Forum Discussion

Nimbostratus

Aug 14, 2013

SNAT Stats from an iRule

Hello, I'm currently using an iRule, on a Viprion 2400 running 11.4.0 HF2, that is handling a large amount of SNAT'd traffic with a data-group. For some reason, I am unable to see any SNAT statis...

Altocumulus

Aug 18, 2013

I was answering someone else's question when it occurred to me an easy way for you to get the stats you want.

First, create a data-group with the client IPs and SNAT IPs in it:

ltm data-group internal test-ip-class {
    records {
        10.1.2.3/32 { 192.168.1.1 }
        10.2.3.4/32 { 192.168.1.2 }
        10.3.4.5/32 { 192.168.1.3 }
        10.4.5.6/32 { 192.168.1.4 }
    }
    type ip
}

Then create a snatpool with each snat IP in it as well (make sure every snat address in the data-group is in the snatpool:

ltm snatpool test-snatpool {
    members {
        192.168.1.1
        192.168.1.2
        192.168.1.3
        192.168.1.4
    }
    partition dmza
}

The apply a rule like this to your virtual. It selects the specific member of the snatpool based on the client ip.

ltm rule test-snat-rule {
    when CLIENTED_ACCEPTED {
        if { [class match [IP::client_addr] equals test-ip-class] } {
            snatpool test-snatpool member [class match -value [IP::client_addr] equals test-ip-class]
        }
    }
}

Note, I haven't tested this

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)