AltostratusHello Guys,
Sorry for the dump question, but could you please help me briefly the different between following?
Thank you, Darshan
EmployeePort and address translation are for destination address and port. In a standard VIP configuration, with port and address translation enabled, when packets from the client arrive at the VIP, the destination address and port are changed from the VIP's address and port to the load balanced server's address and port. You can obviously enable/disable each individually for different effects. When you create a wildcard VIP (0.0.0.0/0:0), the port and address translation settings should be automatically disabled. This would be used in scenarios like firewall load balancing (inbound) or forward proxy (outbound) where you definitely don't want the original address and port altered.
SNAT is for changing the SOURCE address. Without SNAT, packets from the client arriving at the VIP retain the client's true source address. SNAT is then important if the downstream server knows how to route back to that address directly (not back through the F5). SNAT will change the client source to an address controlled by the F5 to essentially force return traffic back through the proxy.
EmployeeBy the way, SNAT automap uses a configured self-IP for the translated source address. A SNAT pool is something you'd configure separately to contain a range of source addresses. One important and interesting note. These addresses are not load balanced. They are used in order until they reach port exhaustion. Each IP address is capable of supporting roughly ~65,000 concurrent TCP sessions. Keep this in mind if you do automap and have the potential to exceed that number of concurrent TCP sessions.
AltostratusHey Kevin,
You answered my question. Thank you very much!
Cheers! Darshan