Real Ip address for non http servers

Question

Hi Team &nbsp;
I have a situation which i am try to solve , basically i have non-http service hosted behind my load balancers here. currently the servers are not in a vlan attached to f5 , so using SNAT to make it work.
and currently the VIP is a Performace L4 VIP with SNAT enabled.&nbsp;
and now the application team needs the Real IP address of their clients and as its not http i am unable to change the VIP type to standard and apply a http profile with "x-forwarded for" enabled.&nbsp;
and the application team does not want to move their server vlan to vlan behind the load balancer.&nbsp;
any possibility with irules , if yes please help me .&nbsp;
many thanks in advance &nbsp;
S&nbsp;

mhite_60883 · Answer

Sounds like you'll have to look at DSR (direct server return) or VXLAN.&nbsp;
DSR over a routed network:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0/6.html&nbsp;
VXLAN:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-4-0/10.html&nbsp;
It's also possible to implement "proxy-protocol" using an iRule (I have done it in the past). Your application developers would need to accomodate this on the server side. See:&nbsp;
https://aws.amazon.com/blogs/aws/elastic-load-balancing-adds-support-for-proxy-protocol/&nbsp;
https://devcentral.f5.com/questions/proxy-protocol-irule-implementation&nbsp;

mike_rochford_1 · Answer

Could you provide more information around the irule creation?

what_lies_bene1 · Answer

You do also have these options;&nbsp;
1) Adjust your routing so that the return traffic passes through the F5s (possibly in combination with a VRF)&nbsp;
2) Use Policy Based Routing (PBR)&nbsp;
3) Connect your F5 directly to the VLAN in question (assuming that is physically and logically possible) and use static routes on the servers to ensure return traffic goes through it&nbsp;
Either way, its seems like a huge amount of work and added complexity to accommodate your server team. Rather than looking for a technical solution, I'd say it would be worth talking to them again and explaining your challenge and the downsides of all these solutions.&nbsp;

solmon · Answer

indeed it is a complex situation , due to their current vlan which is multicast capable they are unwilling to move to an inline f5 vlan , have asked them to get additional NIC so that they can have MC and LB capabilites both.&nbsp;
thank you for you for the kind responses.&nbsp;
much appreciated. &nbsp;

Forum Discussion

Real Ip address for non http servers

4 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

How to persist 'real' IP into Kubernetes

F5 Distributed Cloud - Traffic Steering based on Client IP Address

Privileged Access in Action: Technical Controls for Real-World Environments

Configuring Apache Kafka as push consumer for real time F5 BIG-IP Telemetry Streaming (TS)

Introducing the F5 Threat Report: Strategic Threat Intelligence with Real-Time Industry and Technology Trends

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS