Forum Discussion
I have the same scenario and I like the simplicity in the suggested solution. I on the other hand have netflow that I want to duplicate to two different flow collectors.
I tested it and packets are duplicated towards the two destinations but the source address is set to the self IP of the F5.
I tried adding snat under the CLIENT_ACCEPTED section and setting it to the client source address but it did not make any difference.
Is there a way to preserve the source IP address when using HSL::open/HSL::send?
You can't do that with HSL, but you can do it with a sideband connection. What follows is an example iRule:
when CLIENT_ACCEPTED {
# The client source address
set clientIP [IP::client_addr]
# The client source port
set clientPort UDP::client_port
if {[catch {connect -myaddr $clientIP -myport $clientPort -timeout 1000 -idle 30 -protocol UDP -status conn_status 10.1.20.200:9995} conn_id] == 0 && $conn_id ne ""}{
log local0. "Connect returns: $conn_id and conn status: $conn_status"
} else {
log local0. "Connection could not be established to sideband_virtual_server"
}
}
when CLIENT_DATA {
if {$conn_id ne ""} {
# grab UDP payload
set data [UDP::payload]
# Send the data out to the netflow collector using the source IP and port from the client
send -timeout 1000 $conn_id $data
#close $conn_id
}
}
A version of this was used to send Netflow data to another harvester / collector (in addition to the pool on the virtual server)