Use of "egress" terminology in K7820

Question

Seeking input regarding what is to me a confusing use of terminology.  I am compiling a study guide for F5 Exam 301a (v2).  
&nbsp;
Knowledge Article:  https://support.f5.com/csp/article/K7820&nbsp;
Under the section titled "SNAT pools," read the text under "Important."
"When using a SNAT pool with IP addresses from the egress VLAN and non-egress VLAN networks, the egress VLAN network address is given higher priority.  For example, egress VLAN external has a self-IP of 172.16.0.254/24, and SNAT pool member addresses of 172.16.0.1/24 and 10.1.1.1/24.  The BIG-IP system prefers the egress VLAN SNAT pool member address 172.16.0.1, and will continue to use the same address until it becomes unavailable."&nbsp;
I find this use of the term "egress" to be confusing.  In my opinion, any VLAN through which the packet leaves the system becomes the egress VLAN – this is technically accurate.  What I presume the author is attempting to say is this: If a Client Request comes in on VLAN-A for a virtual server IP address on VLAN-B, and SNAT Automap is enabled and the BIG-IP has chosen to send the packet to a back-end node IP on VLAN-C, BIG-IP would prefer to use a Floating Self-IP that is in VLAN-C rather than use a floating self-IP from any other VLAN.&nbsp;
Would a few of you please share your thoughts on this?  I want this to be clear for any readers of the guide.  Thank you!  John Weaver&nbsp;

surgeon · Answer

When you use snat, big-ip chose IP from the snat list, not self-ip.
The thing is if you have 2 IPs in the snat list then the priority will have the IP which belongs to the same subnet as self-ip where traffic leaves the big-ip&nbsp;

surgeon · Answer

In case is you are using Automap then floating IP is prefered over non-floating.
However you may get confused some time. Let say you have egress vlan toward pool members and you do not have any floating self-ip, only non-floating on that vlan. You have another vlan with floating self-ip configured. So, when packet leaves the 1st vlan towards pool members, the source IP will be floating IP address of the 2d vlan.&nbsp;
Because of that we recommend to configure  floating IPs for all vlans or do not configure floating IPs at all (depend on your needs) if the box is not part of HA. In this case you will get rid of that confusion.&nbsp;

Forum Discussion

Use of "egress" terminology in K7820

2 Replies

Recent Discussions

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

What is HTTP Part III - Terminology

Taking Comfort In Understanding File Virtualization Terminology

Re: How to get a F5 BIG-IP VE Developer Lab License

Re: Simple balancing doesn't work

Re: How does F5 select the IP from SNAT pool to communicate with backend server