F5
101 · Question #102
101 Question #102: Real Exam Question with Answer & Explanation
The correct answer is C: 64.100.130.20. On BIG-IP, when multiple SNATs overlap for a client IP, the more specific SNAT definition takes precedence over the catch-all SNAT. Traffic from 172.16.3.55 hits the explicit three-address SNAT first.
Section 2: F5 Solutions and Technology
Question
A BIG-IP has two SNATs, a pool of DNS servers and a virtual server configured to loadbalance UDP traffic to the DNS servers. One SNAT's address is 64.100.130.10; this SNAT is defined for all addresses. The second SNAT's address is 64.100.130.20; this SNAT is defined for three specific addresses, 172.16.3.54, 172.16.3.55, and 172.16.3.56. The virtual server's destination is 64.100.130.30:53. The SNATs and virtual server have default VLAN associations. If a client with IP address 172.16.3.55 initiates a request to the virtual server, what is the source IP address of the packet as it reaches the chosen DNS server?
Options
- A64.100.130.30
- B172.16.3.55
- C64.100.130.20
- D64.100.130.10
Explanation
On BIG-IP, when multiple SNATs overlap for a client IP, the more specific SNAT definition takes precedence over the catch-all SNAT. Traffic from 172.16.3.55 hits the explicit three-address SNAT first.
Common mistakes.
- A. 64.100.130.30 is the virtual server's destination IP, not a SNAT translation address, so it would never appear as the source on the server-side packet.
- B. 172.16.3.55 is the original client IP; leaving it untranslated would require no SNAT to match, but both SNATs cover this address, so translation does occur.
- D. 64.100.130.10 belongs to the catch-all SNAT defined for all addresses, which is overridden by the more specific SNAT that explicitly lists 172.16.3.55.
Concept tested. BIG-IP SNAT specificity and selection precedence
Topics
#SNAT#virtual server#source IP#traffic flow
Community Discussion
No community discussion yet for this question.