SNAT for specific Virtual Servers

SNAT Pool allows using more than 1 IP address for SNAT purpose. Since SNAT is Port-Address-Translation, ephemeral ports on single IP will run out (despite having some 65000 ports, it can run out much faster with certain App/protocols) with increased amount traffic, so SNAT pool allows virtually limitless scalability.

 

 

By assigning SNAT pool or Automap to individual virtual server, you can be selective about which virtual server gets SNAT applied, vs. all. However, if you want to do this for select source IP/client, then you may need to use iRule attached to the virtual server.

Does anyone have an iRule example where you can associate SNAT to selective source IP addresses?

How is the performance of the SNAT working out? Are SNATs done at the ASIC?

hermanaccd,

 

 

You can use the snat (Click here) or snatpool (Click here) commands to apply snat for a specific connection. There are a few examples in the codeshare:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/DestinationSnatUsingDNS.html

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/SelectiveSNAT.html

 

 

macroscape,

 

 

I think you still get partial PVA acceleration with a SNAT:

 

 

 

https://support.f5.com/etc/medialib/kb/pdfs.Par.17692.File.dat/sol4832_9.4-9.4.4.pdf

 

 

In Virtual Server UI acceleration values are displayed based on the configuration of the virtual server. For example, if you have a virtual server configured with Round Robin and a general SNAT, the b virtual show command displays the acceleration for the virtual as Full. However, in the In Packet Path column, the general SNAT has reduced the virtual server to Assist.

 

 

 

 

You can get more detail in SOL4832:

 

 

SOL4832: Overview of Packet Velocity ASIC (PVA) Acceleration features and sub features

 

(Click here)

 

 

Aaron