Forum Discussion

marcinq_57637's avatar
marcinq_57637
Icon for Nimbostratus rankNimbostratus
Apr 18, 2012

SNAT more explained

Hello.

 

I'm learning bigip (using some materials from training I was long time ago) and I'm confused with SNAT.

 

 

I theory section there is picture and explanation as follow

 

 

Internet

 

|

 

10.10.10.201

 

[BIGIP]

 

|

 

-----+------

 

| | |

 

A B C

 

 

A=172.16.20.1

 

B=172.16.20.2

 

C=172.16.20.3

 

 

According to SNAT created Translation 10.10.10.201, Origin All addresses (but I assume A,B,C) All Vlans,

 

 

Arrows for traffic are from A,B,C towards internet.

 

 

My understanding:

 

Does it mean now that A,B or C can origin connection to any Internet address and src IP A,B,C will be replaced with 10.10.10.201?

 

 

And important question: how bigip shuld now where to route requests when going to any internet address from A,B,C. Default gw should do the work or some VIP with default gateway?

 

 

Now. I'm asking because LAB does something different thats why I'm confused.

 

 

1. Having pc in internet (external vlan) one should do connection to IP 10.10.10.100 (Which I assume is from earlier task created VIP having pool A,B,C). As a result should have been connected to one of A,B,C and checking source IP should show 10.10.10.201.

 

But why is this example for?

 

Is it imporant what is source IP from external network to internal network? If this lab success then A, B or C should answer to pc. So how it knows where to route when src Ip will be snated to 10.10.10.201

 

 

2. Then they ask to create route on PC to 172.16. network with default gw as floating IP.

 

And now the task is to connect to A and check source IP which again should be 10.10.10.201. Even more confused. Idea is to screen internal adresses of pool nodes and give VIP to external network. So why route in this example?

 

 

Do I understand SNAT different or even wrong?

 

 

 

 

 

 

  • Does it mean now that A,B or C can origin connection to any Internet address and src IP A,B,C will be replaced with 10.10.10.201?yes

     

     

    And important question: how bigip shuld now where to route requests when going to any internet address from A,B,C. Default gw should do the work or some VIP with default gateway?snat listener object will use routing table on bigip e.g. default gateway.

     

     

    1. Having pc in internet (external vlan) one should do connection to IP 10.10.10.100 (Which I assume is from earlier task created VIP having pool A,B,C). As a result should have been connected to one of A,B,C and checking source IP should show 10.10.10.201.

     

    But why is this example for?source is translated to 10.10.10.201 since snat listener object still applies even traffic hits virtual server e.g. 10.10.10.100. if you do not want to translate source, you may enable snat listener object on only internal vlan.

     

     

    2. Then they ask to create route on PC to 172.16. network with default gw as floating IP.

     

    And now the task is to connect to A and check source IP which again should be 10.10.10.201.it works since return traffic is sent to bigip (floating ip) which then is translated to correct real client ip address.

     

     

    hope this helps.