Forum Discussion

tyler_94987's avatar
tyler_94987
Icon for Nimbostratus rankNimbostratus
Mar 28, 2009

LC ISP load balancing with SNAT question

Hi All.

 

 

My customer is using LC1600 v9.4.5 to do ISP LB.

 

 

They have multiple ISPs within a data center. Each ISP has their own gateway and different ip subnet.

 

 

I configure two vlans on 1600: external and internal. And add all ISP ip on external, private ip on internal.

 

 

Say if there are only 2 isps. I will need to add 2 VS to map to one server pool. And customer needs those servers to do SNAT with VS ip. That is, server can use VS ip to access to internet.

 

 

Customer has almost 200 server pools. And each ISP has almost 200 VS. And worse, I have to configure SNAT pool for each server pool to use their own SNAT pool. So I need to configure a lot of things on 1600...

 

 

My question is, for SNAT part. Is there any better way like writing an iRule to tell if this is from server pool then I will do SNAT for it with VS ip address?

 

 

And I am wondering if SNAT pool will know when do SNAT for the correct ISP?
application delivery
dev
devops
iRules

6 Replies

Sort By
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Mar 28, 2009
    Well a combination of a looking at the remote IP or the server IP you can choose which SNAT to use and which one you don't have to.

     

     

    Here are some examples:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/snat.html

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/snatpool.html

     

     

    I hope this helps

     

    CB
  • tyler_94987's avatar
    tyler_94987
    Icon for Nimbostratus rankNimbostratus
    Mar 29, 2009
    cmbhatt thanks for your reply.

    I am kinda looking for a solution like this: 

      
 when LB_SELECTED {  
 if { ([LB::server addr] eq "1.1.1.254") and ([matchclass [IP::client_addr] equals $::ip_server]) } {  
 snat 1.1.1.X  
 }  
 else if { ([LB::server addr] eq "2.2.2.254") and ([matchclass [IP::client_addr] equals $::ip_server]) } {  
 snat 2.2.2.X  
 }  
 }

    I don't know how to map 1.1.1.X and 2.2.2.X to server's Virtual Server ip address. Is there any variable to auto replace 1.1.1.X and 2.2.2.X to ip_server's Virtual Server ip address?
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Mar 29, 2009
    If you have version 9.4 or higher then I believe you can direct the request to a virtual

     

     

    http://devcentral.f5.com/Wiki/default.aspx/iRules/virtual.html

     

     

    CB

     

  • tyler_94987's avatar
    tyler_94987
    Icon for Nimbostratus rankNimbostratus
    Mar 29, 2009
    Hi cmbhatt.

     

     

    Let me explain it in more detail.

     

     

    There are 3 different subnets on LC:

     

    external: 1.1.1.1/24, 2.2.2.2/24

     

    internal: 3.3.3.3/24

     

     

    There are two ISP routers:

     

    1.1.1.254/24, 2.2.2.254/24

     

     

    There are around 200 internal servers.

     

     

    For example. 3.3.3.10~3.3.3.200

     

     

    And each ISP should have Virtual Server mapping to each server.

     

     

    For example. VS 1.1.1.10 and VS 2.2.2.10 map to 3.3.3.10. VS 1.1.1.11 and VS 2.2.2.11 map to 3.3.3.11 and so on.

     

     

    And each server should use their VS ip for SNAT ip for outbound connection.

     

     

    For example. server 3.3.3.10 should use snatpool with member 1.1.1.10 and 2.2.2.10. 3.3.3.11 should use 1.1.1.11 and 2.2.2.11 and so on.

     

     

    So, what I am trying to do here is to find a better way for doing this configuration. Any suggestions?
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Mar 30, 2009
    Based on what I am reading you want a each server assigned 2 possibles from a snat block of 1.1.1.x or 2.2.2.x (depending on which path it takes) and from the details you explained you want to match it up by the last octet of the IP. From what I can tell this can be done on a smaller scale, but 200 internal servers will make for a

     

     

    The following example can take the address of the client (the client is 3.3.3.0/24) and you can parse it

     

     

    scan [IP::client_addr] %u.%u.%u.%u first second third last

     

     

    Now each octet is in variable first, second, third, last

     

     

    You can use that to assign a specific snat based on where the request is coming from and where it's going I.E. "snat 1.1.1.$last"

     

     

     

    CB

     

     

  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Mar 30, 2009

    Posted By tylerchen on 03/28/2009 9:30 AM

     

    And I am wondering if SNAT pool will know when do SNAT for the correct ISP?

     

     

    It will, but only if they are on different Links, which need to be on separate VLAN's usually. I don't think it will work the way you have it with both 1.1.1.x and 2.2.2.x on the same VLAN.

     

     

    And unfortunately I don't see a better way of doing this across the 200 apps than you have already described.

     

     

    Denny