LTM | Preserve Client IP Address in L3 Mode

Question

TLDR; Is there any way to 'preserve original client source IP address' in the packets sent from LTM to the realserver?

I am currently using a non-F5 SLB solution, looking to migrate to F5 LTM. But even before we begin to evaluate F5, we would like to get some feedback on the technical viability of one of my requirements because this is make or break for our consideration.

We have a critical application load balanced in L2 bridge mode, because the application requires the original client IP in the packet. But I am tasked with getting rid of L2 mode and move the application to L3 load balanced mode.

I have looked at DSR and SNAT, but they're not feasible for our environment.

sebastiansierra · Answer

Hi sanzinc,
To keep the real server IP you have some methods:

Configure the default gateway in the application as the Self IP in the F5, and configure a couple of routing Virtual servers for UDP and TCP traffic, "this is probably the most fittable solution for you".
Configure a layer 7 virtual server with an HTTP profile and configure the X-Forwarded-For.
Use DSR o npath routing enabling asymetric traffic "not recommended".

Hope it works.

zamroni777 · Answer

what is the applicaton layer of the service?if it is http/s based, then with f5 snat enabled, f5 can put the client ip in XFF header and then webservers usually can read client ip address from that XFF header.if not http/s, then check whether if it's possible to add routing entries in webserver: f5 server side self ip as router for traffic to specific source subnets.if yes, then you can safely configure with f5 snat disabled.basically, f5 prefers client requests and server responses go through f5.

Forum Discussion

LTM | Preserve Client IP Address in L3 Mode

2 Replies

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

VIP control across data centers - how to ensure only 1 VIP is up at a time?

FQDN Node Configuration

Logical Disk Full to Migrate rSeries

Priority Group Activation is not working

Changes to DO and AS3 GitHub - no longer monitored

Related Content

F5 Distributed Cloud - Traffic Steering based on Client IP Address

HTTP POST redirect preserving POST data

F5 BIG-IP deployment with Red Hat OpenShift - keeping client IP addresses and egress flows

APM custom address space by client IP?

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS