Forum Discussion
SSHSSH_97332
Jan 07, 2012Nimbostratus
Source Nat Based on ISP
My device is link controller
i have 2 ISPs , load blancing to them using VS=0.0.0.0/0 , i have 2 pools of addresses & i need to sourca nat the users using pool one if they are balanced to ISP1 & use pool2 if they are balanced to ISP2 ..... how to do that ?
- nitassEmployeecan you try something like this? please make sure you have route for snatpool addresses back to f5 on isp routers.
[root@ve1023:Active] config b virtual bar list virtual bar { pool gateway destination any:any mask 0.0.0.0 rules myrule persist dest_addr } [root@ve1023:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } [root@ve1023:Active] config b snatpool pool1 list snatpool pool1 { members 1.1.1.1 } [root@ve1023:Active] config b snatpool pool2 list snatpool pool2 { members 2.2.2.2 } [root@ve1023:Active] config b snat translation 1.1.1.1 list all snat translation 1.1.1.1 { enable limit 0 tcp timeout indefinite udp timeout indefinite ip timeout indefinite arp enable unit 1 partition Common } [root@ve1023:Active] config b snat translation 2.2.2.2 list all snat translation 2.2.2.2 { enable limit 0 tcp timeout indefinite udp timeout indefinite ip timeout indefinite arp enable unit 1 partition Common } [root@ve1023:Active] config b rule myrule list rule myrule { when LB_SELECTED { switch [LB::server addr] { "172.28.19.253" { snatpool pool1 } "172.28.19.254" { snatpool pool2 } } } } [root@ve1023:Active] config b arp|grep -i 172.28.19 ARP 172.28.19.253 - 00:50:56:B3:03:7F VLAN external expire 114s resolved ARP 172.28.19.254 - 00:01:E8:D5:D4:47 VLAN external expire 152s resolved [root@ve1023:Active] config tcpdump -e -nni 0.0 port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes 09:22:15.139645 00:50:56:b3:01:0b > 00:50:56:b3:01:0a, ethertype 802.1Q (0x8100), length 78: vlan 4093, p 0, ethertype IPv4, 200.200.200.101.44085 > 8.8.8.8.80: S 3607310868:3607310868(0) win 5840 09:22:15.139752 00:50:56:b3:00:b5 > 00:50:56:b3:03:7f, ethertype 802.1Q (0x8100), length 78: vlan 4094, p 0, ethertype IPv4, 1.1.1.1.44085 > 8.8.8.8.80: S 3607310868:3607310868(0) win 5840 [root@ve1023:Active] config tcpdump -e -nni 0.0 port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes 09:23:07.224591 00:50:56:b3:01:0b > 00:50:56:b3:01:0a, ethertype 802.1Q (0x8100), length 78: vlan 4093, p 0, ethertype IPv4, 200.200.200.101.52668 > 9.9.9.9.80: S 3931052886:3931052886(0) win 5840 09:23:07.224700 00:50:56:b3:00:b5 > 00:01:e8:d5:d4:47, ethertype 802.1Q (0x8100), length 78: vlan 4094, p 0, ethertype IPv4, 2.2.2.2.52668 > 9.9.9.9.80: S 3931052886:3931052886(0) win 5840 [root@ve1023:Active] config b persist show all PERSISTENT CONNECTIONS | Mode dest addr Value 8.8.8.8 | virtual any:any node 172.28.19.253 age 76sec | Mode dest addr Value 9.9.9.9 | virtual any:any node 172.28.19.254 age 27sec
- SSHSSH_97332NimbostratusThanks alot nitass, but can you tell me what is that on GUI as i don't know bout CLI
- SSHSSH_97332Nimbostratusi have 1 internal vlan & 2 External ISPs
- nitassEmployeevirtual is at local traffic > virtual servers
[root@ve1023:Active] config b pool gateway list pool gateway { members { 172.28.19.253:any {} 172.28.19.254:any {} } }
- SSHSSH_97332NimbostratusThanks alot nitass
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects