05-26-2010 12:17 PM
is it possible to preserve the clients originating IP address somewhere while using the 4710 in one armed mode? I have a situation where the client source ip is needed, and I am deciding between one-armed mode and inline. I'd like to use one-armed, so that only load balanced traffic traverses the load balancer, but I haven't seen an example where that can be done without loosing the clients src address.
Solved! Go to Solution.
05-26-2010 05:21 PM
Only thing I can think of is http header-insertion. Create an action-list, that inserts the original client src.ip/port into the http-header. The configuration is quite simple:
action-list type modify http name
header insert both Host header-value %is:%ps
Then apply the action-list to your loadbalance policy-map.
Take a look at the url below for futher information:
But that depends on your situation. If is the original client src.ip/port is expected in the L3/L4 header, this won't cut it. Is this for logging purposes or some form of packet filtering ?
If you intend to run your ACE in one-arm mode, in my opponion, src.nat and header-insertion is your only option.
hth
/Ulrich
05-26-2010 05:21 PM
Only thing I can think of is http header-insertion. Create an action-list, that inserts the original client src.ip/port into the http-header. The configuration is quite simple:
action-list type modify http name
header insert both Host header-value %is:%ps
Then apply the action-list to your loadbalance policy-map.
Take a look at the url below for futher information:
But that depends on your situation. If is the original client src.ip/port is expected in the L3/L4 header, this won't cut it. Is this for logging purposes or some form of packet filtering ?
If you intend to run your ACE in one-arm mode, in my opponion, src.nat and header-insertion is your only option.
hth
/Ulrich
05-26-2010 05:46 PM
Thanks!!! That looks very promising. The Original SRC IP will just be used for some statisical based information, the I don't need the original SRC ip in the L3 headers. Thanks so much!!
05-30-2010 01:26 AM
if u don't nat the
client source address you will preserve the source address but using this way with one arm topology u need to make sure u have a PBR in the interface/SVI facing the server ( server default gateway) to enforce the returning traffic of HTTP to go back to the ACE
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: