Forum Discussion
NimbostratusSNAT of source IP based on destination port
Hi,
I am new to F5 and I'm trying to achieve the following setup:
1) I have two Geo-Redundancy Load Balancers that are in Active/Standby mode (one per site). 2) I have four Site-Local Load Balancers that are also in Active/Standby mode (two per site).
On the Geo-Redundancy ones I have VIPs that are pointing towards the VIPs of the Site-Locals and then towards the nodes. I am currently using only ports 8000,8002,10021 and 25. The Geo-Redundancy Load Balancers have LACP trunks towards the uplink and currently I can see that the requests are going via the TRAFFIC IP assigned to this PO interface (based on routing) which is normal. I got requested to change the source IP in the communication between the Geo-Redundancy Load Balancers and the Site-Locals because of Firewall. I am a bit lost now and not sure how to continue. Should I use iRules or Address Translation Pools? It's important to say that currently I have worked only via the web interfaces of the LB because it was quite friendly and not familiar with the CLI so far.
Device specifications: BIG-IP 2000 Version: BIG-IP 11.4.1 Build 637.0 Hotfix HF3
1 Reply
If the traffic for which you want to change the Source IP is handled by an LTM Virtual Server, then one way to do this is to create and attach a snat pool to the virtual. You can also do this via irules (or possibly Local Traffic policies in the GUI), but you only need to do this if you need to apply the SNAT selectively based on some logic, because the virtual server will snat everything to the selected pool of addresses unless told otherwise by irules or LT policies).
If the traffic is not handled via a Virtual, but is rather device originated traffic (such as config-sync traffic) then you have to change the self-IP of the corresponding VLANs through which the traffic exits.
