Reputation: 139
F5 Load balancer client IP in webserver
When accessing a webserver using the F5 load balancer, what usually the IP that webserver receives? is it the F5 IP or the client IP.
Upvotes: 1
Views: 3444
Answers (4)
Reputation: 71
This typically depends on whether a proxy/firewall is in the path of ingress and egress traffic.
Majority of the time incoming traffic to a webserver will hit a configured SNAT before reaching the virtual IP address of the interface associated with the webserver. In this case, the webserver would potentially be part of other severs in a pool. In this type of setup, a webserver will see the request as coming from the SNAT pool.
Another type of setup is known as "Pass Through" which is configured using the FastL4 virtual server type. F5 recommends to use FastL4 only when your virtual servers "will not" be processing anything past Layer 4, this causes the load balancer to process a bit faster.
But to get back to your question, there is also the x-forwarded-for option in which the F5 inserts the "original client IP address in an http header", and in this case the receiving web server must be configured to log/recognize this client IP address and bypass the SNAT pool option.
Upvotes: 2
Reputation: 9
Depends on your F5 configuration. More often than not it will be a SNAT to the F5 interface or a SNAT pool on the F5, or the clients IP in X-forwarding header.
Upvotes: 0
Reputation: 1
You can configure the IP address on the virtual server on the F5 device. Then, that IP address is what can be presented.
Upvotes: 0
Reputation: 116167
It depends on configuration. If nPath (aka DSR or Direct Server Return) is enabled, then webserver will see packet with IP address of client (however, if load balancer is connected to internet not directly, but via NAT box/firewall, webserver will see IP adress of that NAT box as return IP address).
If F5 is not using nPath, then webserver will see IP address of load balancer, which itself is then operating in NAT like mode.
Typically, you should not rely on this though. Most load balancers support automatically adding header X-Forwarded-For which contains original client IP address. However, this only works if there is no NAT between load balancer and Internet.
Upvotes: 0
Related Questions
- Apache httpd server doesn't accept GET HTTP request from F5 load balancer
- Can the F5 load balancer accept a request header that will lock it to one of the nodes?
- Installing F5 load balancer on Linux
- How can I get the real IP address of Client behind F5 loadbalancer with Java socket
- How to find client IP address in load balanced IIS servers
- F5 LTM Load balancer Rest Java Api?
- Can application sessions share F5 load balancer connections?
- F5 Load balancer over web server
- How to enable Reverse Proxy on F5
- Is the UserHostAddress changed when using an F5 load balancer?