Forum Discussion

sri_223168's avatar
sri_223168
Icon for Nimbostratus rankNimbostratus
Nov 17, 2015
Solved

SNAT using the same source IP on Multiple LTM's

Can i use the following iRule on Multiple VIP's of different LTM's for filtering clients and SNATing. The source address x.x.x.x will be same accross all LTMS

when CLIENT_ACCEPTED {

Check if the client IP address is a member of the address data group named Hosts if { [matchclass [IP::client_addr] equals Hosts]} {

     snat using this source address
     snat x.x.x.x
     Exit this event to avoid disabling SNAT below
     return
  }

} Default action is to not SNAT snat none }

application delivery
BIG-IP
iRules
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Nov 17, 2015

    You can not reuse the SNAT address unless the networks you LTM live in have no knowledge of each other or your SNAT address is non routeable between those networks. If its either of those, have at it. Just know that that address will be on the wire in multiple locations with different MAC addresses.

     

4 Replies

Sort By
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Nov 17, 2015

    You can not reuse the SNAT address unless the networks you LTM live in have no knowledge of each other or your SNAT address is non routeable between those networks. If its either of those, have at it. Just know that that address will be on the wire in multiple locations with different MAC addresses.

     

  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Nov 17, 2015

    You can not reuse the SNAT address unless the networks you LTM live in have no knowledge of each other or your SNAT address is non routeable between those networks. If its either of those, have at it. Just know that that address will be on the wire in multiple locations with different MAC addresses.