Forum Discussion

genseek_32178's avatar
genseek_32178
Icon for Nimbostratus rankNimbostratus
Jan 18, 2012

Pool member Gwy

Hi,

 

 

I understand from reading about SNAT that it should be used..

 

 

When.....pool members have thier default gwy configured as a router ip upstream to F5.

 

 

In this situation, if resturn traffic needs to be routed back from F5...SNAT should be enabled.

 

 

Else, if the gwy of pool servers is F5..then SNAT is not required. Please clarify.

 

 

  • Hi genseek,

     

     

    That's exactly it. One other case where you'd want to use SNAT is if the clients and servers are on the same subnet. To ensure symmetric routing, you'd want to have LTM translate the source address on the serverside connections to its own IP.

     

     

    Aaron
  • Hoolio,

     

     

    Is it possible to use SNAT with reversenpath? If yes, what would be the context?

     

  • By reverse nPath, I assume you mean the following:

     

     

     

    client SYN to router with destination IP of the server

     

    router sends SYN to server

     

    server uses a route or default gateway to send SYN ACK to LTM self IP

     

    LTM receives SYN ACK and responds back to client through router

     

    router sends SYN ACK back to client

     

     

    It's technically possible to use SNAT for reverse nPATH, but I don't think it would work as the client would have initiated a connection directly to these server IP address. So if LTM uses SNAT to send the SYN ACK back to the client, the client would reset the connection as the source IP wasn't the same as what it sent the SYN to.

     

     

    Or am I misinterpreting your scenario?

     

     

    Aaron