Forum Discussion
SNAT is not working in a one-arm configuration.
- Jul 19, 2023
Could you add the follow irule to the virtual server?
when HTTP_REQUEST { # Disable the stream filter for client requests STREAM::disable } when HTTP_RESPONSE { # Disable the stream filter for server responses STREAM::disable # Enable the stream filter for text responses only if {([HTTP::status] == 200) && ([HTTP::header value Content-Type] starts_with "text")} { # Replace '10.100.100.200' with '10.200.6.1' STREAM::expression {@10.100.100.200@10.200.6.1@} # Enable the stream filter STREAM::enable } }
Altough F5 is deployed in a one-arm configuration, it might be helpful to separate client- and server- side connections to understand the flow better.
Your client x.x.x.x requests HTTP page via the VIP, accessing http://10.200.6.1
F5 accepts connection, selects WP server 10.100.100.200 as a destination and opens a new server-side connection to that IP.
Let's discuss the NAT scenario:
- Without SNAT, client x.x.x.x address isn't changed ;
- with automap, client x.x.x.x address is NAT-ed via the egress interface IP
- with a custom NAT pool, you can set 10.200.6.1 as NAT address
In first scenario, server response will be routed to x.x.x.x directly, unless you have a route that points to F5. I believe this might be one of the reasons your URL changes, but I'm not sure about it.
In second and third scenario, traffic will return via F5. In this case, F5 should forward server response through client-side connection in a transparent way, and client should only see 10.200.6.1 in the url. In one-arm setups, NAT is often applied to "force" symmetric traffic return through F5. I believe it might suit your environment too.
When you update WP server page, it should not affect how F5 processes this traffic. As long as you access an existing uri (via Virtual Server IP) you should be able to see WP page.
Thank you for the reply.
First, I wanted to use BIG-IP VE to route the communication after page transitions through a load balancer (LB), similar to the second or third scenario.
However, even after configuring SNAT and Automap, it seems like the pages are still directly accessing the WP servers.
I checked Looking at the ” Module Statistics : Local Traffic ›› SNATs”, it's all zero,
so SNAT may not have been applied.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com