The other day I needed to create a SNAT pool which includes a full network range, rather than just loose IP addresses. To do that, all I needed is to create a SNAT pool, right? Erm … nope!
For some strange reason, F5 decided that, when creating a SNAT pool, a network range cannot be specified!!
In this blog I will share with you a fairly simple solution using Python scripting.
I need to create a SNAT pool to include an entire network range of 172.16.1.0/24. I could then assign the SNAT pool object to a virtual server or to a SNAT object. Since we are not allowed to define a SNAT pool to include a network range, I’d have to add, all valid host IPs to the SNAT pool.
Obviously, I didn’t want to add a /24 network range manually … that’s 254 host IPs! So I needed to find an easier way.
Initially, I looked into REST API and f5-sdk for Python. I must say … what initially looked straight forward, quickly turned out into a time wasting process. To be honest, for what I was trying to achieve, I didn’t actually need an API.
What I did instead, is generate the actual list of TMOS commands needed; I then simply copied & pasted the commands at the TMOS Shell CLI.
Here is the process:
- Using the GUI, created a test SNAT pool with two members
- Connected to the TMOS CLI and got the one-line command for creating the SNAT pool: list /ltm snatpool
- Using Python, I created a script which runs a loop through all the host IPs and gradually creates the one-line command needed to include all host IPs
The script is listed below click here to download:
… and an example of the generated output for network range 172.16.1.0/30:
Lastly, I’ve copied & pasted the generated command at the TMOS shell to create the actual SNAT Pool object:
Rafael A. Couto Cabral • LinkedIn Profile
Cisco | F5 | VMware Certified • PRINCE2 Practitioner
Originally posted 2017-12-04 04:24:34.