F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

George_Lombard_'s avatar
George_Lombard_
Icon for Nimbostratus rankNimbostratus
Jan 10, 2012

SNAT pool member with IP conflict caused by F5?

Guys,

 

 

We have a couple F5 LTMs load balancing between a few web servers.

 

The LB has the following SNAT pool specified:

 

 

ltm snatpool WebServer_SNAT_Pool {

 

members {

 

10.3.1.36

 

10.3.1.37

 

10.3.1.38

 

10.3.1.40

 

}

 

}

 

 

We had to reboot one of the pool members and when it came up, complained about duplicate IP conflict error on the 10.3.1.x interface.

 

 

I logged a ticket with F5 Support and they told me that it's the normal behavior of the LB that it hold onto the SNAT IP which is hard to believe.

 

 

Now every time we have a system crash, server maintenance, etc. we have to delete the IP from the pool temporarily on the active LB before booting the host up, than to re-add it again.

 

 

Is there any way to change this feature of the product or we have to live with it?

 

 

Thank you.

 

 

George

 

config
design

3 Replies

  • mikand_61525's avatar
    mikand_61525
    Icon for Nimbostratus rankNimbostratus
    Jan 10, 2012
    As I understand the SNAT-pool is which ip the F5 will use as srcip towards the true destination.

     

     

    If that is the case then of course your machines (true destination) shouldnt have any of the particular ip addresses binded to any of its interface (since the F5 already binded them).

     

     

    In the persistence profile (for example a custom source_addr rule) I would suggest to alter the timeout for how long (of idle time) you want to bind a particular client to a particular destination server but also set on fail to reject. If one of your servers falls out of the pool the client(s) connected to this particular server will get a reject for next packet which will result in that the client will try to re-establish its connection to the vserver where the vserver takes a new loadbalancing decision (where the failing server is no longer part of the pool) and *poff* your client gets a fresh connection to one of the still functioning servers.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 10, 2012
    ltm snatpool WebServer_SNAT_Pool {

     

    members {

     

    10.3.1.36

     

    10.3.1.37

     

    10.3.1.38

     

    10.3.1.40

     

    }

     

    }just a quick question. what are 10.3.1.36, 10.3.1.37, 10.3.1.38 and 10.3.1.40? are they web servers (pool members)' address? if so, why do you want bigip to use web servers' address when sending traffic to web servers?

     

     

    is there anything i misunderstood??
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Jan 11, 2012
    I'm a bit confused on this one too. If you're snatting to the IP of your web servers, then yes, that is going to cause some confusion. Could you describe what it is you're doing with this deployment? Perhaps there is a better way around things than a snatpool in this case.

     

     

    Colin