Forum Discussion
NimbostratusSNAT traffic between Ingress interfaces
I noticed sth interesting on F5 LTM:
I'm using version 11.5.4, I have 2 VS VLANs configured on the LTM
10.1.1.0/24 (selfIP 10.1.1.254) 10.2.2.0/24 (selfIP 10.2.2.254)
also a server VLAN (egress) 192.168.10.1 (selfIP 192.168.10.254) default route configured as 0.0.0.0 0.0.0.0 --> 10.1.1.1 I created a VS with IP 10.2.2.10 with 2 servers in the pool: 10.125.10.10 and 10.125.10.11
so these 2 backend servers are not on any VLAN's directly configured on the LTM. Hence I have to do SNAT. then sth caught my eyes:
when I do auto map, the source IP will be NAT'ed to be egress interface selfIP 192.168.10.254 and then go out by default gateway to reach the backend server. then the TCP connection breaks.
I have to SNAT the VS to a specific IP on the VLAN 10.1.1.0/24, then the source IP will be SNAT to that IP and TCP session established.
so it seems to me the ingress interfaces cannot pass traffic to each other directly. Anyone has the same experience and insight on this too?
1 Reply
PeteWhiteEmployee
I think the answer is about SNAT automap self-IP ie which self-IP it will use. For resilience it will always prefer to use a floating IP address. You can see this here: https://support.f5.com/kb/en-us/solutions/public/7000/300/sol7336.html?sr=58481983
Add a floating self-IP ( ie in traffic-group-1 ) to the egress VLAN and you shoudl find that it uses that instead.
