A10 persist source-ip with x-forwarded-for

dromrell

Need to support persistent connection based on client IP behind a proxy:

Clients[s] -> AccessProxy -> network -> A10 -> Servers[s]

This implies that A10 needs to do persist source-ip based on the x-forwarded-for provided by the upstream AccessProxy for each client.

In past without an AccessProxy in path we had used the following boilerplate for this:

slb template persist source-ip PERSIST-POLICY
timeout 120

slb template http HTTP-POLICY
insert-client-ip X-Forwarded-For

slb virtual-server service 10.1.1.1
port 80 http
source-nat pool SNAT-POOL
service-group SERVICE-GROUP
template http HTTP-POLICY
template persist source-ip PERSIST-POLICY

Now we need the A10 to use a hash based on the client IP address that arrives in the x-forwarded-for (not the source IP of the AccessProxy). I can't find this in any documents. Any help is greatly appreciated.

aaydnal

Hi,

Given that the "X-Forwarded-For" header is sent in the request, we can add a uie Persistence through aFlex.

 
aflex create persist-uie
when HTTP_REQUEST {
   set value [HTTP::header X-Forwarded-For]
   set p [persist lookup uie { $value any service } all]
   if { $p ne "" } {
       #log " UIE located([lindex $p 0] [lindex $p 1] [lindex $p 2])"
       node [lindex $p 1] [lindex $p 2]
   }
}
when HTTP_RESPONSE {
   persist add uie { $value any service } 1800
}
.

And Bind the aflex to the vport :

slb virtual-server service 10.1.1.1
port 80 http
source-nat pool SNAT-POOL
service-group SERVICE-GROUP
aflex persist-uie


Let me know if this works for you.

Regards,
Avinash Aydnal
A10 Professional Services Engineer