NimbostratusDo we need SNATs if the server is in the same VLAN as the self / floating IPs ? the default gateway of the server is not the F5 in this case...
for ex
external VIP - 172.18.2.153
pool members - 172.18.33.150 & 151… self IP of f5 - 172.18.33.130/131
In this case snat is disabled.. and the server has a default gateway to the switch, and not the F5.
NimbostratusIf you don't SNAT, the source address of the requesting client will get passed straight on through to the server. And then the server will see the client as a non-local IP address and use it's default gateway to respond to, bypassing the load balancer.
Asynchronous route. Game over.
NimbostratusSource address translation must be used in this configuration to ensure that server response traffic returns to the client via F5. If not, it will cause asymmetric routing of server traffic.
NimbostratusTHanks for the answers guys.. In this case, the Real server and the F5 are in the same VLAN. as per IP forwarding, the source mac of the packet will be F5's self IP, and the packets are going to come back to F5.. Right ? SNAT will be used, only if the real server is in a different VLAN than the F5 inside IP.. Am I right ?
NimbostratusI always thought the same thing Raj. I think the L2/L3 is getting muddled.
How I've talked myself into believing it is that the server gets the frame and strips it off and throws it away. When it goes to respond it creates a packet...addressed to the original source IP. So then it makes its decision - is this thing going local or remote and creates a new frame of who it needs to send it to. In this case, the [now] destination IP is remote so it builds its frame with a destination MAC of its default gw.
It doesn't reuse the old frame, that's long gone...so doesn't respond to the F5.
NimbostratusRicky and Munney are right . You need SNAT for your setup . You said SNAT is disabled(?) , is the client able to access server when SNAT is disabled ?
Thanks