For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ltp_55848's avatar
ltp_55848
Icon for Nimbostratus rankNimbostratus
Jun 29, 2011

Wildcard forwarding for direct node traffic with PBR

Hi All,     Apologies if this question has been asked before; I've waded my way through a lot of forum posts but haven't seen the problem I'm facing - feel free to prove otherwise.     I a...
config
design
ltp_55848's avatar
ltp_55848
Icon for Nimbostratus rankNimbostratus
Jul 06, 2011
Hi Bhattman,

 

 

Sorry for the confusion. The primary reasons for this design were that; the client IP address be preserved without using an X-Forwarded-for header, and that other non service related traffic (specifically high bandwidth traffic like backups) did not traverse the F5's.

 

 

The first requirement ruled out SNAT'ing incoming traffic and the second requirement ruled out the common approach of using the F5 as a default gateway (that is without requiring additional complexity on the client side), so PBR was used to server reply traffic via the F5's whilst allowing all other traffic to continue to be routed via the default gateway.