Preserving client IP address in any TCP session
When you use a reverse proxy like the F5 BIG-IP is, there's always a big discussion how to preserving the client ip address in any TCP session.
F5 has.a document describing the different possibilities:
- If the traffic is HTTP, you can use x-forwarded-for feature.
Note: For more information refer to: K4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT object - Preserving the client IP in layer 4 or layer 3.
Note: There is no option can be configured in the virtual server without disabling the SNAT. This is by design as BIG-IP acts a full-proxy in most cases. - Disabling SNAT is an option, which means no Address Translation occurs.
Note: You must ensure that servers will use F5 as the default gateway for replying back to the client, in order to prevent asymmetric routing. - If you are open to complex solution, you may use TCP Options to insert the client-IP into the TCP Header Options field.
Note: Configuring the BIG-IP to insert into the TCP header of a connection can be a complicated implementation can be found in DevCentral, or F5 professional services.
For more information refer to: DevCentral: Accessing TCP Options from iRules
You can finde the document here: