Forum Discussion

jmloveless_4477's avatar
jmloveless_4477
Icon for Nimbostratus rankNimbostratus
Nov 09, 2010

iRule to SNAT and select pool member

Good evening,

 

 

 

I am using the LC with an irule on the default gateway pool to snat a particular internal client to an outside address (overriding the automap on the default gateway pool). The SNAT works great until the connection is routed out the wrong ISP. I need to be able to set the SNAT and Pool member with the same irule. I have tried couple things but they dont seem to work, any input would be appreciated!!!

 

 

here is an example of one iRule I have tried:

 

 

when CLIENT_ACCEPTED {

 

if {[IP::addr "[IP::client_addr]" equals "10.251.1.65"]} {

 

snat X.X.X.10

 

pool default_gateway_pool member X.X.X.1 0

 

}

 

elseif {[IP::addr "[IP::client_addr]" equals "10.40.14.12"]} {

 

snat Y.Y.Y.10

 

pool default_gateway_pool member Y.Y.Y.1 0

 

}

 

}

 

 

 

 

 

 

 

application delivery
dev
devops
iRules

9 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Nov 09, 2010
    Hi,

     

     

    That iRule looks valid. What issues are you seeing when you test it? Is a pool selected? Are the connections SNAT'd?

     

     

    Aaron
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Nov 09, 2010
    Actually, maybe the issue is with specifying port 0 for the pool member? If that's the issue, you might try something like this: 

    
when CLIENT_ACCEPTED {
   if {[IP::addr [IP::client_addr] equals 10.251.1.65]} {
      snat  X.X.X.10
      pool default_gateway_pool member X.X.X.1 [TCP::local_port]
      }
   elseif {[IP::addr [IP::client_addr] equals 10.40.14.12]} {
      snat  Y.Y.Y.10
      pool default_gateway_pool member Y.Y.Y.1 [TCP::local_port]
      }
   }

    Aaron
  • jmloveless_4477's avatar
    jmloveless_4477
    Icon for Nimbostratus rankNimbostratus
    Nov 09, 2010
    Thanks for the quick response, do I need the [TCP::local_port]

     

    or can I just drop the port all together?

     

     

    The SNAT works and the correct pool is selected but correct member is not selected from what I can tell. The reason thie is failing is ISP B drops connections with a source address of anything but ISP B assigned addresses.

     

     

    Any logging recommendations to make sure the correct pool and member are selected?

     

     

    Thanks again
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Nov 09, 2010
    When I had a similar challenge, I created a separate pool containing only that specific member and selected the pool (rather than member) from the iRule.
  • jmloveless_4477's avatar
    jmloveless_4477
    Icon for Nimbostratus rankNimbostratus
    Nov 09, 2010
    Chris, funny you mention that, I just did the same thing this morning and it appears to be working!!! FingersCrossed.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Nov 11, 2010
    Chris' idea is a good workaround. But I'm curious why the pool command didn't work. Were the pool members defined on port 0?

     

     

    Thanks, Aaron
  • tcl_newfan's avatar
    tcl_newfan
    Icon for Nimbostratus rankNimbostratus
    Aug 23, 2011
    Hi,

     

    I have almost the same requirement as jmloveless with LC, but instead of snat based on an internal IP address, i want to snat based on the pool member already selected, i mean if the pool member selected was 10.10.1.1, snat to snat_pool_10_10_1, else snat to snat_pool_10_20_1. Any ideas?.

     

     

    Regards,
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 23, 2011
    Hi Jaime,

    You can use the LB_SELECTED event to specify a SNAT IP based on the selected pool member address: 

    
when LB_SELECTED {

   if {[IP::addr [IP::client_addr] equals 10.10.1.1]}{
      snatpool snat_pool_10_10_1
   }
}

    The default action would be to use whatever SNAT is enabled on the virtual server.

    Aaron