one arm/transparency could see source IP of client?

0

Hello,

I setup one arm config. up and something wired happens:
1. Client(IP:172.16.1.2, GW:172.16.1.1)->Router(WAN IP:172.16.1.1 while LAN IP :192.168.1.1)->switch->real server (IP:192.168.1.3. GW:192.168.1.168, and there is apache running on it)
2. The ADC is connected to switch via eth0 port, and ADC eth0 (IP:192.168.1.168/24, GW:192.168.1.1)
3. Add new virtual service (192.168.1.4:80, l7 service and transparent enabled) and real server (192.168.1.3:80)
4. When I enable transparent in virtual server, in the real server web log I could see the client IP 172.16.1.2

However, I checked the documentation at https://support.kemptechnologies.com/hc/en-us/articles/200667729-Understanding-Transparency, it said the real server could only see the virtual service IP rather than client source IP with one arm.

Am I missing something?

Cheers,
Sam

1 comment

Avatar
0
Barry Gleeson

Hi Sam,
Transparency means the Source IP of the Client is preserved (this means the Real Server will see requests coming form the Client IP 172.16.1.2)
If Transparency is off the loadmaster will NAT the connections before sending them to the Real Server and the source IP will then be the VIP (192.168.1.168)

real server could only see the virtual service IP rather than client source IP with one arm
If transparency is ON the Real Server will see the Client IP even in One Armed setup. (There is one main exception - when the client is on the same subnet as the Real Server Transparency is automatically disabled )

Barry