nerdexam
F5

101 · Question #102

A BIG-IP has two SNATs, a pool of DNS servers and a virtual server configured to loadbalance UDP traffic to the DNS servers. One SNAT's address is 64.100.130.10; this SNAT is defined for all addresses

The correct answer is C. 64.100.130.20. On BIG-IP, when multiple SNATs overlap for a client IP, the more specific SNAT definition takes precedence over the catch-all SNAT. Traffic from 172.16.3.55 hits the explicit three-address SNAT first.

Section 2: F5 Solutions and Technology

Question

A BIG-IP has two SNATs, a pool of DNS servers and a virtual server configured to loadbalance UDP traffic to the DNS servers. One SNAT's address is 64.100.130.10; this SNAT is defined for all addresses. The second SNAT's address is 64.100.130.20; this SNAT is defined for three specific addresses, 172.16.3.54, 172.16.3.55, and 172.16.3.56. The virtual server's destination is 64.100.130.30:53. The SNATs and virtual server have default VLAN associations. If a client with IP address 172.16.3.55 initiates a request to the virtual server, what is the source IP address of the packet as it reaches the chosen DNS server?

Options

  • A64.100.130.30
  • B172.16.3.55
  • C64.100.130.20
  • D64.100.130.10

How the community answered

(38 responses)
  • A
    32% (12)
  • B
    8% (3)
  • C
    45% (17)
  • D
    16% (6)

Why each option

On BIG-IP, when multiple SNATs overlap for a client IP, the more specific SNAT definition takes precedence over the catch-all SNAT. Traffic from 172.16.3.55 hits the explicit three-address SNAT first.

A64.100.130.30

64.100.130.30 is the virtual server's destination IP, not a SNAT translation address, so it would never appear as the source on the server-side packet.

B172.16.3.55

172.16.3.55 is the original client IP; leaving it untranslated would require no SNAT to match, but both SNATs cover this address, so translation does occur.

C64.100.130.20Correct

BIG-IP resolves SNAT selection using specificity: a SNAT defined for explicit source addresses takes priority over a SNAT defined for all addresses. Because 172.16.3.55 is listed in the specific SNAT (64.100.130.20), that SNAT is selected and translates the source IP to 64.100.130.20 before the packet reaches the DNS server. The catch-all SNAT (64.100.130.10) is only used when no more specific SNAT matches.

D64.100.130.10

64.100.130.10 belongs to the catch-all SNAT defined for all addresses, which is overridden by the more specific SNAT that explicitly lists 172.16.3.55.

Concept tested: BIG-IP SNAT specificity and selection precedence

Source: https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-local-traffic-management-profiles-reference/using-snat-with-a-server-load-balancing-configuration.html

Topics

#SNAT#virtual server#source IP#traffic flow

Community Discussion

No community discussion yet for this question.

Full 101 Practice