Forum Discussion

John_Ogle_45372's avatar
John_Ogle_45372
Icon for Nimbostratus rankNimbostratus
Aug 20, 2013

snat routing issue - need clarification

I have some non-http servers. I am looking at using no snat and having the servers point to the F5 floater for their default gateway. Without snat, the real ip addreses go the pool member.

 

Packets 1) client 2.2.2.2 -> vip 5.5.5.5 2) client 2.2.2.2 -> pool_mbr 7.7.7.7

 

At first glance it seemed it would fail because the client made a connection to the vip address and then it changes on the reply with the client sending it directly to the pool member address.

 

If I have the servers point to the f5 floater for their default gateway, does this communication still work because of auto lasthop and the connection table?

 

deployment

4 Replies

Sort By
  • uni's avatar
    uni
    Icon for Altostratus rankAltostratus
    Aug 20, 2013

    This will work. The response [7.7.7.7 -> 2.2.2.2] goes from the server to the server's default gateway and LTM's inside self-ip (e.g 7.7.7.1). The LTM then forwards the reply [5.5.5.5 -> 2.2.2.2] back out the external interface, due to auto lasthop if it is enabled, or by LTM route table if auto lasthop is disabled.

     

  • John_Ogle_45372's avatar
    John_Ogle_45372
    Icon for Nimbostratus rankNimbostratus
    Aug 20, 2013

    Do I need a 0.0.0.0 forwarding VS for this as well? For the return traffic? Or not because it's an existing connection?

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 20, 2013

    Do I need a 0.0.0.0 forwarding VS for this as well? For the return traffic? Or not because it's an existing connection?

     

    generally, virtual server for return traffic is not needed because it is existing connection.

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Aug 20, 2013

    If you set up your servers to use the BIG-IP as their default gateway, traffic incoming to the servers will (if enabled) follow the auto lasthop path to return to sender. This is a layer 2 mechanism that records the last "hop" or router and returns to it. On the other hand, now that the BIG-IP is the servers' default gateway, any traffic originating from the server to the world (ie. antivirus updates, etc.) will need a forwarding virtual (listening on the internal interface).