Forum Discussion

George_Lombard_'s avatar
Icon for Nimbostratus rankNimbostratus
Jan 10, 2012

SNAT pool member with IP conflict caused by F5?




We have a couple F5 LTMs load balancing between a few web servers.


The LB has the following SNAT pool specified:



ltm snatpool WebServer_SNAT_Pool {


members {







We had to reboot one of the pool members and when it came up, complained about duplicate IP conflict error on the 10.3.1.x interface.



I logged a ticket with F5 Support and they told me that it's the normal behavior of the LB that it hold onto the SNAT IP which is hard to believe.



Now every time we have a system crash, server maintenance, etc. we have to delete the IP from the pool temporarily on the active LB before booting the host up, than to re-add it again.



Is there any way to change this feature of the product or we have to live with it?



Thank you.





3 Replies

  • As I understand the SNAT-pool is which ip the F5 will use as srcip towards the true destination.



    If that is the case then of course your machines (true destination) shouldnt have any of the particular ip addresses binded to any of its interface (since the F5 already binded them).



    In the persistence profile (for example a custom source_addr rule) I would suggest to alter the timeout for how long (of idle time) you want to bind a particular client to a particular destination server but also set on fail to reject. If one of your servers falls out of the pool the client(s) connected to this particular server will get a reject for next packet which will result in that the client will try to re-establish its connection to the vserver where the vserver takes a new loadbalancing decision (where the failing server is no longer part of the pool) and *poff* your client gets a fresh connection to one of the still functioning servers.
  • ltm snatpool WebServer_SNAT_Pool {


    members {








    }just a quick question. what are,, and are they web servers (pool members)' address? if so, why do you want bigip to use web servers' address when sending traffic to web servers?



    is there anything i misunderstood??
  • Colin_Walker_12's avatar
    Historic F5 Account
    I'm a bit confused on this one too. If you're snatting to the IP of your web servers, then yes, that is going to cause some confusion. Could you describe what it is you're doing with this deployment? Perhaps there is a better way around things than a snatpool in this case.