Forum Discussion
Deb_Allen_18
May 07, 2008Historic F5 Account
OK, give this a shot. (code is untested, but I think the concept will work)
Apply this rule to your inbound virtual server -- inbound requests set & update the persistence entry with 24 hr timeout keyed on server IP:
when CLIENT_ACCEPTED {
set vip [IP::local_addr]
}
when SERVER_CONNECTED {
session add uie {[IP::server_addr] any virtual} $vip 86400
log local0. "Session table record added for [IP::server_addr] via VS $vip"
}
Apply this rule to your outbound virtual server -- outbound requests read & update an existing persistence entry, and apply the appropriate SNAT:when CLIENT_ACCEPTED {
set snat_ip "[session lookup uie {[IP::client_addr] any virtual}]"
if { $snat_ip != 0 }{
If session table entry exists, use it & refresh to update timeout
log local0. "Session table record found for server [IP::client_addr]. SNAT address will be $snat_ip"
snat $snat_ip
session add uie {[IP::client_addr] any virtual} $snat_ip 86400
} else {
log local0. "No session table record found for server [IP::client_addr]."
snat ...
}
}
You would need to take some default SNAT action if the lookup against the session table doesn't return anything. This code assumes you will define a "default" value for the SNAT address if there is no session table entry, and that you wouldn't want to create a long-lived persistence record reflecting that "decision". Using that logic, if the "default" SNAT value is chosen, it may later SNAT new connections (mid-session) to the "correct" address if the session table is updated by another connection.