100+ Internal VIPs in AWS
Amazon Web Services (AWS) limits the number of private/public IPs that you can attach to an interface. The following is a workaround to create a private network within an Amazon Virtual...
Published Dec 20, 2016
Version 1.0Eric_Chen
Employee
Joined May 16, 2013
Eric_Chen
Employee
Joined May 16, 2013
Eric_Chen
Feb 19, 2019Employee
Gary,
Yes, you need to disable SRC/DST check. The SRC IP of the BIG-IP will still be the private address on the ENI, you do not need to SNAT to the 172.16.10.x network.
Hypothetical packet capture:
Client: 10.1.10.10
BIG-IP: 172.16.10.10 (fake), 10.1.20.10 (real)
Backend: 10.1.20.100
Client (src: 10.1.10.10, dst: 172.16.10.10) -> BIG-IP (src: 10.1.20.10, dst: 10.1.20.100)
-> Backend (src: 10.1.20.100, dst: 10.1.20.10) -> BIG-IP (src: 172.16.10.10, dst: 10.1.10.10)
-> Client
Eric