Collection from :http://support.f5.com/kb/en-us/solutions/public/7000/800/sol7820.html
Overview
A SNAT is an object that maps the source client IP address in a request to a translation address defined on the BIG-IP device. When the BIG-IP system receives a request from a client, and if the client IP address in the request is defined in the origin address list for the SNAT, the BIG-IP system translates the source IP address of the incoming packet to the SNAT address.
A SNAT can be used by itself to pass traffic that is not destined for a virtual server. For example, you can use a SNAT object to pass certain traffic (such as DNS requests) from an internal network to an external network where your DNS server resides. A SNAT can also be used in conjunction with a virtual server to translate the source IP address of an incoming packet (with no SNAT configured, no source address translation takes place, and destination address translation takes place as separately configured in the Virtual Server properties). You can also use a SNAT to ensure that response traffic is returned through the BIG-IP system without requiring other outbound non-load balanced traffic to also route through the BIG-IP system, and without requiring any changes in the router or server's configuration. SNAT is also a critical component in one-armed configurations, preventing the server from responding directly to the client.
A SNAT works in the following manner:
The BIG-IP system receives a request from a client and verifies whether that source IP address is defined in the origin address list for the SNAT.
If the client's IP address is defined in the origin address list for the SNAT, the BIG-IP system translates the source IP address to the translation address defined in the SNAT.
The BIG-IP system then sends the client request to the pool member or other destination.
Types of SNATs
Standard SNATs and intelligent SNATs are illustrated in the following section:
Standard SNATs
The following three examples illustrate three types of standard SNATs:
A SNAT in which you specify a specific translation address
One way to create a SNAT is to directly map one or more original IP address to a specific translation address that you choose. For example, the following SNAT configuration translates the address of connections that originate from the address 10.10.10.1 to the translation address 172.16.0.1:
snat test_snat {
translation 172.16.0.1
origins 10.10.10.1
}
Automap SNAT
Of the available SNAT options, SNAT automap is often preferred since it is simple to configure and maintain, and helps conserve IP addresses by using the BIG-IP system's existing self IP addresses.
When the BIG-IP system processes connections from the origin IP addresses matching a SNAT automap definition, it chooses a translation address from the available self IP addresses. Floating self IP addresses on the egress VLAN are preferred to support seamless failover. If multiple floating self IP addresses are configured on the VLAN, the BIG-IP system translates the address of client connections by alternating through a pool of all floating self IPs on the VLAN.
Note: The SNAT automap feature may not use the intended translation address if a floating self IP is not available on the egress VLAN, or the floating self IP address was originally a static self IP address. For more information, refer toSOL7336: The SNAT automap feature may use an unintended self IP address.
For example, the following SNAT configuration translates the address of connections that originate from the address 10.10.10.1 to one of the system's self IP addresses:
snat test_snat {
automap
origins 10.10.10.1
}
SNAT pools
A SNAT pool represents a pool of translation addresses that you configure on the BIG-IP system. The original IP address is then mapped to the entire translation pool, called a SNAT pool. For example, the following SNAT pool configuration contains the translation addresses 172.16.0.1 and 172.16.0.2:
snatpool my_snatpool {
members {
172.16.0.1
172.16.0.2
}
}
After you create the SNAT pool you must associate it with a SNAT object. For example, the following SNAT configuration translates the address of connections that originate from the address 10.10.10.1 to one of the IP addresses in the SNAT pool:
snat test_snatpool {
snatpool my_snatpool
origins 10.10.10.1
}
Note: The BIG-IP system load balances SNAT pool connections between members using the least connections algorithm.
====================================================================
****************************************************************************
http://support.f5.com/kb/en-us/solutions/public/7000/300/sol7336.html
The SNAT Automap feature selects a translation address from the available self IP address in the following order of preference:
Floating self IP addresses on the egress VLAN
Floating self IP addresses on different VLANs
Non-floating self IP addresses on the egress VLAN
Non-floating self IP addresses on different VLANs
The selection of a floating self IP as translation address on a VLAN other than the egress VLAN is intended to avoid disruption in an HA failover scenario. However, depending on the network routing configuration, selection of a self IP other than the egress VLAN may cause traffic disruption. F5 recommends that you ensure that you have configured floating self IP addresses on all VLANs from which you expect SNAT traffic to egress. Alternatively, you can mitigate the issue by using a SNAT pool with an IP address on the egress subnet VLAN as a member for the SNAT pool.
Important: SNAT Automap does not use non-floating self IP addresses that have been re-configured as floating self IP addresses. To convert a non-floating self IP address to become a floating self IP address for use with SNAT Automap, delete the non-floating self IP address first and then re-add the same self IP address as a floating self IP address. To delete the non-floating address from that VLAN, you must configure at least one other non-floating IP address on the associated VLAN.
Overview
A SNAT is an object that maps the source client IP address in a request to a translation address defined on the BIG-IP device. When the BIG-IP system receives a request from a client, and if the client IP address in the request is defined in the origin address list for the SNAT, the BIG-IP system translates the source IP address of the incoming packet to the SNAT address.
A SNAT can be used by itself to pass traffic that is not destined for a virtual server. For example, you can use a SNAT object to pass certain traffic (such as DNS requests) from an internal network to an external network where your DNS server resides. A SNAT can also be used in conjunction with a virtual server to translate the source IP address of an incoming packet (with no SNAT configured, no source address translation takes place, and destination address translation takes place as separately configured in the Virtual Server properties). You can also use a SNAT to ensure that response traffic is returned through the BIG-IP system without requiring other outbound non-load balanced traffic to also route through the BIG-IP system, and without requiring any changes in the router or server's configuration. SNAT is also a critical component in one-armed configurations, preventing the server from responding directly to the client.
A SNAT works in the following manner:
The BIG-IP system receives a request from a client and verifies whether that source IP address is defined in the origin address list for the SNAT.
If the client's IP address is defined in the origin address list for the SNAT, the BIG-IP system translates the source IP address to the translation address defined in the SNAT.
The BIG-IP system then sends the client request to the pool member or other destination.
Types of SNATs
Standard SNATs and intelligent SNATs are illustrated in the following section:
Standard SNATs
The following three examples illustrate three types of standard SNATs:
A SNAT in which you specify a specific translation address
One way to create a SNAT is to directly map one or more original IP address to a specific translation address that you choose. For example, the following SNAT configuration translates the address of connections that originate from the address 10.10.10.1 to the translation address 172.16.0.1:
snat test_snat {
translation 172.16.0.1
origins 10.10.10.1
}
Automap SNAT
Of the available SNAT options, SNAT automap is often preferred since it is simple to configure and maintain, and helps conserve IP addresses by using the BIG-IP system's existing self IP addresses.
When the BIG-IP system processes connections from the origin IP addresses matching a SNAT automap definition, it chooses a translation address from the available self IP addresses. Floating self IP addresses on the egress VLAN are preferred to support seamless failover. If multiple floating self IP addresses are configured on the VLAN, the BIG-IP system translates the address of client connections by alternating through a pool of all floating self IPs on the VLAN.
Note: The SNAT automap feature may not use the intended translation address if a floating self IP is not available on the egress VLAN, or the floating self IP address was originally a static self IP address. For more information, refer toSOL7336: The SNAT automap feature may use an unintended self IP address.
For example, the following SNAT configuration translates the address of connections that originate from the address 10.10.10.1 to one of the system's self IP addresses:
snat test_snat {
automap
origins 10.10.10.1
}
SNAT pools
A SNAT pool represents a pool of translation addresses that you configure on the BIG-IP system. The original IP address is then mapped to the entire translation pool, called a SNAT pool. For example, the following SNAT pool configuration contains the translation addresses 172.16.0.1 and 172.16.0.2:
snatpool my_snatpool {
members {
172.16.0.1
172.16.0.2
}
}
After you create the SNAT pool you must associate it with a SNAT object. For example, the following SNAT configuration translates the address of connections that originate from the address 10.10.10.1 to one of the IP addresses in the SNAT pool:
snat test_snatpool {
snatpool my_snatpool
origins 10.10.10.1
}
Note: The BIG-IP system load balances SNAT pool connections between members using the least connections algorithm.
====================================================================
****************************************************************************
http://support.f5.com/kb/en-us/solutions/public/7000/300/sol7336.html
The SNAT Automap feature selects a translation address from the available self IP address in the following order of preference:
Floating self IP addresses on the egress VLAN
Floating self IP addresses on different VLANs
Non-floating self IP addresses on the egress VLAN
Non-floating self IP addresses on different VLANs
The selection of a floating self IP as translation address on a VLAN other than the egress VLAN is intended to avoid disruption in an HA failover scenario. However, depending on the network routing configuration, selection of a self IP other than the egress VLAN may cause traffic disruption. F5 recommends that you ensure that you have configured floating self IP addresses on all VLANs from which you expect SNAT traffic to egress. Alternatively, you can mitigate the issue by using a SNAT pool with an IP address on the egress subnet VLAN as a member for the SNAT pool.
Important: SNAT Automap does not use non-floating self IP addresses that have been re-configured as floating self IP addresses. To convert a non-floating self IP address to become a floating self IP address for use with SNAT Automap, delete the non-floating self IP address first and then re-add the same self IP address as a floating self IP address. To delete the non-floating address from that VLAN, you must configure at least one other non-floating IP address on the associated VLAN.
