Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

NAT/SNAT + routing order of operations

Hi folks,

Very new to F5, and trying to get a handle on some of the order of operations for traffic flow types. Specifically, I'm curious to see how layer 3 routing is handled by BigIP devices when NAT, SNAT or virtual servers are in play. That is, as the traffic flows through the F5, does layer 3 routing take place prior to or following the application of a NAT, SNAT or virtual server translation? Is it dependent on the direction (e.g. with Cisco NAT, outside-to-inside order of operations has NAT occur first, followed by routing, while inside-to-outside has routing occur first, then NAT)? If this is covered in better detail in one of the F5 docs, I'd be happy to read up, but haven't been able to find such a reference yet. Thanks for your assistance.

Regards,
Randy Williams
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hi Randy -

Thanks for posting, great question.

For LTM, inbound & outbound flows aren't managed separately and routing will take place after NAT/SNAT/dest translation is performed in all cases.

Traffic flows from the client to LTM VS address or SNAT with a matching origin address, then source and destination address changes are applied, then the routing table is used to determine the egress vlan.

It's worth noting that the Last Hop feature is enabled by default, which keeps track of the L2 source of a request and returns responses to the same L2 hop in precedence of the routing table logic.

HTH
/deb
1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
NAT, SNAT and standard routing are all happening at Layer 3. I think it's reasonable to postulate that standard routing is looked at first then SNAT then NAT. The reason why SNAT over NAT is because F5 seems to be place more emphasis on it.

Alas the experts can tell you for sure.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Randy,
you might also consider looking at the forwarding virtual servers or a default virtual server combined with an iRule.


schwiddy
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Excellent, that helps substantially. Thanks very much for the info.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
"For LTM, inbound & outbound flows aren't managed separately and routing will take place after NAT/SNAT/dest translation is performed in all cases.

Traffic flows from the client to LTM VS address or SNAT with a matching origin address, then source and destination address changes are applied, then the routing table is used to determine the egress vlan.

It's worth noting that the Last Hop feature is enabled by default, which keeps track of the L2 source of a request and returns responses to the same L2 hop in precedence of the routing table logic."

Any insight into where this is documented?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Order LTM processes traffic:
1) Connection table
2) Packet rule
3) Virtual Server
4) SNAT
5) NAT
6) Self-IP
7) Drop

0