Forum Discussion
Deb_Allen_18
Jun 17, 2008Historic F5 Account
Denny: Quick clarification on the SNAT solution:
The nature of the applications here is that, 90% of the apps are 2-tiered, meaning web servers directly talk to Database and other back end stuff without an intermediate app layer. If we use SNAT, I am wondering how the servers will be able to talk to these backend systems as the return traffic will not have a route to the servers, since they would return to the servers private IP.
The SNAT translation will translate the source to an address held by LTM. LTM will forward the traffic to the DB with an LTM source address, and track the connection in the SNAT table. When the response comes back from the db, it will be bound for the LTM address. When the response gets to LTM, the SNAT is reversed, and the response is forwarded to the original requester:
clientIP
| ^
V |
VS-IP
-------------------
| (LTM) |
-------------------
SNAT-IP
| ^
V |
serverIP
The client never sees the server's real IP, and the server never sees the client's real IP. As long as the destination device has a route back to the LTM address, traffic will flow as expected.
hth
/deb