Chris_Phillips
Mar 10, 2006Nimbostratus
applying snat based on route out of local network
Howdy,
Our LTM's sit between our client networks and our server networks, switching all data on a vlan group to gain full visibility of all traffic. this is not an exact split though, and obviusly we also require the big-ip to be involved in other server - server balancing not jsut client - server. As such some traffic needs to be snatted, but i would like to avoid it where ever possible for clarity. The simplest solution, if possible, is to have logic that states that if the next hop for the client and the server in each connection are the same then apply a snat, if not, do nothing. This logic appeals to me as it abstracts the actual subnets to the base routing on the box, and i wouldn't need to maintain arbitrary lists of different subnets, which i would expect to also be more computationally expensive.
I've seen the LINK::nexthop option in the wiki, but 1) there is no description of it and 2) i'm running 9.1.1 while it states it was added in 9.2.0. Can anyone say if this would do what i wanted, and if there is a suitable way to achieve what i want on a global level.
I would assume that this irule would need to be added on a per virtual server basis, but that's fair enough i guess. I know there are SNAT objects outside of iRules but these don't look like they would provide sufficent details for what i need to achieve.
Many thanks
Chris