Forum Discussion
TJ_Vreugdenhil
Cirrus
CirrusSNAT node to VIP iRule
Hey everyone -
- V13
- All nodes point to F5 as default gateway
- Forwarding IP VIP 0.0.0.0
We would like outbound connections from each node to SNAT to it's respective VIP IP. Does someone have a configuration/iRule that will work for this? Also, if there was a way to use the same iRule for each VIP (without IP changes), that would be ideal.
So based on configuration below, how can node1 (10.4.55.10) SNAT from existing VIP (10.3.0.10) ?
ltm virtual VIP1 {
destination 10.3.0.10:5986
ip-protocol tcp
mask 255.255.255.255
pool POOL1
profiles {
tcp { }
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
}
ltm pool POOL1 {
members {
NODE1:5986 {
address 10.4.55.10
session monitor-enabled
state up
}
}
monitor tcp_half_open
}
ltm virtual vs_0.0.0.0_any {
destination 0.0.0.0:any
ip-forward
mask any
profiles {
fastL4 { }
}
source 0.0.0.0/0
translate-address disabled
translate-port disabled
}
net route external_default_gateway {
gw 10.3.0.1
network default
}
net self FLOATING_IP {
address 10.4.55.1/24
allow-service all
floating enabled
traffic-group traffic-group-1
unit 1
vlan NODE1_VLAN
}
Leonardo_SouzaCirrocumulus
There are many ways to do that, I will give a couple ones.
First option, multiple virtual servers.
You could create multiple forward virtual servers with destination 0.0.0.0/0 and source as the server ip, and with the snap pool with the IP you want.Second, single forward virtual server, and irule + datagroup. The iRule would perform the snat based in the source IP and get the snat IP from the datagroup.
Some useful links for that:
https://support.f5.com/csp/article/K14800
https://devcentral.f5.com/wiki/irules.snat.ashx
https://devcentral.f5.com/wiki/irules.class.ashx