Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
600
Views
0
Helpful
3
Replies

4710 in one-armed mode

Go to solution
jbeltrame
Level 1
Level 1

‎05-26-2010 12:17 PM

is it possible to preserve the clients originating IP address somewhere while using the 4710 in one armed mode?  I have a situation where the client source ip is needed, and I am deciding between one-armed mode and inline.  I'd like to use one-armed, so that only load balanced traffic traverses the load balancer, but I haven't seen an example where that can be done without  loosing the clients src address.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
UHansen1976
Level 1
Level 1

‎05-26-2010 05:21 PM

Only thing I can think of is http header-insertion. Create an action-list, that inserts the original client src.ip/port into the http-header. The configuration is quite simple:

action-list type modify http name

  header insert both Host header-value %is:%ps

Then apply the action-list to your loadbalance policy-map.

Take a look at the url below for futher information:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1131842

But that depends on your situation. If is the original client src.ip/port is expected in the L3/L4 header, this won't cut it. Is this for logging purposes or some form of packet filtering ?

If you intend to run your ACE in one-arm mode, in my opponion, src.nat and header-insertion is your only option.

hth

/Ulrich

View solution in original post

0 Helpful
3 Replies 3

Go to solution
UHansen1976
Level 1
Level 1

‎05-26-2010 05:21 PM

Only thing I can think of is http header-insertion. Create an action-list, that inserts the original client src.ip/port into the http-header. The configuration is quite simple:

action-list type modify http name

  header insert both Host header-value %is:%ps

Then apply the action-list to your loadbalance policy-map.

Take a look at the url below for futher information:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1131842

But that depends on your situation. If is the original client src.ip/port is expected in the L3/L4 header, this won't cut it. Is this for logging purposes or some form of packet filtering ?

If you intend to run your ACE in one-arm mode, in my opponion, src.nat and header-insertion is your only option.

hth

/Ulrich

0 Helpful

Go to solution
jbeltrame
Level 1
Level 1
In response to UHansen1976

‎05-26-2010 05:46 PM

Thanks!!! That looks very promising.  The Original SRC IP will just be used for some statisical based information, the I don't need the original SRC ip in the L3 headers.  Thanks so much!!

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to jbeltrame

‎05-30-2010 01:26 AM

if u don't nat the

client source address you will preserve the source address but using this way with one arm topology u need to make sure u have a PBR in the interface/SVI facing the server ( server default gateway) to enforce the returning traffic of HTTP to go back to the ACE

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents