Forum Discussion

roracz's avatar
roracz
Icon for Nimbostratus rankNimbostratus
Jun 01, 2018

SNAT Pool members from directly connected network

Hi,

In SNAT Pool creation manual we can read:

 4. For the Member List setting:
    a. In the IP Address field, type an IP address.
     The BIG-IP system uses this address as a SNAT translation address.
    Important: This address must NOT be on a directly-connected network.
    b. Click Add.
    c. Repeat these steps for each IP address that you want to include in the SNAT pool.

Could someone explain this "Important" note to me ? I almost always use addresses from directly connected egress vlans and it works fine. Now I've found this note and I'm confused. Is it because of my misunderstanding of "directly connected"?

application delivery
LTM

2 Replies

Sort By
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Jun 01, 2018

    Hi,

     

    As you told, you use addresses from directly connected egress vlans.

     

    • cluster you will use floating.
    • standalone you will use self directly connected egress vlans.

    When you create a snat pool you have to pay attention about following point:

     

    • even if you don't use your snat pool (attach snat to vs), F5 answers the ARP queries for that IP address. So don't use an IP that already use (This address must NOT be on a directly-connected network), you risk having an IP conflict...

       

    • snat pool is an failover object, if you have an cluster and it occur a failover, SNAT IP will failover to and new device active will send gratuitous arp including your IP snat pool.

       

    So overall (This address must NOT be on a directly-connected network) this sentense means that you have to be carefull to not Use an existing IP. under threat of having IP conflict problems...

     

    Hope it's clear.

     

    regards,

     

  • roracz's avatar
    roracz
    Icon for Nimbostratus rankNimbostratus
    Jun 01, 2018

    Ooook. Absolutely agree about ip conflict concern. I thought it's obvious - contrary to this a little bit confusing "Important" note...

     

    Thanx.