Forum Discussion
NimbostratusSNAT Irule for both inline & non-inline servers
Can anyone please help me with a irule. I have both INLINE[F5 is gateway] & NON-INLINE [either switch or router is a gateway] for a ONE pool of servers, now i need to SNAT NON-LINE servers to automap & need not SNAT INLINE servers. I found the below Irule, but it is not useful for 30 to 40 servers. So is there way to use data groups in the irule. so we create two data groups one for INLINE and other for NON-INLINE.
when LB_SELECTED {
switch [LB::server addr] {
10.10.10.10 { snat none }
default { snat automap }
}
}
when SERVER_CONNECTED {
log local0. "[IP::local_addr]:[TCP::local_port] > [IP::remote_addr]:[TCP::remote_port]"
}
JGCumulonimbus
You can create a data group "inline_servers" and a snat pool "my_snat_pool_1".
when LB_SELECTED { if { [class match [LB::server addr] eq "inline_servers"] } { snat none } else { snatpool my_snat_pool_1 } }.
tsrkkmurthyHi JG,
Thank You for your answer. I made a little change and got what I am looking for.
when LB_SELECTED {
if { [class match [LB::server addr] eq "inline_non_snat_dg"] } {
snat none
} else {
snat automap
}
}
- JG
Good to hear you've got it work for you.
You can always change to use a snatpool should automap prove to be inadequate in future.
- tsrkkmurthy
Hi JG,
I tried to create a snat pool for non-inline servers, but F5 throughs an error "01070725:3:
The requested SNAT translation address 10.10.10.14 is already in use as a pool
member"
So looks like a pool member cannot be used in a snat pool.
- JG
They should be a separate set of IP addresses to be used as the source address by F5 when connecting to your back-end application servers.