Forum Discussion
Visibility of the source address of packet to the application server
Hi All,
I have a issue with configuration F5 LTM. My client requires that application servers should see the real source addresses of the incoming packets. One solution is that with snat disabled and the default gateway on the application servers set to the F5. But this is impossible because of our client's infrastructure (it's long story...) Second solution...Lately I read about nPath, but prove me wrong, it's technology for outgoing app server's packets (direct server return). Is there any other way (not with the first solution), for example: to set up nPath to do it?
Regards Broda
- Broda_146178Nimbostratus
Thanks for quick reply.
It's banking application. There is some http traffic, but not only. My client don't know exactly what the other traffic is.
I will try and let You know about results.
Broda
- HamishCirrocumulus
There's a number. If it's HTTP, you could set the XFWD-For header. (Inserts client IP in the HTTP headers). Or if the app is capable you could still SNAT and use the TCP options to insert the client IP into the TCP headers. e.g. with this code from the TCP::Options page on devcentral.
when SERVER_CONNECTED { scan [IP::client_addr] {%d.%d.%d.%d} a b c d TCP::option set 29 [binary format cccc $a $b $c $d] all }
Note that this requires the app to be able to read the options header of course...
Oh... Policy routing the traffic so it still passes back through the BigIP (No nPath) and you don't have to use a default gateway (You'd do this for various WAN accelerators as well with a route-map on the routers, so it's not something that would be unfamiliar to your networking people I'd suspect)
H
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com