Allowing source IPs to be visible behind a BIG-IP
We have a big-IP version BIG-IP 14.1.0.3 Build 0.0.6 Point Release 3 with a few services running on it. One of the services takes in telemetry data from 100 client devices, passes through the BIG-IP to a pool of 3 identical listening devices, all on a custom port. The listening devices have a simple web console mainly used for internal status checking and troubleshooting. We previously had these devices behind a Barracuda Load Balancer. On the three listening devices, the client connections would be displayed showing their outside, originating IP, which helped in identifying what client site it was. Now that we've moved these devices behind the BIG-IP, everything seems to be working properly, except the devices are all displaying the floating self-IP of the BIG-IP. We have 100 connections, all showing the same IP. Is there a way to have them display their actual, originating IP address? I was working with a support engineer who suggested disabling Address Translation and then setting the WAF's floating Self-IP as the default gateway on the three listening devices, but that results in the outside devices being unable to connect at all. Any other suggestions? I'd be happy to try and provide any addition information, if needed. This is a standard virtual server passing traffic via TCP.683Views0likes4CommentsNAT IPv6 to IPv6 (NAT66)
Hi, I have a scenario which requires us to do ipv6 to ipv6 natting. (map a private-ipv6 to a public-ipv6) We are using the soft version 13.1.1.4 and it seems it doesn't properly work. We tried the following: 1. cfged a snat pool list w/ one ipv6 address, next this snat was assigned to our ipv6 virtual-server. tshooting it w/ tcpdump shows no translation occurs. i found under the 14.x release notes a bug ID681070 whichseems similar "NAT66 may fail if configured with a single translation address". we then tried to cfg the snat pool list w/ an ipv6/124 prefix resultingin errors by the f5 saying " 01020059:3: IP Address :: is invalid, must not be all zeros." tried using an iRULE w/ plain when client_accepted, snat ipv6address... this didn't work either, we receiving TCL errors bad IP address format (line 1)TCL error (line 1) (line 1) invoked from within "snat xxxx:6xx0:0001:0100:00xx:0xx5:0104:0/124" Did anyone successfully configure something like this? Any ideas will be very much appreciated. thanks,509Views0likes0CommentsAddress translation query
Guys, Im trying to understand what exactly happens when address translation is enabled on a VIP. I assumed once enabled it was reading settings from the address translation section on the GUI (NATs, SNATs etc), and applying from there once triggered with matching source IP. Im likely way off with that, as ive never looked into this in any great detail, things have just worked away nicely in background. Basically now i am trying to troubleshoot an issue on a VS, that has address translation tick box enabled, yet the client IP is preserved in the server side connection, and im trying to understand what is preserving client IP. Does address translation tick box preserve the client IP, or is it that something is mis-configured?? v11. No automap enabled on VIP. Thanks in advance guys ;)446Views0likes14Comments