Forum Discussion

AP15's avatar
AP15
Icon for Altostratus rankAltostratus
Sep 14, 2011

LTM to retrieve actual source IP for net.tcp?

Hi Experts,

 

 

Need some guidance regarding one of our applications be load balanced and the server/application should log actual client source IPs.

 

 

The application is being accessed as

 

 

net.tcp://test-tgapps:port/Service/OutageService.svc

 

 

Some background the APP is hosted on VM environment and the server has default gateway of switch rather than F5 LTM. LTM is configured with SNAT so we dont have to change gateways on the VM servers. The app developer wants to see the actual client IP in net.tcp requests and not LTM.

 

 

I guess my question is, will LTM be able to forward actual client IP for this sort of requests similar to X-Forwarded-For in HTTP?

 

 

 

 

The virtual pool/applications are on seperate subnet. Could you please suggest any solutions to keep source IP intact for accessing net.tcp.

 

 

  • Hi AP,

     

    In order to that it would most likely have to imbed into the TCP Headers - which NET.tcp would need to pull from. I am not familiar with net.tcp, but is it possible to pull out information via TCP header?

     

     

    Bhattman
  • AP15's avatar
    AP15
    Icon for Altostratus rankAltostratus
    thanks for your reply bhattman, as far as i know with tcp header you will need to put down IP in data field. If the client is initiating a connection it will hit the LTM and in turn LTM as we know will change the IP so the server will see the source as LTM rather than actual client subnet. i had a confirmation from our local F5 guy informing with net.tcp LTM will not be able to forward source IP as it will be a raw tcp session. I would like to raise this with F5 product team to test and come up with a solution that could forward source IPs for this sort of connections same as X-Forwarded-For HTTP.
  • Hi AP,

     

    Starting in v10.2HF2 there is a new command called TCP::options set which allows you to set tcp option information in the tcp option field.

     

    http://devcentral.f5.com/wiki/iRules.TCP__option.ashx

     

     

     

    I hope this helps

     

    Bhattman