Forum Discussion

James_78615's avatar
James_78615
Icon for Nimbostratus rankNimbostratus
Jan 23, 2013

SNAT automap on non-floating-ip egress interface

Hi All,

 

Have an urgent issue on an Active/Standby LTM pair with SNAT Automap configured on the virtual server. I do NOT have a floating-ip on the server side vlan.

 

As per following link, the F5 is SNATing to a floating-ip that is NOT the egress interface:

 

http://support.f5.com/kb/en-us/solu...l7336.html

 

This is causing assymetric routing and killing my connection.

 

Unfortunately, I am unable to configure a floating as there are no IPs left in the network range (selected long time ago and out of my control).

 

I can setup a SNAT pool with the egress non-floating-ip of the Active unit as a member but then traffic will fail in failover scenario. Similar, if I put both active and standby non-floating IPs it will round-robin select them and I'll lose half the traffic.

 

Is there a way to ensure that the SNAT address uses the non-floating self-ip of the Active unit?

 

Thanks

 

James

 

 

config
design

4 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jan 23, 2013

    Hi James,

    Here's a quick and dirty example that should allow you to specify a different SNAT IPs per BIG-IP in an HA pair:

    when RULE_INIT {
    set static::hostname [info hostname]
}
when CLIENT_ACCEPTED {

    switch $static::hostname {
        unit1.example.com {
            snat 1.1.1.1
        } 
        default {
            snat 1.1.1.2
        }
    }
}

    Longer term, it would be better to specify a new SNAT IP in a SNAT pool for more graceful handling of failovers.

    Aaron
  • James_78615's avatar
    James_78615
    Icon for Nimbostratus rankNimbostratus
    Jan 23, 2013
    Thats awesome, just what I was looking for...thanks for the quick response!
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jan 23, 2013
    I forgot to use the static namespace for the variable Can you use the updated example above?

     

     

    Aaron
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 23, 2013
    FYI, should you need to 'enable' asymmetric routing, disable VLAN Keyed Connections;

     

     

    Menu path: System > Configuration > Local Traffic > General > VLAN-Keyed Connections

     

    Tmsh command path: [tmsh] modify sys db connection.vlankeyed value disable