Forum Discussion
Yaniv_99962
Mar 22, 2011Nimbostratus
SNAT persistency
Hi F5 experts. i want to achieve the following: 1) I want the F5 to choose an IP in round-robin manner from a SNAT pool and to persist using the same IP from the SNAT pool in case an HTT...
Steve_Brown_882
Mar 23, 2011Historic F5 Account
Hi Yaniv,
Sorry about the typos, I got a bit rushed when I put this together yesterday. Here is an updated version and I changed most of the names to variables so you can call the snatpool and the class anything you like, just update the var. I also fixed the while loop I had something similar in there before but re did the rule before I posted it so I never put it back in. As for sepperate tables I am not sure which would be more efficient, maybe someone else can chime in. Also I have not had a chance to really test and debug this rule, so it may still need some work.
when HTTP_REQUEST {
Set var with username header
set uname [HTTP::header "username"]
The clname var contains the class name, if you want to call it something else change it here.
For the rule to work you will need to create a class matching this name that contains all of the snats.
set clname "snatpool_class"
The search id is used to search the class file.
set searchID [class startsearch $clname ]
The mysnatpool var contains the snatpool name, if you want to call it something else change it here.
set mysnatpool "snatpool_name"
The snattable var contains the snattable name, if you want to call it something else change it here.
set snattable "snat_table_name"
set counter 0
Check to see if the uname already has a snat
if { [table lookup -subtable $snattable $uname] ne "" } {
set snatpool_member [table lookup -subtable $snattable" $uname]
} else {
while { ([class anymore $clname $searchID]) and ($counter ne 999) } {
look up an ip from the class
set snatpool_member [class nextelement -value $clname $searchID]
check to see if the IP has been assigned yet
if { [table lookup -subtable $snattable -notouch $snatpool_member] eq "" } {
add snat assignement to tables
table set -subtable $snattable $snatpool_member $uname 300
table set -subtable $snattable $uname $snatpool_member 300
local log entry this should be changed to a highspeed log off box.
log local0.info "Snat assignment of $snatpool_member made to $uname"
Set counter var to 999 to end the loop
set counter 999
}
}
}
snatpool $mysnatpool member $snatpool_member
HTTP::header remove "username"
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects