Forum Discussion

Azim_147178's avatar
Azim_147178
Icon for Nimbostratus rankNimbostratus
Nov 08, 2014

SNAT Flow Confusion

Hi All,

 

I'm newish to LTM and one of the areas I'm kinda grey about is SNAT Flow, specifically the flow of traffic, I'm hoping the experts can please help me out :)

 

This is in a setup where the edge device is a firewall with 2 servers hanging off a directly connected segment which need to be loadbalanced. So I've got my VIP setup with automap and a pool with the servers using their primary IP's listening on port 80.

 

So am I right in thinking the flow will be:

 

client request hits VIP IP > request sent to pool > SNAT applied to pool member replacing the primary IP's with the LTM's self IP...If my thinking is correct up to this point then I'm not sure whats next in the flow.

 

I guess the confusion for me is the flow back to the client from the backend server that's being SNAT'd.

 

More than likely it's going to a very simple answer that but I'm overthinking, my bad!

 

Thanks guys

 

application delivery
LTM

1 Reply

Sort By
  • R_Marc's avatar
    R_Marc
    Icon for Nimbostratus rankNimbostratus
    Nov 08, 2014

    SNAT is just one for of NAT. Just like what would happen on most home WiFi setups, 'cept its going the other way.

     

    The F5 device in this case, keeps a table mapping the two sides of the connection together.

     

    client source:port -> destination:port then f5 source:port -> pool member:port

     

    This is a unique path, so established traffic can just follow that path back to the client.

     

    Automap just allows the F5 to pick an appropriate source IP to use based on the route it has to the pool member. It can choose from any available Self IP on that outbound VLAN. With a snat pool, you can restrict which particular IP the F5 can choose (it doesn't have to be a Self IP, but can be).

     

    Clear as mud?