iRules conflicting with SNAT'ed requests

Question

I've F5 BIGIP 8900 running TMOS 10.x. My configuration is one-armed wherein client and server blades lie on same network. To avoid server blades responding directly to client, i'm SNAT'ng the requests once the F5 load balancing is executed. Distribution is done via iRules which use IP address contained within the request PDU.&nbsp;
My problem is while the server blades respond back to F5 (on return path), final response never reach the final destination (client). It seems F5 is not routing the response out to Client. When i remove the iRule from VS config and use a default pool of server blades, i get the correct behaviour. Responses are correctly routed back to client via F5.&nbsp;
Clearly, something doesn't work in favour of iRules. Did i miss any critical configuration portion ?&nbsp;

richard__harlan · Answer

I would check the /var/log/ltm log file for errors from the iRule, this will point you in the correct direction.

mohamed_lrhazi · Answer

Use tcpdump to findout what's happening. 
&nbsp;  
&nbsp;   final response never reach the final destination (client) 
&nbsp;  
&nbsp; why? does it leave the LTM with wrong destination IP? or does not leave the LTM at all? is this TCP or UDP? what protocol is it? what does the iRule do? does it use "snat"? or the SNAT enabled on the virtual server level only?

Forum Discussion

iRules conflicting with SNAT'ed requests

2 Replies

Recent Discussions

Citrix XenServer Big-IP Upgrade help

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

BWC iRule

Can iRule be used to perform exception of IPI category based on Geolocation

help irules for compatibilty

Related Content

When using F5 Distributed Cloud Platform, never deal with Site to Site IP conflicts again!

Distributed caching of authentication requests with NGINX Ingress Controller

Logging DNS Requests

Using Client Subnet in DNS Requests

HTTP Request Smuggling, what it is, how to find it and how to stop it