Source address

Question

We have 2 F5 LTM's in a HA pair.  They are placed on a Cisco switch in a L3 environment.  All servers default gateways that use the F5 use the Cisco switch as the DG.   
&nbsp;  
&nbsp; We are now starting to place applications through the F5, that use http and require the source address to be seen by the application, and not the F5 address. 
&nbsp;  
&nbsp; We currently have the configuration setup so that the Virtual server uses a Automap, but all sources address are the F5.  In order to view the Source address for our applications, what are the best methods to use?  Should we be changing the configuration of the servers so that the DG is the F5? should be using xforwarded for? or install a dll? should be upgrading our version? what is the best configuration for our setup?

the_bhattman · Answer

You have 3 from what I can think of. 
&nbsp;  
&nbsp; 1. You could use x-forward if your application is web based.  Your application will need to know how to log it in order for that to work correctly.  This is ofcourse limited to http standards. 
&nbsp;  
&nbsp; 2. Repoint the servers DG to the F5, which is primary the default scenario that I have seen from F5. 
&nbsp;  
&nbsp; 3. Introduce Policy based Routes (Pbr) on the Cisco switch L3.  Basically the servers continue to point to the L3 switch for the DG.  The Pbr will provide you the mechanism to flow the traffic to other networks that live on the Cisco L3 and and direct traffic  traffic back to the LBs for everything else.  You can base the Pbr  on source and destination addresses. 
&nbsp;  
&nbsp; Hope this helps 
&nbsp; CB 
&nbsp;  &nbsp;

marc_jones_4616 · Answer

cheers cmbhatt 
&nbsp;  
&nbsp; if i went with scenario 2, would i have to turn off layer 3 Cisco switch? although the default gateway would be the F5, it would all physically be connected to the  Cisco switch?

the_bhattman · Answer

No you don't have to.

Forum Discussion

Source address

3 Replies

Recent Discussions

Telemetry streaming to Elasticsearch

Portal Access to HTTPS resources slow

Provisioning r2600 equipment

Could not connect to SMTP host.

Block CBC

Related Content

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

How to rewrite the source IP address to an URL

CSV to Address External Datagroup File

ICMP Custom Source Address Monitor

Capturing source IP addresses for VIP