Forum Discussion

chris_connell_1's avatar
chris_connell_1
Icon for Nimbostratus rankNimbostratus
Dec 16, 2010

change nat source address for a healthcheck

Hi,

 

I have configured an http transparent healthcheck, and the healthchecks to the nodes are sent from the F5 self IP's but I would like to know if its possible to apply snat/nat for just these healthcheck requests so the F5 selfip source address is natted to another one.

 

 

I tried putting in nat with origin address with the f5 self ip and the nat address, but i guess its not working as this generally works on traffic that is traversing the f5 rather than initiated from the F5.

 

 

Is this possible?

 

Thx

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

config
design

4 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 18, 2010
    Hi Chris,

     

     

    If you want to specify a source IP address for a monitor, you'd need to use an external monitor. Here's a basic example we came up with for ICMP:

     

     

    http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/ICMPCustomSourceAddressMonitor.html

     

     

    I'm not sure what client utility you could use that would allow specifying the source IP address though. curl doesn't seem to support it:

     

     

    http://curl.haxx.se/docs/faq.html

     

    5.12 Can I make libcurl fake or hide my real IP address?

     

     

    netcat does seem to support it:

     

     

     

    http://nc110.sourceforge.net/

     

    Some of netcat's major features are:

     

     

    Outbound or inbound connections, TCP or UDP, to or from any ports

     

    Full DNS forward/reverse checking, with appropriate warnings

     

    Ability to use any local source port

     

    Ability to use any locally-configured network source address

     

     

     

    Aaron
  • chris_connell_1's avatar
    chris_connell_1
    Icon for Nimbostratus rankNimbostratus
    Dec 21, 2010

     

    Thanks for the reply Aaron, the base example was useful I will try and modify it using netcat.
  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Apr 14, 2016

    Create a healthcheck VS per pool member (1 pool member) and apply a SNAT pool to it. Create a monitor for each pool member that points to its healthcheck VS. Apply a member specific monitor to each pool member with its individual monitor.

     

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Apr 14, 2016

    If your objective is to test the health of the application service as if from the end-user, you may want to try a passive/inband health monitor.