Selective SNAT and Calculate CRC32 Checksum

Will this iRule work? Two iRules combined..

when RULE_INIT {

set static::snat_exch2007(0) 10.73.17.248

}

when CLIENT_ACCEPTED {

snat $static::snat_exch2007([expr {[crc32 [IP::client_addr]] % [array size static::snat_exch2007]}]) }

when LB_SELECTED {

if {[IP::addr "[IP::client_addr]/24" equals "[LB::server addr]/24"]} {

}

}

I'm not sure if you're planning to use this rule with other rules that are dependent on the variables, but if all you want to do is to SNAT requests from certain IPs or networks, then this iRule should do it.

when CLIENT_ACCEPTED {
    if { [matchclass [IP::client_addr] equals exch2007servers ] } {
        snatpool snat_exch2007
    }
}

Note that you have to create and populate an address type data group list, ie "exch2007", with the IPs or network of the exchange servers.

/Patrik

If you're dealing with exchange, this command is important for your snat:

snat $static::snat_exch2007([expr {[crc32 [IP::client_addr]] % [array size static::snat_exch2007]}])

The reason why is that RPC in particular, will require re-authentication if a client IP changes midstream. Since RPC clients can open up to 10 connections to the same server, it is important that each of these connections has the same source IP, otherwise the session may fail completely.

If you do not use that command for snatting, then subsequent requests from the same client may get a different IP address from the snatpool, and your service may fail.

Also, if your HTTP application requires reauthentication if a session's IP addresss changes, the command serves the same purpose.

Finally, make sure to put the IP addresses you use inside a snatpool, otherwise the F5 will not answer ARP traffic for those addresses, and your service will not function correctly.