What Does Transparency Mean?

Transparency pertains to how the LoadMaster forwards traffic to Real Servers. In transparent mode, the LoadMaster will pass the original client's IP address as the source IP address. In non-transparent mode, the LoadMaster will Network Address Translate (NAT) the requests to the Real Server with the LoadMaster's Virtual Service address. In order for your server to see the original sender's IP, you will need to operate transparently.


Transparency can be turned on for Layer 7 services and is always on for Layer 4 services. However, there are some obstacles to services functioning correctly in transparent mode. In order for transparent operation to work correctly, traffic must return through the LoadMaster when returning from the servers. Typically this is done by setting the servers’ default gateway to the LoadMaster.

However, challenges arise when the client and server are on the same subnet. In this case, transparency cannot work since the server will respond to the client directly. If you are in a situation where the clients and server are on the same subnet and you must have transparency, KEMP recommends migrating to a two-armed configuration. This can be done by creating an additional subnet connected to LoadMaster and moving your servers there. By using the LoadMaster as a gateway for the servers, you will be able to operate transparently.

The most important thing to remember when attempting to operate transparently, is that the server's gateway must be set to the LoadMaster. If that is set correctly, you can enable transparency by checking the Transparency check box for the relevant Virtual Service(s) by going to Virtual Services > Modify > Standard Options.

Was this article helpful?

1 out of 1 found this helpful



hi ihave problem in my load blancer
ihave to cas server 2013

and I making CName Record dns it called Mail.project.com
iturned off Cas01
and trying to connect mail.project.com\owa
ican,t not found this url why load balance didn't redirect to another cas02

notes: ineed to Cases server connected in 1url

Derek Kiely

What health check did you have set on the LoadMaster. If you use the HTTP/HTTPS healthcheck then the LoadMaster expects to get a 200 OK back. If it gets anything else then we will fail the real server.