Possible to set curl source as IP from subnet not directly configured on F5?

Question

I need to run a curl to mimic traffic as if coming from the serverside of an existing Virtual Server (specific setup means I can't just curl to the clientside of the Virtual Server unfortunately).

The problem is that the serverside uses SNAT (not automap). The SNAT IP is only "logical" - i.e. the F5 doesn't have a VLAN or self IPs aligned to the subnet that the SNAT IP is taken from. The VS sets the source to the SNAT IP and then external routing directs return traffic for that IP back to the F5 over a "real" VLAN.

This is causing a problem when I try to mimic the VS originated traffic by setting an 'interface' for curl, i.e. using:

curl --interface x.x.x.x

where x.x.x.x is the SNAT IP applied on the VS.

Curl produces the error:

* bind failed with errno 99: Cannot assign requested address

* Closing connection 0

curl: (45) bind failed with errno 99: Cannot assign requested address

Is there a way to force curl to use an IP that doesn't actually relate to a "real" interface?

jrahm · Answer

doesn't appear to be a way to do that directly with curl. Is curl required, or are you just trying to do testing from BIG-IP to a server to mimic client traffic? If you can provide a little more detail in what you're end goal is, might be able to help come up with an alternative.

_john_ · Answer

Thanks for the reply :-)As you mentioned this is for testing purposes. I want to mimic traffic as if it had originated via the 'real' path through the F5.It doesn't need to use curl if something else would fit the bill. However whatever is used needs to be able to mimic real HTTP traffic, including HTTP keepalive operation whereby I would send multiple HTTP request/response messages across the same TCP session.  The connection also uses TLS mutual authentication, so whatever testing 'tool' is used needs to cope with TLS establishment including the use of a client certificate.Note also that I don't want to actually deploy any new LTM config to support testing - e.g. I don't want to set up some sort of 'test' VS alongside the 'real' VS which would take test traffic only. I am looking for something non intrusive like curl or openssl s_client (although openssl has caused me problems before because it ends up sending a line feed in front of any HTTP requests after the first one - not sure how to stop that happening).

Forum Discussion

Possible to set curl source as IP from subnet not directly configured on F5?

2 Replies

Recent Discussions

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Related Content

Run Advanced Containers like OPSWAT Content Scrubbing Directly On F5 Distributed Cloud Nodes

upgrade directly from os version 14.1. to 17.1.0

Possible to Compare and Diff configuration by ucs files

User roles per partition: are multiple possible?

Certificate Expiry Email alert configuration