Forum Discussion
lkchen
Apr 28, 2012Nimbostratus
I use the Selective_SNAT irule for this case.
Namely the one for when both the client and destination are on the same /xx subnet.
So the servers can still see the source IP when the traffic is coming from the outside.
Its interesting...that before I came along to work iRule magic on the F5....one of the groups having this issue, did it by moving the part that needs to talk to the VS to outside the F5....so the clients talk to this one server and the server talks back to the VS. But, there's 4 nodes in the pool on the F5....so if one goes down...no problem. But, there's only one server on the outside...and if it goes down (again)....oops.
Though my boss has wondered if there's a performance hit from this iRule....though hard to tell from the CPU graph, because the F5 pair have uptime > 49.7 days.