I find myself confused on the wording of SOL9038 and appreciate any information that can clarify acutal LTM operation with respect to traffic that matches both a source and destination listener.
The last line of SOL9038 states: "For example, a virtual server with a destination address and a netmask of 0.0.0.0/0:0 takes precedence over a source listener object." I understood this to mean that should traffic match both a source and destination listener, the destination listener would assume full control over the traffic and that the source listener would not take effect. My local SE seemed to be in agreement that, given a wildcard virtual of 0.0.0.0/0:*, traffic would never trigger a SNAT on the device.
However I noted different operation in one of our production units. Home testing on LTM VE appears to show that the SNAT will take effect if the destination listener is not configured to SNAT traffic.
So now I am reforming my understanding of SOL9038 to match what I've seen but want to confirm this is correct operation. The OOP allows both source and destination listeners to operate on the same traffic, but should a conflict arise the destination listener settings will take effect. More simply - source and destination listeners are NOT mutually exclusive?
I can post information on testing conducted and results, but after reviewing the results and thinking it through the answer to my question my be as simple as the above.
Thanks for any assistance! -Ed
Thank you nitass. I also confirmed separately with user 'What Lies Beneath'. I guess my original understanding was formed based on first reading the OOP for destination listeners, which would be mutually-exclusive; i.e. The system can only match and execute one destination listener.
Progressing from this I assumed the same for source vs. destination listeners, but after testing and multiple outside confirmations I now see where my understanding was incorrect. I would offer that the SOL language should state "When a connection matches both a source and a destination listener object, the BIG-IP LTM system places a higher precedence on the destination listener parameters" or something similar, rather than the term "object". To me that implies an all-or-nothing config.
Again - appreciate your support!