F5 BIGIP :: Creating a Network Range SNAT Pool

The other day I needed to create a SNAT pool which includes a full network range, rather than just loose IP addresses. To do that, all I needed is to create a SNAT pool, right? Erm … nope!

For some strange reason, F5 decided that, when creating a SNAT pool, a network range cannot be specified!!

In this blog I will share with you a fairly simple solution using Python scripting.


SCENARIO

I need to create a SNAT pool to include an entire network range of 172.16.1.0/24. I could then assign the SNAT pool object to a virtual server or to a SNAT object. Since we are not allowed to define a SNAT pool to include a network range, I’d have to add, all valid host IPs to the SNAT pool.

Obviously, I didn’t want to add a /24 network range manually … that’s 254 host IPs! So I needed to find an easier way.


SOLUTION

Initially, I looked into REST API and f5-sdk for Python. I must say … what initially looked straight forward, quickly turned out into a time wasting process. To be honest, for what I was trying to achieve, I didn’t actually need an API.

What I did instead, is generate the actual list of TMOS commands needed; I then simply copied & pasted the commands at the TMOS Shell CLI.

Here is the process:

  1. Using the GUI, created a test SNAT pool with two members
  2. Connected to the TMOS CLI and got the one-line command for creating the SNAT pool: list /ltm snatpool
  3. Using Python, I created a script which runs a loop through all the host IPs and gradually creates the one-line command needed to include all host IPs

The script is listed below click here to download:

… and an example of the generated output for network range 172.16.1.0/30:

Lastly, I’ve copied & pasted the generated command at the TMOS shell to create the actual SNAT Pool object:


 

Thank you,

Rafael A. Couto Cabral • LinkedIn Profile
Cisco​ | F5 | VMware Certified • PRINCE2 Practitioner

Originally posted 2017-12-04 04:24:34.

Related Post

Comments are closed.