Manual Chapter : BIG-IP Administrator guide v3.3: SNAT and virtual servers combined

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 3.3.1 PTF-06, 3.3.1 PTF-05, 3.3.1 PTF-04, 3.3.1 PTF-03, 3.3.1 PTF-02, 3.3.1 PTF-01, 3.3.1, 3.3.0
Manual Chapter


SNAT and Virtual Servers Combined

SNAT and virtual servers combined

In some cases you may want to configure outbound transparent device load balancing and SNAT source translations. In this configuration, the BIG-IP Controller changes the source address of the clients to the external SNAT address. In this way, the actual IP addresses are not exposed to the Internet. At the same time the BIG-IP Controller can load balance the same connection across multiple nodes. Therefore, both SNAT translation and virtual server load balancing can operate on the same connection in this configuration.

Figure 16.1 An example of a virtual server/SNAT combination

Configuring interfaces for the SNAT and virtual server combination

The SNAT and virtual server combination does not require additional interface configuration. However, in this configuration, the destination processing interface must be on the internal network and the source processing interface must be on the external network.

Defining a pool for the HTTP cache servers

Finally, define the pool cache_pool for the nodes that handle the requests to virtual server

bigpipe pool cache_pool { lb_mode rr member <HTTPcache1>:80 member
<HTTPcache2>:80 }

Replace <HTTPcache1> and <HTTPcache2> with IP address of the respective HTTP cache server. Also note that this example uses the global round robin load balancing method.

Outbound configuration

Next, configure controllers 1a and 1b to handle outbound traffic. Create a virtual server that sends traffic to the pool you created for the internal interfaces of the HTTP cache servers (cache_pool). Use the following commands to create a virtual server for connecting to cache servers:

bipipe vip exp1 use pool cache_pool

bipipe vip translate port disable

Note that port translation has been turned off because the members in the vpn_insides pool were defined with port 80 for service checking. If port translation is not disabled, then all outbound connections would be translated to port 80.

After you create the virtual server, type the following SNAT command:

bipipe snat map client1 client2 client3 to

Replace client1, client2, and client3 with the actual names of the clients in your configuration.