mbrandon32
Jan 16, 2022Cirrus
SNAT Persistence
We have two virtual servers that will need to serve the same SNAT IP from a SNAT pool for the same client IP address.
Is there a way to accomplish this?
We have two virtual servers that will need to serve the same SNAT IP from a SNAT pool for the same client IP address.
Is there a way to accomplish this?
I don't know if it is possible but maybe test if match across option does help.
https://support.f5.com/csp/article/K5837
Also maybe see if you can use two pools on one Virtual server or have one primary virtual server that redirects to the two other virtual servers:
https://clouddocs.f5.com/api/irules/virtual.html
You may also test this irule:
https://community.f5.com/t5/crowdsrc/snat-pool-persistence/ta-p/284232
I think we can create a datagroup that maps client IP to snat IP and apply an iRule to snat.
1. Create SNAT datagroup
ltm data-group internal client_snat_map {
records {
192.168.10.34 {
data 10.1.0.7
}
192.168.10.35 {
data 10.1.0.8
}
}
type string
}
2. Create iRule and apply to the virtual server
when LB_SELECTED {
if { [class match [IP::client_addr] equals client_snat_map] } {
snat [class match -value [IP::client_addr] equals client_snat_map]
}
It I think it can work and by using the same irule on different VIP to have some sort of Persistence. Still if you want see the dynamic way with hashing based on the client source ip address and maybe test it as it also should produce the same match accross Virtual servers :
https://community.f5.com/t5/crowdsrc/snat-pool-persistence/ta-p/284232