Forum Discussion

Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Dec 08, 2011

snatpool <poolname> using automap address

Has anyone else noticed in LTM 10.2.3 when using the snatpool command that the connection sometimes uses the floating selfip instead of one of the snatpool addresses?

My VS has no SNAT setup (But is allowed to SNAT as is the pool) and uses an iRule to set the SNAT for particular client IP addresses.

The snat actually happens and USUALLY uses the snatpool addresses... But every now & again it ises the floating selfip to do the SNAT with... There's no exhaustion of addresses. Usually there's about 200 SNAT's being performed on that poll (peak of 339) with 17 addresses in the pool.

The (very simple) iRule is


when CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr] equals 172.28.0.0/16] } {
    log local0. "SNAT automap [IP::client_addr]"
    snatpool isa-selective-snat-eu-pool
  }
}

Anybody seen this before?

H

5 Replies

  • Hi Hamish,

     

     

    I haven't heard about any intermittent issues. The only one I know of is for snat automap using a non-related floating IP before using a related static IP. I'd open a case on this.

     

     

    Aaron
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Yeah. I'm in the process of that already (But a higher priority problem is in the way at the moment :)

     

     

    Will post an update when I find out more.

     

     

    H

     

  • Hi Hamish,

     

     

    This might be BZ973178. PD hasn't finished diagnosing or fixing it though. You could try a suggested workaround of moving the snat pool command to HTTP_REQUEST assuming this is HTTP.

     

     

    Regardless, I'd try opening a case referencing BZ973178

     

     

    Aaron
  • Sorry, it's BZ374067 that I meant to post. Also, if you're not using HTTP, you should be able to remove the OneConnect profile to avoid the issue. Or you could set the SNAT pool in HTTP_REQUEST if it is HTTP and you want OneConnect.

     

     

    Aaron
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Hey. Cheers Aaron. I missed your update till I was on the phone with support and they old me you'd updated the topic :)

     

     

    They've confirmed that they think it's the same bug. So I may have to raise a CRQ and remove the oneconnect... I think that's the easiest way. Just need to confirm a few things with the ISA guys. But I guess it'll be the new year before i can doit (Xmas Freeze :)

     

     

    H