Forum Discussion
Mike_73765
Nimbostratus
NimbostratusSNAT - preserve client ip to pool member non-http traffic
I have a setup where vip and pool member ip's are on the same network....pool members need to see the real client ip address....but this is not http/https so i can't simply create a header with clien...
Hamish
Cirrocumulus
Cirrocumulus
Policy routing (As mentioned above) to ensure that the traffic passes back via the BigIP. You could configure this on the client (e.g. With Linux using iptables to mark the traffic and a specific route for that marked traffic only) or on the VLAN gateway (router) itself
With tcp traffic you can add an option header to insert the clients real-ip. But your server needs to understand how to get that value and what to do with it. And it's not going to help UDP traffic.... However... There are provisions within the DNS protocol that you could take advantage of. You could insert another QTYPE record within the UDP query for a class of traffic that doesn't exist, and insert the clientip into there... Again, your DNS server software would have to know what to do with it... So that's probably not going to be very useful.
The easy way of course is to hide the DNS servers BEHIND the BigIP and get rid of SNAT, using the BigIP as the route back to the clients doing the querying.
H
