Forum Discussion

sanzinc's avatar
sanzinc
Icon for Nimbostratus rankNimbostratus
Feb 27, 2024

LTM | Preserve Client IP Address in L3 Mode

TLDR; Is there any way to 'preserve original client source IP address' in the packets sent from LTM to the realserver?


I am currently using a non-F5 SLB solution, looking to migrate to F5 LTM. But even before we begin to evaluate F5, we would like to get some feedback on the technical viability of one of my requirements because this is make or break for our consideration.

We have a critical application load balanced in L2 bridge mode, because the application requires the original client IP in the packet. But I am tasked with getting rid of L2 mode and move the application to L3 load balanced mode.

I have looked at DSR and SNAT, but they're not feasible for our environment.

 

 

 

  • Hi sanzinc,

    To keep the real server IP you have some methods:

    1. Configure the default gateway in the application as the Self IP in the F5, and configure a couple of routing Virtual servers for UDP and TCP traffic, "this is probably the most fittable solution for you".
    2. Configure a layer 7 virtual server with an HTTP profile and configure the X-Forwarded-For.
    3. Use DSR o npath routing enabling asymetric traffic "not recommended".

    Hope it works.

  • what is the applicaton layer of the service?
    if it is http/s based, then with f5 snat enabled, f5 can put the client ip in XFF header and then webservers usually can read client ip address from that XFF header.

    if not http/s, then check whether if it's possible to add routing entries in webserver: f5 server side self ip as router for traffic to specific source subnets.
    if yes, then you can safely configure with f5 snat disabled.

    basically, f5 prefers client requests and server responses go through f5.