Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Packet flow - order of NAT, SNAT, routing etc.

Hi,

I am new to F5 LTM, and is looking for some documentation (diagram) on the packet flow; how and in which order packets are processed in regards to NAT, SNAT, routing etc. from when a packet enters an interface to it exits an interface.

I have searched Google, F5 website and this community but can't seem to find anything on this subject.

- Ronni
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hi Ronni,

Here's a start for the precedence of LTM listeners:

sol9038: The order of precedence for local traffic object listeners
http://support.f5.com/kb/en-us/solutions/public/9000/000/sol9038.html

Aaron
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
a very good question, but still no answer. seems like there should be some diagram somewhere, but i can't find it.

does anyone have some more info?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
I think the article needs some improvement, this is rather confusing and wrong: "For example, a SNAT with an origin address of 10.10.64.0/24 takes precedence over a SNAT with an origin of default. Additionally, a SNAT with an origin address of 10.10.64.2 takes precedence over a NAT with an origin address of 10.10.64.2."
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
OK, I've come up with the following based on that article, I'll try and add a bit more later if I can;

VS’s – higher precedence on address, not port;
   <address>:<port>
   <address>:*
   <network>:<port>
   <network>:*
   *:<port>
   *:*
(From v9.4 disabled by default: When the bigpipe db TM.ContinueMatching variable is set to true, BIG-IP LTM will check if another virtual server is available to handle a request if the higher precedence virtual server is down or disabled.)

The most specific takes precedence;
   SNAT
   NAT
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
have you seen this one (BIG-IP Path Graph by James)?

A diagram on the basic path in LTM
https://devcentral.f5.com/community/group/aft/62252/asg/50
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
thank you nitass, that is even more then i expected to find. anyone know if this is still pretty much accurate for v11?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
i send the original author a pm here and got a link to an updated version:
http://www.bragi0.com/F5_BigIP_Path_Graph_v1_7.pdf

as it is quite high level it should still be accurate for version 11.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Link mentioned in above post is dead.
Could someone please post the active link.

Thanks
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Anybody find a copy of this?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Jason kindly put it in the downloads for me, see:

https://devcentral.f5.com/d/big-ip-v9-flow-path

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Note I'm working on an up to date flow diagram (I'll do a few more based on different profiles), would love some feedback: https://devcentral.f5.com/questions/tcp-traffic-path-diagram

0
Comments on this Answer
Comment made 20-May-2014 by James Deucker
Thank you! It looks better than my old one already.
0
Comment made 20-May-2014 by What Lies Beneath 6708
Thank James. Actually I had a question about yours if you don't mind. Just the packet filter bit and the 'all packets' and 'SYN packets' parts. I'm not quite sure what that means?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi guys, somewhere in the documentations it is said that SNAT is preferred over NAT and somewhere else it mentions reversely that NAT is preferred over SNAT... like in this article: https://support.f5.com/csp/article/K9038

which point is correct then? please clarify.

0