Snat for transparent device

Hi,

 

 

I came across a request to setup LTM to load balance some transparent proxy devices. There are some unique requirements, wonder if I can get some advice here.

 

 

[Scenario]

 

 

Origin Servers (Internet)

 

^|

 

|v

 

Client --> LTM -> Proxy2

 

|^

 

v|

 

Proxy1

 

3.3.3.3

 

 

Traffic flow:

 

- In scenario 1, Client initiates HTTP request to Origin Servers via a Virtual Server on LTM (e.g. 2.2.2.2:xxx).

 

- LTM forwards the request to Proxy1 (e.g. 3.3.3.3).

 

- Proxy1 will then initiate another outbound request via another VS on LTM (e.g. 0.0.0.0:yyy), which is then redirected to Proxy2 (use irule).

 

- Proxy2 again initiates another request to the Origin Servers.

 

- Return traffic need to follow the flow sequence back

 

 

Challenge:

 

- The proxies are transparent devices, in other words, they preserve the Client's source ip throughout. LTM only sees the requests from Proxy1/Proxy2 as coming from the Client source IP.

 

- Question: is it possible to use irule to maintain/keep track of the connections between Proxy1/Proxy2/LTM as LTM only sees the Client's IP

 

I thought of turning on SNAT for every connections that come from Proxy1/Proxy2, but am not sure if it will work. It seems LTM will also need to keep track of the connections in Layer 2.

 

 

VS 0.0.0.0:80

 

|

 

-> irule1

 

set client_ip [IP::addr [IP::client_addr]]

 

if { [TCP::server_port] == 80 } then

 

pool Proxy1

 

snat $client_ip

 

 

Any thoughts are appreciated. Thanks.