Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

4710 in one-armed mode

is it possible to preserve the clients originating IP address somewhere while using the 4710 in one armed mode?  I have a situation where the client source ip is needed, and I am deciding between one-armed mode and inline.  I'd like to use one-armed, so that only load balanced traffic traverses the load balancer, but I haven't seen an example where that can be done without  loosing the clients src address.

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: 4710 in one-armed mode

Only thing I can think of is http header-insertion. Create an action-list, that inserts the original client src.ip/port into the http-header. The configuration is quite simple:

action-list type modify http name

  header insert both Host header-value %is:%ps

Then apply the action-list to your loadbalance policy-map.

Take a look at the url below for futher information:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1131842

But that depends on your situation. If is the original client src.ip/port is expected in the L3/L4 header, this won't cut it. Is this for logging purposes or some form of packet filtering ?

If you intend to run your ACE in one-arm mode, in my opponion, src.nat and header-insertion is your only option.

hth

/Ulrich

3 REPLIES
Bronze

Re: 4710 in one-armed mode

Only thing I can think of is http header-insertion. Create an action-list, that inserts the original client src.ip/port into the http-header. The configuration is quite simple:

action-list type modify http name

  header insert both Host header-value %is:%ps

Then apply the action-list to your loadbalance policy-map.

Take a look at the url below for futher information:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1131842

But that depends on your situation. If is the original client src.ip/port is expected in the L3/L4 header, this won't cut it. Is this for logging purposes or some form of packet filtering ?

If you intend to run your ACE in one-arm mode, in my opponion, src.nat and header-insertion is your only option.

hth

/Ulrich

New Member

Re: 4710 in one-armed mode

Thanks!!! That looks very promising.  The Original SRC IP will just be used for some statisical based information, the I don't need the original SRC ip in the L3 headers.  Thanks so much!!

Re: 4710 in one-armed mode

if u don't nat the

client source address you will preserve the source address but using this way with one arm topology u need to make sure u have a PBR in the interface/SVI facing the server ( server default gateway) to enforce the returning traffic of HTTP to go back to the ACE

331
Views
0
Helpful
3
Replies