Skip to main content

Preserving client IP address in any TCP session

When you use a reverse proxy like the F5 BIG-IP is, there's always a big discussion how to preserving the client ip address in any TCP session.

F5 has.a document describing the different possibilities:

  • If the traffic is HTTP,  you can use x-forwarded-for feature.
    Note: For more information refer to: K4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT object
  • Preserving the client IP in layer 4 or layer 3.
    Note: There is no option can be configured in the virtual server without disabling the SNAT. This is by design as BIG-IP acts a full-proxy in most cases.
  • Disabling SNAT is an option, which means no Address Translation occurs.
    Note: You must ensure that servers will use F5 as the default gateway for replying back to the client, in order to prevent asymmetric routing.
  • If you are open to complex solution, you may use TCP Options to insert the client-IP into the TCP Header Options field.
    Note: Configuring the BIG-IP to insert into the TCP header of a connection can be a complicated implementation can be found in DevCentral, or F5 professional services.
    For more information refer to:     DevCentral: Accessing TCP Options from iRules

You can finde the document here:

K12757773: Preserving client IP address in any TCP session

Back to top