Forum Discussion

Vivek100's avatar
Vivek100
Icon for Nimbostratus rankNimbostratus
Jul 18, 2024

Capturing Client IP at application Server

Hi Team,

 

I am using Performance(layer 4) type set up. I have two Application servers at backend which are running .net TCP listeners. My application requires Client IP to function properly but after configuring in F5, I have stopped getting actual Client IP and I get Virtual IP of F5, which is expected. If it would have been HTTP then I could have used X-Forwarded-for for getting actual client IP at application side. But since it is TCP, I can't find any alternative so far to capture Client IP. Could anyone suggest if this is possible and show some way to move forward.

    • Vivek100's avatar
      Vivek100
      Icon for Nimbostratus rankNimbostratus

      Thanks for response.

       

      I tried below options in iRule. 

       

      Option 28

      when CLIENT_ACCEPTED { set opt28 [TCP::option get 28] binary scan $opt28 c ver #log local0. "version: $ver" if { $ver == 34 } { set optaddr [IP::addr parse -ipv6 $opt28 1] log local0. "opt28 ipv6 address: $optaddr" } elseif { $ver == 1 || $ver == 2 } { set optaddr [IP::addr parse -ipv4 $opt28 1] log local0. "opt28 ipv4 address: $optaddr" } }

      Option 253

      when CLIENT_ACCEPTED { set opt253 [TCP::option get 253] binary scan $opt253 c ver #log local0. "version: $ver" if { $ver == 34 } { set optaddr [IP::addr parse -ipv6 $opt253 1] log local0. "opt253 ipv6 address: $optaddr" } elseif { $ver == 1 || $ver == 2 } { set optaddr [IP::addr parse -ipv4 $opt253 1] log local0. "opt253 ipv4 address: $optaddr" } }

       

      iRule thew validation failure and request did not reach to application. Is there any working sample? or any logs to see what failed here.

      Really appreciate your help on hit, thanks a lot.