Forum Discussion

Broda_146178's avatar
Broda_146178
Icon for Nimbostratus rankNimbostratus
Oct 23, 2014

Visibility of the source address of packet to the application server

Hi All,   I have a issue with configuration F5 LTM. My client requires that application servers should see the real source addresses of the incoming packets. One solution is that with snat disabl...
application delivery
design
LTM
source address visibility
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Oct 23, 2014

There's a number. If it's HTTP, you could set the XFWD-For header. (Inserts client IP in the HTTP headers). Or if the app is capable you could still SNAT and use the TCP options to insert the client IP into the TCP headers. e.g. with this code from the TCP::Options page on devcentral.

 

when SERVER_CONNECTED {
  scan [IP::client_addr] {%d.%d.%d.%d} a b c d
  TCP::option set 29 [binary format cccc $a $b $c $d] all
}

Note that this requires the app to be able to read the options header of course...

 

Oh... Policy routing the traffic so it still passes back through the BigIP (No nPath) and you don't have to use a default gateway (You'd do this for various WAN accelerators as well with a route-map on the routers, so it's not something that would be unfamiliar to your networking people I'd suspect)

 

H