Forum Discussion
NimbostratusTraffic analyzing ( in case of f5 standrad vs , Trasperant L2 , Explict proxy , f5 standrad vs with snat auto map )
DEARS ,
I want to check with you the expected behaviour in the following cases : please correct me : Traffic analyzing (in case of f5 standrad vs , Trasperant L2 , Explict proxy , f5 standrad vs with snat auto map)
in standard vs : is it the same as ( transparent proxy) ? I see the client makes 3 way handshake with the f5 vs , the f5 will make 3 way handshake with the server , then the server will do 3 way handshake with the client the client will sen the http get request to the server , and the f5 sends the same http get to the client ????!!!!
please correct me and tell em what will happen in the other cases (Trasperant L2 , Explict proxy , f5 standrad vs with snat auto map)
2 Replies
IheartF5_45022Nacreous
This should explain everything for you here.
Note that SNAT Automap won't make any difference to the behaviour as far as 3-way handshake goes.
- Kevin_Stewart
Employee
If I may add, the term "proxy" gets thrown around a lot, and often with different meanings. Let's just say that, at its simplest, a proxy is any network device that sits between two entities (a client and server) and splits the traffic in half such that the client makes a request to the proxy (which it often believes is the end point server), and the proxy issues a new request to the server on the client's behalf. Proxies are used for all sorts of things from content inspection to traffic optimization and security, and different types of proxies work at different layers of the network stack. What Joanna is showing you is a description of the different modes of proxy on the BIG-IP appliance. There are what we'd call "full application" proxies that will accept application layer (layer 7) requests from the client before issuing a new request to the server (standard mode), to variations of layer 4 through layer 7 proxying, where the proxy service will only intermediate the layer 4 communications (or parts of it). These variations are often used for speed when full layer 7 inspection and optimization are not required.
It's also important to point out, as Joanna has, that SNAT is a layer 3 function that changes the client's true source IP address to an address managed by the BIG-IP and is normally used to force return routing. SNAT can be used in ANY proxy mode.
As far as the terms "transparent" or "explicit", these are generally used to describe web proxies. A layer 4 or reverse proxy is always more or less transparent to the client, but a forward proxy (internal users to Internet) often requires some form of browser configuration.
In ALL cases, an F5 proxy sits between a client and a server and proxies at least to layer 4. For the purposes of traffic analysis, you will see client traffic arriving at an interface of the F5, and leaving an interface of the F5 to go to the server. These will be separate layer 4 (TCP) sessions, and depending on the mode of proxy, will potentially have different source and destination addresses.
