nerdexam
Exams101Questions#94
F5

101 · Question #94

101 Question #94: Real Exam Question with Answer & Explanation

The correct answer is C: Destination IP: pool member in the 192.168/16 network. BIG-IP selects the most specific matching virtual server, so a connection to 10.10.2.102:80 matches VirtualServer2 (exact IP with wildcard port) over VirtualServer3 (network-range IP Forwarding), directing traffic to the 192.168/16 pool.

Question

An LTM has the 3 virtual servers, four self IP addresses defined and the networks shown in the exhibit. Selected options for each object are shown below. Settings not shown are at their defaults. VirtualServerl Destination: 10.10.2.102:443 netmask 255.255.255.255 Pool: Pool with 3 members in the 172.16/16 network VirtualServer2 Destination: 10.10.2.102:* netmask 255.255.255.255 Pool: Pool with 3 members in the 192.168/16 network VirtualServer3 Destination: 10.10.2.0:80 netmask 255.255.255.0 Type: IP Forwarding SNAT1 Source IP: All Addresses SNAT Address: SNAT Pool with 2 members 172.16.20.50 and 192.168.10.50 Self IPs 192.168.1.1; 172.16.1.1; 10.10.2.1; 10.10.1.1 A connection attempt is made with a source IP and port of 10.20.100.50:2222 and a destination IP and port of 10.10.2.102:80. When the request is processed, what will be the destination IP address?

Exhibit

101 question #94 exhibit

Options

  • ADestination IP: 10.10.2.102
  • BThe request will be dropped.
  • CDestination IP: pool member in the 192.168/16 network
  • DDestination IP: pool member in the 172.16/16 network

Explanation

BIG-IP selects the most specific matching virtual server, so a connection to 10.10.2.102:80 matches VirtualServer2 (exact IP with wildcard port) over VirtualServer3 (network-range IP Forwarding), directing traffic to the 192.168/16 pool.

Common mistakes.

  • A. The traffic matches VirtualServer2, which performs destination NAT to a pool member; the destination does not remain 10.10.2.102 as would happen only with an IP Forwarding type.
  • B. The request is not dropped because VirtualServer2 (10.10.2.102:*) matches both the exact destination IP and the wildcard port.
  • D. VirtualServer1 targets port 443 not port 80 and is excluded from matching, while VirtualServer2 - which wins the specificity match - uses the 192.168/16 pool, not the 172.16/16 pool.

Concept tested. BIG-IP LTM virtual server selection order and specificity

Reference. https://support.f5.com/csp/article/K14800

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 101 Practice