uni
Apr 11, 2012Altostratus
Persistent SNAT address based on session cookie
I have a client whose application is sensitive to the client IP address
changing within a session. In their environment, there is some selective
SNATting (internal clients are SNATted, public IPs are not).
Because the snatpool allows the client IP to change unpredictably, I have come up with the following rule. It tracks the value of a server-set session cookie, and saves the SNAT address used. When a client connects with the same cookie value, the SNAT address is retrieved and used.
Can someone give me some feedback about whether this is a feasible approach?
rule stg-test-rule {
when RULE_INIT {
set static::stgcookie "stgCOOKIE"
set static::stgtimeout 3600
}
when HTTP_RESPONSE {
if { [HTTP::cookie exists $static::stgcookie] } {
if { not ([serverside {IP::local_addr}] equals [clientside {IP::remote_addr}]) } {
table add [HTTP::cookie value $static::stgcookie] [serverside {IP::local_addr}] $static::stgtimeout
}
}
}
when HTTP_REQUEST {
if { [HTTP::cookie exists $static::stgcookie] } {
set snatip [table lookup [HTTP::cookie value $static::stgcookie]]
if { not ( $snatip equals "" ) } {
snat $snatip
}
}
}
}