Forum Discussion

James_48285's avatar
James_48285
Icon for Nimbostratus rankNimbostratus
Feb 09, 2012

X-forwarded between 2 f5's

My deployment of our F5's is a follows:

 

I have an f5 terminating web traffic which is configured to snat to pool ip's.

 

Second f5 is in application tier behind a firewall.

 

 

current configuration is that when the traffic terminates on the web tier f5 it then goes to a vip on the app tier F5 which then goes to pair of servers using serverssl.

 

 

I want to enable X-foreward on the web f5 vip to include the client source to the app tier f5, so when we ultimaltely hit the server in the app tier they see the orginal client source.

 

 

Once I configure the new http profile and enable the x-forwarded and add the following irule

 

 

when HTTP_REQUEST { HTTP::header insert ORIG_CLIENT_IP [IP::remote_addr]

 

}

 

 

As the traffic leaves the web tier f5 it will look like the snat pool, then hits the app tier f5 does it automatically know to pass the client source ip address back to its pool of servers and return the traffic back to the web F5 correctly?

1 Reply

  • does it automatically know to pass the client source ip address back to its pool of serversORIG_CLIENT_IP header should be there when sending traffic to pool of servers. anyway, the servers have to know how to pull this information.

     

     

    return the traffic back to the web F5 correctly?return packet is routed using address in ip header. so, it should work just fine.