Thursday, 24 October 2019

Where to Use SNAT in F5 LTM?

1) When the Internal Node Servers default gateway is not BIG IP LTM

--> It is not always possible to configure BIG IP LTM as internal node servers default gateway.

--> Internal Node Servers default gateway can be a router or layer 3 switch.

--> The problem with this type of setup is,it can prevent the response packet to go back to the client as BIG IP LTM is not a default gateway.

--> In the above scenario, the router is acting as the default gateway for the internal nodes.

1) The client sends the request packet to F5 Virtual Server IP Address.

2) F5 BIG IP LTM Changes the destination IP address from the virtual server IP address to pool member IP address selected based upon load balancing algorithm.

3) Pool member receives the request packet from F5 BIG IP LTM and sends the response packet to the router as it is acting as the default gateway.

4) The client is going to reject the packet as it does not have the connection with pool member.
--> With SNAT
1) The client sends the request packet to F5 Virtual Server IP Address.

2) F5 BIG IP LTM Changes the source IP address to SNAT IP Address and the destination IP address from the virtual server IP address to pool member IP address selected based upon load balancing algorithm.

3) Pool member receives the request packet from F5 BIG IP LTM and sends the response packet to the F5 LTM as both are in the same network.

4) The client is going to receive the packet from F5 BIG IP LTM.


2) Client and Servers in the same network
--> If both the server and client belongs to the same network then the traffic directly goes without consulting F5 BIG IP System.

--> With SNAT, we can change the source IP address that allows the server response to go via F5 BIG IP LTM.

1) The client sends the request packet to F5 Virtual Server IP Address.

2) F5 BIG IP LTM Changes the destination IP address from the virtual server IP address to pool member IP address selected based upon load balancing algorithm.

3) Pool member receives the request packet from F5 BIG IP LTM and sends the response packet directly to the client as both are on the same network.

4) The client is going to reject the packet as it does not have the connection with pool member.

With SNAT
1) The client sends the request packet to F5 Virtual Server IP Address.

2) F5 BIG IP LTM Changes the source IP address to SNAT IP Address and the destination IP address from the virtual server IP address to pool member IP address selected based upon load balancing algorithm.

3) Pool member receives the request packet from F5 BIG IP LTM and sends the response packet to the F5 LTM as both are in the same network.

4) The client is going to receive the packet from F5 BIG IP LTM.

3) Internal Server needs to send the traffic to the Internet

--> Internal server are having private IP address sometimes need to send traffic to the Internet.

--> SNAT allows the Internal server private IP address to be changed to the routable public IP address.

Ref: f5.com






No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...