SNAT behavior with a disabled Real Server
When using Server NAT (SNAT) on a Virtual Service (VS), where one of the real servers (RS) is disabled, outbound connections from that server will use the LoadMaster interface IP address instead of the Virtual Service IP address (VIP).
When an RS is disabled on the VS, where SNAT has been enabled, the interface IP address is used instead for outbound connections.
|Steps to Reproduce:|
|Cause:||When enabling SNAT on a VS, only the activated servers will be added to the SNAT table for mapping outbound connections to the VIP. All others will use the interface IP address instead for outbound connections.|
|Workaround:||One potential workaround for this is to ensure that all relevant real servers are enabled when enabling SNAT on the VS for the first time. Then the respective real servers can be disabled afterwards. If SNAT has already been enabled, disable it and then enable all the real servers in question. Proceed to re-enable SNAT and finally disable the real server(s) as needed. With this, outbound connections from the real server(s) that have been disabled will still use the VIP and not the interface IP address of the LoadMaster.|
Useful SNAT resources: