nerdexam
F5

101 · Question #609

10:20:37.00749: IP 199.16.255.254.36664>10.0.1.10 http : flags (s) seq 700424862, Win 29200 A website is fronted by a toad balancer that implements a full proxy architecture with SNAT enabled Behind t

The correct answer is C. load balancer. With SNAT enabled on a full-proxy BIG-IP, backend nodes see the load balancer's SNAT address as the source IP, not the original client IP.

Section 3: Load Balancing and High Availability Basics

Question

10:20:37.00749: IP 199.16.255.254.36664>10.0.1.10 http : flags (s) seq 700424862, Win 29200 A website is fronted by a toad balancer that implements a full proxy architecture with SNAT enabled Behind the load balancer there are bro nodes. Node1 and Node2 She administrator is debugging an issue on node1 using icpdump and records the above out about a received packet of watch device does the IP address 192.168.265.254 belong?

Options

  • Anode2
  • Bnode1
  • Cload balancer
  • Dweb Client

How the community answered

(37 responses)
  • A
    24% (9)
  • B
    5% (2)
  • C
    59% (22)
  • D
    11% (4)

Why each option

With SNAT enabled on a full-proxy BIG-IP, backend nodes see the load balancer's SNAT address as the source IP, not the original client IP.

Anode2

Node2 is a sibling backend pool member and would not be the source of a new inbound HTTP SYN packet arriving at Node1 under normal load balancing operation.

Bnode1

Node1 is the device where tcpdump is running - it cannot be the source of a packet it is receiving from the network.

Cload balancerCorrect

When SNAT is enabled on a BIG-IP full proxy, the device replaces the original client's source IP address with its own SNAT IP before forwarding the connection to the selected backend node. This means that the source IP observed in the tcpdump on Node1 (199.16.255.254 in the capture) belongs to the load balancer, not the web client. This is a defining behavior of SNAT - backend servers never see the real client IP unless an X-Forwarded-For header or iRule is used to preserve it.

Dweb Client

The web client's original source IP is hidden from Node1 because SNAT replaces it with the load balancer's address before the packet is forwarded to the backend.

Concept tested: BIG-IP SNAT source IP substitution in full proxy mode

Source: https://support.f5.com/csp/article/K7336

Topics

#SNAT#full proxy#tcpdump#packet analysis

Community Discussion

No community discussion yet for this question.

Full 101 Practice