F5 automap feature

ArturoArturo Member
edited August 2023 in aFleX

Hi, I have one F5 with irule contain "automap snat", this functionality allows changing the IP when the destination is local to one of the F5 in order to prevent asymmetric routing. The automap options tells to BIG-IP to decide what source ip to use to reach the destination network.

I rule like this

when CLIENT_ACCEPTED {

 set clientIP [getfield [IP::client_addr] "%" 1]

if {([IP::addr $clientIP equals 192.168.1.0/24])}{

  snat automap

  return

 }

In aFlex i have operator "snat", i ´can do snat to IP Address to vrrp address configured o physical address in interface?


A10 has something similar to automap feature?

Thanks in advance

Tagged:

Comments

  • jparkjpark Member

    You can configure it like this as below.


    when CLIENT_ACCEPTED {

     set clientIP [getfield [IP::client_addr] "%" 1]

     if {([IP::addr $clientIP equals 192.168.1.0/24])} {

     snat 1.1.1.1

     return

     }

    }


    snat <addr>

     - Assigns the specified NAT address (<addr>) to the server-side connection.


    snatpool <snatpool_name>

     - Causes the pool of addresses identified by <snatpool_name> to be used as translation addresses to create a SNAT.

  • ArturoArturo Member

    Hi jpark, thanks for response

    But my question is "i can use the ip address that i have configure in vrrp floating address"?

    And, i can use any ip in operator "snat"

    For example,

    -----

    In global config

    vrrp-a vrid 1

    floating-ip 1.1.1.1

    -----

    And the aflex rule


    when CLIENT_ACCEPTED {

      if { [IP::addr [IP::client_addr] equals 192.168.10.0/24] } {

        snat 1.1.1.1

      }  

    }  


    I need configure nat pool for 1.1.1.1?

    vrrp floating ip can be used for snat in aflex script?

    This config would be similar to f5 automap snat, and solve existing asymetric routing problems.

    Thanks in advance

  • dquinndquinn Member, A10ers

    Hi Arturo,

    you can use vrrp floating ip for snat.


    here are a couple of options to do the same using cli instead of aflex


    ConfigurationConfiguration: Test 1. [Access-list 100 source-nat-pool NAT-P1 on VIP]

    access-list 100 permit ip any any                                                  

    interface ethernet 5

     ip address 5.5.5.1 255.255.255.0

     interface ethernet 6

     ip address 3.3.3.1 255.255.255.0

    ip nat pool NAT-P1 3.3.3.9 3.3.3.9 netmask /32

    slb server S1 3.3.3.11

     Port 80 tcp

    slb server S2 3.3.3.12

     port 80 tcp

    slb service-group SG1 tcp

     member S1 80

     member S2 80

    slb virtual-server VS3 5.5.5.100

     port 80 tcp

       name _5.5.5.100_tcp_80

       access-list 100 source-nat-pool NAT-P1

       service-group SG1


    Configuration: Test 2 [snat-on-vip on VIP]

    access-list 100 permit ip any any

    interface ethernet 5

     ip address 5.5.5.1 255.255.255.0

     ip nat inside

    interface ethernet 6

     ip address 3.3.3.1 255.255.255.0

     ip nat outside

    ip nat pool NAT-P1 3.3.3.9 3.3.3.9 netmask /32

    ip nat inside source list 100 pool NAT-P1

    slb common

     snat-on-vip

    slb server S1 3.3.3.11

     port 80 tcp

    slb server S2 3.3.3.12

     port 80 tcp

    slb service-group SG1 tcp

     member S1 80

     member S2 80

    slb virtual-server VS3 5.5.5.100

     port 80 tcp

       name _5.5.5.100_tcp_80

       service-group SG1

  • ArturoArturo Member

    Thanks dquin

    Work fine with snat to vrrp-ip in aflex script


    Kind regards!

Sign In or Register to comment.

© Copyright 2024 - A10 Networks Community - All Rights Reserved. | Legal