05-26-2010 12:17 PM
is it possible to preserve the clients originating IP address somewhere while using the 4710 in one armed mode? I have a situation where the client source ip is needed, and I am deciding between one-armed mode and inline. I'd like to use one-armed, so that only load balanced traffic traverses the load balancer, but I haven't seen an example where that can be done without loosing the clients src address.
Solved! Go to Solution.
05-26-2010 05:21 PM
Only thing I can think of is http header-insertion. Create an action-list, that inserts the original client src.ip/port into the http-header. The configuration is quite simple:
action-list type modify http name
header insert both Host header-value %is:%ps
Then apply the action-list to your loadbalance policy-map.
Take a look at the url below for futher information:
But that depends on your situation. If is the original client src.ip/port is expected in the L3/L4 header, this won't cut it. Is this for logging purposes or some form of packet filtering ?
If you intend to run your ACE in one-arm mode, in my opponion, src.nat and header-insertion is your only option.
hth
/Ulrich
05-26-2010 05:21 PM
Only thing I can think of is http header-insertion. Create an action-list, that inserts the original client src.ip/port into the http-header. The configuration is quite simple:
action-list type modify http name
header insert both Host header-value %is:%ps
Then apply the action-list to your loadbalance policy-map.
Take a look at the url below for futher information:
But that depends on your situation. If is the original client src.ip/port is expected in the L3/L4 header, this won't cut it. Is this for logging purposes or some form of packet filtering ?
If you intend to run your ACE in one-arm mode, in my opponion, src.nat and header-insertion is your only option.
hth
/Ulrich
05-26-2010 05:46 PM
Thanks!!! That looks very promising. The Original SRC IP will just be used for some statisical based information, the I don't need the original SRC ip in the L3 headers. Thanks so much!!
05-30-2010 01:26 AM
if u don't nat the
client source address you will preserve the source address but using this way with one arm topology u need to make sure u have a PBR in the interface/SVI facing the server ( server default gateway) to enforce the returning traffic of HTTP to go back to the ACE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide