V9.0.4 SNAT, but maintain source IP of client

Question

We have two groups of servers which are on the same network (L2 and L3).  Is there a way to preserve the source IP of a request from group1 web servers to a vip on the same network of the two groups of servers, without the group2 servers sending return traffic directly back to the group1 webservers?  I need to enable SNAT but want the group2 servers to retain the source IP address of the client servers. 
&nbsp;  
&nbsp; Thank you.

jrahm · Answer

If it is http traffic, you can insert the source IP into the headers.

jrahm · Answer

If it is not http traffic, you could separate your layer 2 domain into two vlans and then create a vlan group with your layer 3 domain defined there.  Put each group of servers into each vlan, then destination nat the traffic, the BigIP will preserve the source and intercept the return traffic to correct the (now) source as the vip so the packet originator doesn't reset the TCP connection.  I tested this in the lab a few years ago.  You shouldn't need a rule for this.

Forum Discussion

V9.0.4 SNAT, but maintain source IP of client

Recent Discussions

Diameter iRules attachment?

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Use of SSL Decryption.

Related Content

Maintaining BIG-IP's Golden Compliance Configuration in Financial Services

Use Kubernetes Cert-Manager to Maintain Let's Encrypt Certificates

The Power of Source Address

F5 XC vk8s workload with Open Source Nginx

Solving for true-source IP with global load balancers in Google Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS