Forum Discussion
AltocumulusForwarding Client-IP on TCP profile
Hi,
I currently have a setup where we are forwarding traffic to a pool with TCP profile and no HTTP profiles.
The pool members need to know the client IP however we have SNAT Automap enabled and as such each pool member sees the F5 Self-IPs obliviously.
Was having a read on many posts here, however, I'm not a 100% sure I'm following.
One of the discussions was about creating an SNAT pool with the members I need to pass traffic through and as such would not require to use Automap. Unfortunately all these nodes that we are forwarding traffic to are already in use within multiple pools as they are part of a containerized environment.
Any heads up please?
Best, Stefan
Hi All,
Many thanks for your support on this. Sending this as an update following your suggested solutions and information provided, so I'm updating this thread for any future reference and other members that would find this information useful.
We have had several tests and configurations done, and basically the approach was have to a fastL4 virtual server for HTTPS requests, forwarding IP virtual server for gateway and forwarding IP virtual servers for direct access to machines - refer to below.
This setup provided us with multiple issues due to network connections not being made available to the docker environment and as such due to time constraints and additional testing required, we have developers creating an HTTP profile on the services to read the x-forwarded-for header and in turn we will change the setup from forwarding to standard virtual servers.
I will post again in the future once we allocate time for testing and configs.
Many thanks for your assistance,
Stefan
2 Replies
amintejCirrus
You can avoid SNAT if F5 becomes the default gateway of the servers, in-line design. You have to create a forwarding virtual server.
vf-mt_243104Hi All,
Many thanks for your support on this. Sending this as an update following your suggested solutions and information provided, so I'm updating this thread for any future reference and other members that would find this information useful.
We have had several tests and configurations done, and basically the approach was have to a fastL4 virtual server for HTTPS requests, forwarding IP virtual server for gateway and forwarding IP virtual servers for direct access to machines - refer to below.
This setup provided us with multiple issues due to network connections not being made available to the docker environment and as such due to time constraints and additional testing required, we have developers creating an HTTP profile on the services to read the x-forwarded-for header and in turn we will change the setup from forwarding to standard virtual servers.
I will post again in the future once we allocate time for testing and configs.
Many thanks for your assistance,
Stefan
