Forum Discussion

csobi_361680's avatar
csobi_361680
Icon for Nimbostratus rankNimbostratus
May 17, 2018

Force one of the snat IPs to a pool member

Hi guys,

 

I am looking for a solution for this:

 

I have a SNAT pool with 2 IPs, and I have a POOL with two pool members. POOL is using this SNAT pool.

 

Is it possible ( with irule or without ) to force the first snat ip to the first pool member?

 

For example:

 

SNAT pool:

 

10.10.10.1

 

10.10.10.2

 

server POOL members:

 

10.10.10.10

 

10.10.10.11

 

When the load balancing method selects 10.10.10.10 as a destination server then use 10.10.10.1 as snat address.

 

When the load balancing method selects 10.10.10.11 as a destination server then use 10.10.10.2 as snat address.

 

Thank you in advance.

 

2 Replies

  • Hi,

    can you try this one:

    when LB_SELECTED { 
    log "lb selected [LB::server addr]" 
    if { [LB::server addr] eq "10.10.10.10" }{
        snat  10.10.10.1 
    } elseif { [LB::server addr] eq "10.10.10.11" }{
        snat  10.10.10.2
    } else { 
    
    }
    
    }
    

    I could not test it, I let you give me a feedback

  • Hi csobi,

    if I got your question right, you want to stick to a member of a snatpool based on the poolmember selected.

    Ideally this works dynamically without specifying the members of the snatpool and serverpool.

    You may want to use a concept as described below.

    (It´s a similar concept but makes sure a client gets always connected to a poolmember with the same SNAT address. And yes, it can be put down as an unreadable one-liner as well.)
    when HTTP_REQUEST {
         determine associated snatpool (assigned to virtual server)
        set snatpool_name [getfield [LB::snat] " " 2]
         log -noname local0. "snat-pool: ${snatpool_name}"
         retrieve list of current snatpoool members
        set snatpool_members [members -list [getfield [LB::snat] " " 2]]
         log -noname local0. "snat-members ${snatpool_members}"
         determine number of snat addresses in pool; can be retrieved via llength too
        set snatpool_count [members [getfield [LB::snat] " " 2]]
         calculate modulus for last digit of client IP address
        set snatpool_index [expr {[getfield [IP::remote_addr] "." 4]%${snatpool_count}}]
         log -noname local0. "snat-pool-index ${snatpool_index}"
         determine snat address from pool
        set snatpool_select [lindex [lindex ${snatpool_members} ${snatpool_index}] 0]
         log -noname local0. "snat-select ${snatpool_select}"
         specify the snatpool member
        snatpool ${snatpool_name} member ${snatpool_select}
    }
    when SERVER_CONNECTED {
        log -noname local0. "server-connect [IP::local_addr]:[TCP::local_port]=>[IP::remote_addr]:[TCP::remote_port]"
    }
    

    Instead you would use the event LB_SELECTED to determine the selected node and figure out its list index in the list of serverpool members. Now use the determined index as modulus for the list of snatpool members. (Fortunately the

    members
    functions work for snatpools as well.)

    Be aware, that under TMOS v12 it turned out, that variables iniated under CLIENT_ACCEPTED dont seem to be generally available in other contexts when using HTTP/2.

    That´s why my sample evaluates the SNAT IP in the context of the HTTP_REQUEST event.

    Cheers, Stephan

    PS: Please let me know, if you need further help with your specific use case.