Forum Discussion
NimbostratusSNAT automap on non-floating-ip egress interface
Hi All,
Have an urgent issue on an Active/Standby LTM pair with SNAT Automap configured on the virtual server. I do NOT have a floating-ip on the server side vlan.
As per following link, the F5 is SNATing to a floating-ip that is NOT the egress interface:
http://support.f5.com/kb/en-us/solu...l7336.html
This is causing assymetric routing and killing my connection.
Unfortunately, I am unable to configure a floating as there are no IPs left in the network range (selected long time ago and out of my control).
I can setup a SNAT pool with the egress non-floating-ip of the Active unit as a member but then traffic will fail in failover scenario. Similar, if I put both active and standby non-floating IPs it will round-robin select them and I'll lose half the traffic.
Is there a way to ensure that the SNAT address uses the non-floating self-ip of the Active unit?
Thanks
James
4 Replies
hoolioCirrostratus
Hi James,
Here's a quick and dirty example that should allow you to specify a different SNAT IPs per BIG-IP in an HA pair:
Longer term, it would be better to specify a new SNAT IP in a SNAT pool for more graceful handling of failovers. Aaronwhen RULE_INIT { set static::hostname [info hostname] } when CLIENT_ACCEPTED { switch $static::hostname { unit1.example.com { snat 1.1.1.1 } default { snat 1.1.1.2 } } }
James_78615Thats awesome, just what I was looking for...thanks for the quick response!- hoolioI forgot to use the static namespace for the variable Can you use the updated example above?
Aaron 
What_Lies_Bene1FYI, should you need to 'enable' asymmetric routing, disable VLAN Keyed Connections;
Menu path: System > Configuration > Local Traffic > General > VLAN-Keyed Connections
Tmsh command path: [tmsh] modify sys db connection.vlankeyed value disable
