Forum Discussion
Capturing Client IP at application Server
Hi Team,
I am using Performance(layer 4) type set up. I have two Application servers at backend which are running .net TCP listeners. My application requires Client IP to function properly but after configuring in F5, I have stopped getting actual Client IP and I get Virtual IP of F5, which is expected. If it would have been HTTP then I could have used X-Forwarded-for for getting actual client IP at application side. But since it is TCP, I can't find any alternative so far to capture Client IP. Could anyone suggest if this is possible and show some way to move forward.
Hi! I've seen this done before with TCP::options
https://clouddocs.f5.com/api/irules/TCP__option.html
Accessing TCP Options from iRules | DevCentral
Another solution could be modifying network design so that F5 is the default gateway for your servers, or modifying routing on your application servers so that client network is reached through F5, but I can understand this might be tricker if everyting's deployed already.
- Vivek100Nimbostratus
Thanks for response.
I tried below options in iRule.
Option 28
when CLIENT_ACCEPTED { set opt28 [TCP::option get 28] binary scan $opt28 c ver #log local0. "version: $ver" if { $ver == 34 } { set optaddr [IP::addr parse -ipv6 $opt28 1] log local0. "opt28 ipv6 address: $optaddr" } elseif { $ver == 1 || $ver == 2 } { set optaddr [IP::addr parse -ipv4 $opt28 1] log local0. "opt28 ipv4 address: $optaddr" } }
Option 253
when CLIENT_ACCEPTED { set opt253 [TCP::option get 253] binary scan $opt253 c ver #log local0. "version: $ver" if { $ver == 34 } { set optaddr [IP::addr parse -ipv6 $opt253 1] log local0. "opt253 ipv6 address: $optaddr" } elseif { $ver == 1 || $ver == 2 } { set optaddr [IP::addr parse -ipv4 $opt253 1] log local0. "opt253 ipv4 address: $optaddr" } }
iRule thew validation failure and request did not reach to application. Is there any working sample? or any logs to see what failed here.
Really appreciate your help on hit, thanks a lot.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com