Preserving client IP address in any TCP session

When you use a reverse proxy like the F5 BIG-IP is, there's always a big discussion how to preserving the client ip address in any TCP session.

F5 has a document describing the different possibilities:

You can finde the document here:

K12757773: Preserving client IP address in any TCP session

Another possible solution to the problem

You can use the Proxy Protocol to preserve a client’s IP address when that client’s connection passes through a proxy.

What is the Proxy Protocol? It is a network protocol for preserving a client’s IP address when the client’s TCP connection passes through a proxy. Without such a mechanism, proxies lose this information because they act as a surrogate for the client, relaying messages to the server but replacing the client’s IP address with their own. This distorts the logs of upstream servers because the logs incorrectly indicate that all traffic originated at the proxy.

See here: https://www.haproxy.com/blog/use-the-proxy-protocol-to-preserve-a-clients-ip-address

This protocol is often used in Kubernetes clusters for preserving the source-ip address. In this case an external load balancer talks to the ingress controller with proxy protocol.

Link: https://kubernetes.io/docs/tutorials/services/source-ip/


Revision #4
Created 17 April 2024 14:02:54 by Peter Baumann
Updated 17 April 2024 14:21:23 by Peter Baumann