Forum Discussion

vvskaladhar_488's avatar
vvskaladhar_488
Icon for Nimbostratus rankNimbostratus
Sep 11, 2013

Irule for inserting client Ip information

. I need a help for solving an issue I am facing here.

 

We have VIP configured with SNATAUTO map for the Service 7501 to load balance LDAP servers. But As per the project requirement Application team want to see the client IPS . Now the challenge is I cannot disable the SNAT because the servers under this VIP are routable and they can be reachable form network directly .Hence an asymmetric routing issues can cause if I disable SNAT and client can not add the static route as there are many number of clients will access this VIP.

 

Can you please let me know if we have any option with Irule to insert the IP information on the LADP VIP ?

 

application delivery
devops
iRules

2 Replies

Sort By
  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Sep 11, 2013

    If SNAT is an issue, you can modify the default route of your LDAP servers to point to the BIG-IPs floating self IP.

     

    In this case an additional virtual server (Performance L4, Loose Init / Loose Close in fastL4 profile) needs to be created to handle outgoing traffic (initiated by your LDAP servers) to remote networks and direct requests from remote networks to your LDAP servers. This part of the traffic will go asymmetric.

     

    As an alternative you may consider to log the SNAT operations on your BIG-IP. A while ago I wrote an iRule to lookup each particulare LDAP query inside an LDAP bind. It should be easy to fire a log message with each new query coming in. Please let me know, if you want to follow this approach.

     

  • jgranieri's avatar
    jgranieri
    Icon for Nimbostratus rankNimbostratus
    Sep 11, 2013

    You can add an irule to insert the client source IP either via a cookie insert or using a X-Forwarded-For header... some quick examples below

     

    Code   when HTTP_REQUEST {
 HTTP::header insert X-Forwarded-For [IP::client_addr]
 log local0. "Client IP:  [IP::client_addr]"

    }

     

    or

     

    Code  when HTTP_REQUEST {
 Insert a cookie named CUSTOMER_IP with the client IP address as a value
HTTP::cookie insert name CUSTOMER_IP value [IP::client_addr] 
 }

    I tested both and they work fine with SNAT configured