nerdexam
F5

101 · Question #79

An LTM has the 3 virtual servers, 2 SNATs, four self IP addresses defined, and the networks shown in the exhibit. Selected options for each object are shown below. Settings not shown are at their defa

The correct answer is D. Source IP: Either 172.16.20.50 or 192.168.10.50; Destination IP: 10.10.2.10. The connection source falls within SNAT1's 10.10.0.0/16 range, which is more specific than SNAT2's catch-all, so SNAT1's pool addresses (172.16.20.50 or 192.168.10.50) are used as the translated source.

Section 5: Application Delivery Basics

Question

An LTM has the 3 virtual servers, 2 SNATs, four self IP addresses defined, and the networks shown in the exhibit. Selected options for each object are shown below. Settings not shown are at their defaults. Assume port exhaustion has not been reached. VirtualServerl Destination: 10.10.2.102:80 netmask 255.255.255.255 Pool: Pool with 3 members in the 172.16/16 network SNAT Automap configured VirtualServer2 Destination: 10.10.2.102:* netmask 255.255.255.255 Pool: Pool with 3 members in the 192.168/16 network VirtualServer3 Destination: 10.10.2.0:80 netmask 255.255.255.0 Type: IP Forwarding SNAT1 Source IP: 10.10.0.0 netmask 255.255.0.0 SNAT Address: SNAT Pool with 2 members 172.16.20.50 and 192.168.10.50 SNAT2 Source IP: All Addresses SNATAddress: 10.10.2.102 Floating Self IPs 192.168.1.1; 172.16.1.1; 10.10.2.1; 10.10.1.1 A connection attempt is made with a source IP and port of 10.10.100.50:2222 and a destination IP and port of 10.10.2.10:80. When the request is processed, what will be the source and destination IP addresses?

Exhibit

101 question #79 exhibit

Options

  • AThe request will be droped.
  • BSource IP: 10.10.2.1; Destination IP: 10.10.2.10
  • CSource IP: 10.10.2.102; Destination IP 10.10.2.10
  • DSource IP: Either 172.16.20.50 or 192.168.10.50; Destination IP: 10.10.2.10
  • ESource IP: 10.10.2.1; Destination IP: pool in the 172.16/16 network C

How the community answered

(19 responses)
  • A
    32% (6)
  • B
    5% (1)
  • C
    5% (1)
  • D
    42% (8)
  • E
    16% (3)

Why each option

The connection source falls within SNAT1's 10.10.0.0/16 range, which is more specific than SNAT2's catch-all, so SNAT1's pool addresses (172.16.20.50 or 192.168.10.50) are used as the translated source.

AThe request will be droped.

The connection matches VirtualServer1's destination 10.10.2.102:80 and a valid SNAT and pool exist, so the BIG-IP does not drop the request.

BSource IP: 10.10.2.1; Destination IP: 10.10.2.10

10.10.2.1 is not a configured SNAT address in either SNAT1 or SNAT2 for this scenario; the applicable SNAT pool addresses are 172.16.20.50 and 192.168.10.50.

CSource IP: 10.10.2.102; Destination IP 10.10.2.10

10.10.2.102 is the SNAT2 translation address, but SNAT1 takes precedence because its source range 10.10.0.0/16 is more specific than SNAT2's catch-all 'All Addresses'.

DSource IP: Either 172.16.20.50 or 192.168.10.50; Destination IP: 10.10.2.10Correct

SNAT1 matches source addresses in 10.10.0.0/16 and is more specific than SNAT2 (All Addresses), so BIG-IP precedence rules apply SNAT1 first. SNAT1 uses a SNAT pool with members 172.16.20.50 and 192.168.10.50, so the translated source IP will be one of those two addresses. The destination IP becomes the selected pool member (10.10.2.10) in the VirtualServer's associated pool.

ESource IP: 10.10.2.1; Destination IP: pool in the 172.16/16 network C

VirtualServer1's pool contains members in the 172.16/16 network, not 10.10.x.x addresses, making a destination of 10.10.2.1 with that pool incorrect.

Concept tested: F5 BIG-IP SNAT object precedence with overlapping source ranges

Source: https://support.f5.com/csp/article/K7820

Topics

#virtual server#SNAT automap#IP forwarding#traffic processing

Community Discussion

No community discussion yet for this question.

Full 101 Practice