nerdexam
F5

101 · Question #77

Given the configuration shown below, if a connection request arrived on the BIG-IP with a source address of 200.10.10.10:1050 and a destination of 150.10.10.75:80, what would the source IP address of

The correct answer is C. 10.10.1.I00B.10.10.1.100. The incoming connection to 150.10.10.75:80 matches VS_network (not VS_web), which applies snatpool client_pool; the BIG-IP selects 10.10.1.100 as the SNAT source because it is on the same subnet as the pool members.

Section 5: Application Delivery Basics

Question

Given the configuration shown below, if a connection request arrived on the BIG-IP with a source address of 200.10.10.10:1050 and a destination of 150.10.10.75:80, what would the source IP address of the associated packet be when it arrived on the choosen member of the web_pool self 150.10.10.1 { netmask 255.255.255.0 unit I floating enable vlan external allow tcp https } self 10.10.1.1 { netmask 255.255.255.0 unit I floating enable vlan internal allow default } pool web_pool { member 10.10.1.11:80 member 10.10.1.12:80 member 10.10.1.13:80 }snatpool client_pool { member 10.10.1.100 member 150.10.10.15 }virtual VS_web { destination 150.10.10.10:80 ip protocol tcp snat automap pool web_pool }virtual VS_network{ destination 150.10.1 0.0:any mask 255.255.255.0 snatpool client_pool ip protocol tcp pool web_pool } virtual VS_network { destination 150.10.1 0.0:any mask 255.255.255.0 snatpool client_pool ip protocol tcp pool web_pool } virtual VS_network { destination 150.10.10.0:any mask 255.255.255.0 snatpool client_pool ip protocol tcp pool web_pool }

Options

  • A10.10.1.IA.10.10.1.1
  • B200.10.10.I0D.200.10.10.10
  • C10.10.1.I00B.10.10.1.100
  • D150.10.10.15C.150.10.10.15

How the community answered

(19 responses)
  • A
    11% (2)
  • B
    5% (1)
  • C
    63% (12)
  • D
    21% (4)

Why each option

The incoming connection to 150.10.10.75:80 matches VS_network (not VS_web), which applies snatpool client_pool; the BIG-IP selects 10.10.1.100 as the SNAT source because it is on the same subnet as the pool members.

A10.10.1.IA.10.10.1.1

10.10.1.1 is a floating self IP on the internal VLAN, not a member of snatpool client_pool, so it is never used as a SNAT source address.

B200.10.10.I0D.200.10.10.10

200.10.10.10 is the original client source IP; SNAT replaces this address - the client IP is never forwarded to pool members when SNAT is active.

C10.10.1.I00B.10.10.1.100Correct

The destination 150.10.10.75:80 does not match VS_web (which requires exactly 150.10.10.10:80) but does match VS_network's wildcard destination 150.10.10.0/24:any. VS_network references snatpool client_pool containing 10.10.1.100 and 150.10.10.15. Because the web_pool members (10.10.1.11-13) reside on the 10.10.1.0/24 internal subnet, the BIG-IP selects 10.10.1.100 from client_pool as the translated source address since it is routable on that same internal VLAN.

D150.10.10.15C.150.10.10.15

150.10.10.15 is a member of client_pool but belongs to the external 150.10.10.0/24 subnet, making it an inappropriate source address for traffic destined to the internal 10.10.1.0/24 pool members.

Concept tested: F5 BIG-IP SNAT pool address selection with wildcard virtual server matching

Source: https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-local-traffic-management-getting-started-with-nat/big-ip-local-traffic-management-getting-started-with-nat.html

Topics

#SNAT pool#source address translation#self-IP#packet forwarding

Community Discussion

No community discussion yet for this question.

Full 101 Practice