Forum Discussion
NimbostratusIrule for inserting client Ip information
. I need a help for solving an issue I am facing here.
We have VIP configured with SNATAUTO map for the Service 7501 to load balance LDAP servers. But As per the project requirement Application team want to see the client IPS . Now the challenge is I cannot disable the SNAT because the servers under this VIP are routable and they can be reachable form network directly .Hence an asymmetric routing issues can cause if I disable SNAT and client can not add the static route as there are many number of clients will access this VIP.
Can you please let me know if we have any option with Irule to insert the IP information on the LADP VIP ?
2 Replies
StephanMantheyNacreous
If SNAT is an issue, you can modify the default route of your LDAP servers to point to the BIG-IPs floating self IP.
In this case an additional virtual server (Performance L4, Loose Init / Loose Close in fastL4 profile) needs to be created to handle outgoing traffic (initiated by your LDAP servers) to remote networks and direct requests from remote networks to your LDAP servers. This part of the traffic will go asymmetric.
As an alternative you may consider to log the SNAT operations on your BIG-IP. A while ago I wrote an iRule to lookup each particulare LDAP query inside an LDAP bind. It should be easy to fire a log message with each new query coming in. Please let me know, if you want to follow this approach.
jgranieriYou can add an irule to insert the client source IP either via a cookie insert or using a X-Forwarded-For header... some quick examples below
Code when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [IP::client_addr] log local0. "Client IP: [IP::client_addr]"}
or
Code when HTTP_REQUEST { Insert a cookie named CUSTOMER_IP with the client IP address as a value HTTP::cookie insert name CUSTOMER_IP value [IP::client_addr] }I tested both and they work fine with SNAT configured
