non floating one is in the correct subnet, so make sure you have a floating in the correct subnet to reach your backend servers.

     

    SNAT without automap basically means that the system will SNAT to a POOL of IP addresses that you have configured.

     

    NONE means that the system will not translate the clients source IP address. That can cause asynchronous routing if the BIG-IP is not the default gateway for your backend servers.

     

    Hope that helps! If it does please up-vote and select this answer, it'd be greatly appreciated!

     

    -Dylan

     

    • Stephane_Viau's avatar
      Stephane_Viau
      Icon for Nimbostratus rankNimbostratus
      Feb 07, 2019

      Did you inherit a few old boxes and are wondering what to do with them? :)

       

      IP Enforcer was part of ASM back in firmware 10.x, and the ARX (I assume by AXR you meant ARX) product line, which was used to proxy/load balance file servers, has been discontinued a while ago.

       

    • EIT_Network's avatar
      EIT_Network
      Icon for Altostratus rankAltostratus
      Feb 08, 2019

      @ Dylan,

       

      As Understand,

       

      Automap - If Client actual IP is 10.10.100.99 and F5 Floating IP is 172.16.100.1. Then on respective pool members hits will be visible from source 172.16.100.1 (which is Floating IP). It is correct ?

       

      How AutomAp and Xforwarder rule can be distinguish then ?

       

      Requesting if you can clear SNAT (2nd reply, If we select SNAT from drop down list) with an example.

       

      For None - In our case BIG-IP is not the default gateway of any pool member, Gateway is our Spine(Core Switch) even BIG-IP floating IP gateway is also Spine/Core Switch . How does this impact.

       

    • Dylan_375544's avatar
      Dylan_375544
      Icon for Cirrocumulus rankCirrocumulus
      Feb 08, 2019

      Yes, that is correct for Automap.

       

      HERE is info on how you add the X-Forwarded-For header.

       

      Not sure what you mean by "clear SNAT with example"

       

      SNAT without Automap would require you to configure a list of IP addresses that the system would STAT to rather than it SNATing to a floating IP address.

       

      If your BIG-IP is NOT your default gateway for your backend servers, you would need to have SNAT or SNAT Automap enabled for the traffic to be forced back through the BIG-IP on its way back to the client.