A10 persist source-ip with x-forwarded-for

Need to support persistent connection based on client IP behind a proxy:

Clients[s] → AccessProxy → network → A10 → Servers[s]

This implies that A10 needs to do persist source-ip based on the x-forwarded-for provided by the upstream AccessProxy for each client.

In past without an AccessProxy in path we had used the following boilerplate for this:

slb template persist source-ip PERSIST-POLICY timeout 120

slb template http HTTP-POLICY insert-client-ip X-Forwarded-For

slb virtual-server service 10.1.1.1 port 80 http source-nat pool SNAT-POOL service-group SERVICE-GROUP template http HTTP-POLICY template persist source-ip PERSIST-POLICY

Now we need the A10 to use a hash based on the client IP address that arrives in the x-forwarded-for (not the source IP of the AccessProxy). I can’t find this in any documents. Any help is greatly appreciated.

Hi, Given that the “X-Forwarded-For” header is sent in the request, we can add a uie Persistence through aFlex.

 
aflex create persist-uie
when HTTP_REQUEST {
   set value [HTTP::header X-Forwarded-For]
   set p [persist lookup uie { $value any service } all]
   if { $p ne "" } {
       #log " UIE located([lindex $p 0] [lindex $p 1] [lindex $p 2])"
       node [lindex $p 1] [lindex $p 2]
   }
}
when HTTP_RESPONSE {
   persist add uie { $value any service } 1800
}
.

And Bind the aflex to the vport : slb virtual-server service 10.1.1.1 port 80 http source-nat pool SNAT-POOL service-group SERVICE-GROUP aflex persist-uie Let me know if this works for you. Regards, Avinash Aydnal A10 Professional Services Engineer