Forum Discussion
hc_andy_35682
Nimbostratus
NimbostratusUnderstanding communication between hosts on the same subnet
Hi All,
I'm trying to get my head around when to use an irule with snat between hosts on the same subnet.
For example:
I have three hosts:
A = 10.10.10.1/24 (node on F5 / inside vlan)
B = 10.10.10.2/24 (node on F5 / inside vlan)
C = 10.10.10.3/24 (machine on the outside / outside vlan)
C wants to talk with A and B directly.
1/ In this example, do I need to configure a FORWARDING_VIP for C to be able to talk to A and B:
Set up FORWARDING_VIP for network 10.10.10.0/24
(Forwarding IP / All Ports / All Protocols)
Apply iRule to FORWARDING_VIP to snat hosts on the outside on the same subnet.
when LB_SELECTED { if {[IP::addr "[IP::client_addr]/24" equals "[LB::server addr]/24"]} { snat automap } }
Set up SELF_IP = 10.10.10.4/24
Set Default Gateway of A and B set to SELF_IP
2/ OR because they are all on the same segment, they should be able to ARP for each other's mac address and communicate at layer 2 so no routing involved???
We've been using option 1 in production for hosts on the same subnet to communicate with each other but now I'm not sure why it's needed (although it's working fine).
I would think hosts on the outside should be able to arp for hosts on the inside at layer 2 w/o any routing - so is the iRule needed? Yeah and I'm confused.
Thanks.
Andy
Beinhard_8950hmm, a little bit confusing this setup, but some clarifying is needed.Host A,B and C is on same subnet but is they on the same Vlan id? pretty important if we talk L2 and if the F5 is the router or you use VRF:s etc.
Or you maybe using routing domains or maybe "group vlan in the F5 to fix the above"?
However, if the F5 isn¨t the router for this vlan (or vlans) then you don´t need to use any snat or forward vip:s and so on. You only need SNAT when host C want to use the VIP for host A and B because of asymmetric routing.
But give some information about your setup.
B