Forum Discussion

Torsten_93742's avatar
Torsten_93742
Icon for Nimbostratus rankNimbostratus
Dec 10, 2013

SNAT statistics and iRule for selecting SNAT IP

Hi, I am trying to setup Exchange 2010 via the BigIP utilizing a SNAT pool.

Following the iApp from [1] and the deployment guide linked there [2] I am using the following iRule to ensure SNAT address persistence together with a SNAT pool:

when RULE_INIT {
 Use a local array to configure SNAT addresses.
 These addresses must be defined in a SNAT pool to ensure TMM
 sends gratuitous ARPs during a failover.
 In this example, we use three addresses. Replace
 these with the IP addresses used in your SNAT Pool.
 Follow the pattern of the existing addresses to add more than three.
set static::snat_ips(0) 10.0.0.1
set static::snat_ips(1) 10.0.0.2
set static::snat_ips(2) 10.0.0.3
}

when CLIENT_ACCEPTED {
 Calculate the crc32 checksum of the client IP.
 Use the modulo of the checksum and the number of SNAT IPs in the array
 to select a SNAT IP address.
snat $static::snat_ips([expr {[crc32 [IP::client_addr]] % [array size static::snat_ips]}])
}

The SNAT pool contains the three addresses, that are used like in the example above. This works quite good but if I take a look at the statistics of the SNAT (Statistics ›› Module Statistics : Local Traffic ›› SNAT Translations) nothing shows up. It seems like when using the iRule for selections statistics were not updated.

Is this a bug or expected behaviour? If expected, can I somehow update the statistics from within this iRule somehow?

Cheers, Torsten

[1] http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13497.html

[2] http://www.f5.com/pdf/deployment-guides/microsoft-exchange-2010-2013-iapp-dg.pdf

application delivery
availability
deployment
devops
iApps
iRules
microsoft
  • Torsten_93742's avatar
    Torsten_93742
    Icon for Nimbostratus rankNimbostratus
    Dec 10, 2013
    Eventually helpful article with additional info and iRules for SNAT persistance: https://devcentral.f5.com/s/articles/exchange2010-snat-pool-persistence
    • Torsten_93742's avatar
      Torsten_93742
      Icon for Nimbostratus rankNimbostratus
      Jan 14, 2014
      Thanks this looks promising, I will try to get write some irule to gather istats about snat selection. As soon as it is finished I'll post it here.
    • Torsten_93742's avatar
      Torsten_93742
      Icon for Nimbostratus rankNimbostratus
      Apr 11, 2014
      Just for the sake of completeness: Finally I did not use istats because we have splunk in place here and for this to work I did add the following line to the iRule to log: log local0. "EXCHANGE_2010_SNATPOOL snat_ip=[lindex $static::snpool [eval {expr $packed_address % [llength $static::snpool] }]]" Then in Splunk I use the following search string to create a graph for the distribution of the connections per SNAT IP: index=f5 EXCHANGE_2010_SNATPOOL NOT lindex | timechart count by snat_ip Alternatively this can be used if you need a percentage: index=f5 EXCHANGE_2010_SNATPOOL NOT lindex | top snat_ip
    • Torsten_93742's avatar
      Torsten_93742
      Icon for Nimbostratus rankNimbostratus
      Jan 14, 2014
      Thanks this looks promising, I will try to get write some irule to gather istats about snat selection. As soon as it is finished I'll post it here.
    • Torsten_93742's avatar
      Torsten_93742
      Icon for Nimbostratus rankNimbostratus
      Apr 11, 2014
      Just for the sake of completeness: Finally I did not use istats because we have splunk in place here and for this to work I did add the following line to the iRule to log: log local0. "EXCHANGE_2010_SNATPOOL snat_ip=[lindex $static::snpool [eval {expr $packed_address % [llength $static::snpool] }]]" Then in Splunk I use the following search string to create a graph for the distribution of the connections per SNAT IP: index=f5 EXCHANGE_2010_SNATPOOL NOT lindex | timechart count by snat_ip Alternatively this can be used if you need a percentage: index=f5 EXCHANGE_2010_SNATPOOL NOT lindex | top snat_ip