Forum Discussion
NimbostratusSNAT Pool members from directly connected network
Hi,
In SNAT Pool creation manual we can read:
4. For the Member List setting:
a. In the IP Address field, type an IP address.
The BIG-IP system uses this address as a SNAT translation address.
Important: This address must NOT be on a directly-connected network.
b. Click Add.
c. Repeat these steps for each IP address that you want to include in the SNAT pool.
Could someone explain this "Important" note to me ? I almost always use addresses from directly connected egress vlans and it works fine. Now I've found this note and I'm confused. Is it because of my misunderstanding of "directly connected"?
2 Replies
youssef1Cumulonimbus
Hi,
As you told, you use addresses from directly connected egress vlans.
- cluster you will use floating.
- standalone you will use self directly connected egress vlans.
When you create a snat pool you have to pay attention about following point:
-
even if you don't use your snat pool (attach snat to vs), F5 answers the ARP queries for that IP address. So don't use an IP that already use (This address must NOT be on a directly-connected network), you risk having an IP conflict...
-
snat pool is an failover object, if you have an cluster and it occur a failover, SNAT IP will failover to and new device active will send gratuitous arp including your IP snat pool.
So overall (This address must NOT be on a directly-connected network) this sentense means that you have to be carefull to not Use an existing IP. under threat of having IP conflict problems...
Hope it's clear.
regards,
roraczOoook. Absolutely agree about ip conflict concern. I thought it's obvious - contrary to this a little bit confusing "Important" note...
Thanx.
