Forum Discussion

marcinq_57637's avatar
marcinq_57637
Icon for Nimbostratus rankNimbostratus
Jun 11, 2012

SNAT with adress range?

Hello.

 

Is it possible to assign address range in SNAT instead of one address?

 

I tested that I can put two addresses in SNAT but what about range.

 

And second question.

 

When I put two addresses every time client sends request the source IP changes like round robin. Is it normal behaviour that can not be avoided?

 

M.

 

basic
getting started
new to f5
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 11, 2012
    Hi,

     

     

    You can create a SNAT pool with multiple addresses for TMM to use to SNAT traffic. If you want to ensure the same SNAT IP is used for the same client IP, you can use an iRule to apply a hash:

     

     

    https://devcentral.f5.com/wiki/iRules.snat_pool_persistence.ashx

     

     

    Aaron
  • marcinq_57637's avatar
    marcinq_57637
    Icon for Nimbostratus rankNimbostratus
    Jun 12, 2012
    Hello hoolio.

     

    Thanks for answering me. But let me ask further for clarification. When I'm talking about SNAT pool whith range for example having class C address

     

    I have 253 adresses that can be used. Do I have put each one by one?
  • El_Jefe's avatar
    El_Jefe
    Icon for Nimbostratus rankNimbostratus
    Jun 27, 2012
    marcinq - I have done exactly what you are doing. By far the easiest way to do it is by modifying the bigip.conf file directly. That is a lot easier than adding them in one by one. Add one, look how it is in the config file, then repeat 253 times, using a spreadsheet or something to count up through the IP addresses. (I used Excel and exported it to .txt) Edit the bigip.conf file as necessary, and then reload the bigip.conf file back to the LTM, and run a "b load" command for 10.x at the CLI or "tmsh load sys config partitions all" command for 11.x... Hope this helps.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 28, 2012
    in case bigpipe is available. 

    [root@ve1024:Active] config  b snatpool test members 1.1.1.{1..5}
[root@ve1024:Active] config  b snatpool test list
snatpool test {
   members {
      1.1.1.1
      1.1.1.2
      1.1.1.3
      1.1.1.4
      1.1.1.5
   }
}
  • El_Jefe's avatar
    El_Jefe
    Icon for Nimbostratus rankNimbostratus
    Jun 28, 2012
    Nitass - is there a TMSH equivalent for that? Would make my life easier occasionally. :P
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 28, 2012
    is there a TMSH equivalent for that? Would make my life easier occasionally. :Pi think there is no equivalent command in tmsh but we may be able to make it using scripting.
  • El_Jefe's avatar
    El_Jefe
    Icon for Nimbostratus rankNimbostratus
    Jun 28, 2012
    Found it. :)

     

     

    tmsh create /ltm snatpool client1_snatpool members add { 1.1.1.50 2.2.2.50 }
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 28, 2012
    tmsh create /ltm snatpool client1_snatpool members add { 1.1.1.50 2.2.2.50 }i thought you meant series of member IP address.
  • El_Jefe's avatar
    El_Jefe
    Icon for Nimbostratus rankNimbostratus
    Jun 28, 2012
    Oops. I thought this would work -

     

     

    tmsh create /ltm snatpool client1_snatpool members add { 1.1.1.{1..5}}

     

     

    I get -

     

    Syntax Error: "1.1.1.2" unknown property
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 28, 2012
    is there a TMSH equivalent for that? Would make my life easier occasionally. :Pit would look like this.

     

     

    CreatePoolMembers

     

    https://devcentral.f5.com/wiki/TMSH.CreatePoolMembers.ashx