iRule to modify the client IP to Virtual Server IP

Question

Hi All, 
&nbsp;  
&nbsp; I quickly need some help in coming up with an iRule to convert the client IP address to a virtual server address so that the server sees the source as VS. 
&nbsp;  
&nbsp; for example client is 10.1.1.1 making a connection to BigIP VS address of 10.2.2.2. 
&nbsp;  
&nbsp; If I do a automap for SNAT, server sees the source IP as one of the floating IP. 
&nbsp; If I do not do any snat, the server sees the source IP as the client IP. 
&nbsp;  
&nbsp; I want the server to see the source IP as 10.2.2.2 for all connections. 
&nbsp;  
&nbsp; It normally takes a while for me to write an iRule but I need some quick help. 
&nbsp;  
&nbsp; Meena

hooleylist · Answer

Hi Meena, 
&nbsp;  
&nbsp; You can create a SNAT pool containing the VIP address and then assign that SNAT pool to the VIP. 
&nbsp;  
&nbsp; Aaron

meena_60183 · Answer

I tried that and it is not working. Basically, I created a snat pool that contained the VS address.  I modified VS by selecting the snat pool I created. 
&nbsp;  
&nbsp; Will this require a loopback interface on the servers to get the routing correctly? The default gateway on the servers is set to be the router in this case and not the BigIP. 
&nbsp;  
&nbsp; Do I need the default gateway to be the BigIP or do I need loopback on the servers or both? 
&nbsp;  
&nbsp; Meena

hooleylist · Answer

If the destination host doesn't have an interface on the 10.2.2.0 (/24?) network it will use its routing table to respond to 10.2.2.2.  That would probably mean it responds through its default gateway, the router.  Does the router have a route back to the BIG-IP for 10.2.2.2?  Changing the server's default gateway to the BIG-IP might work. 
&nbsp;  
&nbsp; Why does the server need to get the request from the VIP address as the source IP? 
&nbsp;  
&nbsp; Aaron

meena_60183 · Answer

I am trying to load-balance print server connections between 2 windows print servers. 
&nbsp;  
&nbsp; When we try to connect to the VS address, we get a network path not found error. However, I can use the ip address of eiher of the print servers (not the VS),I can view all the queues and print to them. 
&nbsp;  
&nbsp; It is working with Cisco CSS. But I did client NAT on the CSS which changes the client's IP to VS. I also remembered that we added a loopback interface on the server for CSS to work. 
&nbsp;  
&nbsp; I am trying the same way on the BigIP but it is not successful. 
&nbsp;  
&nbsp; Meena

hooleylist · Answer

Are you trying to have the server respond back directly to the client?  If so, it should work if without the SNAT.  You'd want the server to get a connection from the BIG-IP with the client's IP as the source (no SNAT) and the destination IP being the VIP (destination address translation disabled).  You'd define the VIP address on the server's loopback interface so that the server would reply back directly to the client using the VIP address.  In the BIG-IP world, this is called nPath routing: 
&nbsp;  
&nbsp; Configuring nPath Routing  
&nbsp; https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_sol_guide_943/sol_npath.html  
&nbsp;  
&nbsp; I'm not sure why this would solve the issue you're seeing with network printing, but it sounds like what you did with the CSS. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

iRule to modify the client IP to Virtual Server IP

8 Replies

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

modify ltm virtual VS disabled

TMSH APM policy modify

Modify local traffic policy from CLI or API

Modifying SSL Profile via REST API

About client profile (apm-forwarding-client-tcp)