Forum Discussion

swiss2000_13853's avatar
swiss2000_13853
Icon for Nimbostratus rankNimbostratus
Nov 23, 2009

SNAT pool and persistence

Hi all!

 

 

I have a LTM-setup (10.0.1) with a SNAT Pool containing 5 ip addresses. So each connection uses the next SNAT address (round robin).

 

 

But for persistent connections (source persistence), i'd like the LTM to use always the same SNAT address, and not to change it during the session. Otherwise some of my applications have problems with session management...

 

 

Is there a way to configure the SNAT pool in a way that persistent connection always keep their SNAT address?

 

 

Thanking you in anticipation, regards

 

Marc

 

config
design

12 Replies

Sort By
Show More
  • ZANOOB's avatar
    ZANOOB
    Icon for Cirrus rankCirrus
    Aug 31, 2023

    Hi,

    I know this post is very old , but i got into the same issue but the internet search for the irule has landed over here.

    My goal is to match client IP to SNAT (one to one mapping). I found an irule, but that is very long (manual typing and for bigger subnet cannot apply since that will be longer than 65536 characters which irule can take).

    when CLIENT_ACCEPTED {
    if { [IP::addr [IP::client_addr] equals 172.16.56.10/32] }{
    snat 172.16.56.10
    }
    if { [IP::addr [IP::client_addr] equals 172.16.56.11/32] }{
    snat 172.16.56.11
    }
    if { [IP::addr [IP::client_addr] equals 172.16.56.12/32] }{
    snat 172.16.56.12
    }
    .
    .
    .
    .
    "and till all the one to one mapping"
    }

    However, this is not useful for longer subnets.
    Is there a way to match the third and last octect of the IP of the client to SNAT IP.
    The above irule shows about the thrid octect only , is there a way to match 3rd and 4th octect?

    Zanoob