Jump to content


Photo

Source IP address used to talk to real host for a serivce

ADC service

Best Answer Aravindan Anandan, 09 October 2019 - 11:24 PM

Hi,

 

The source ip is chosen randomly by the ADC. However, this configuration can be overridden. Please check this link: https://campus.barra...m/doc/44435520/

Go to the full post


  • Please log in to reply
3 replies to this topic

#1 Darren Henderson

Darren Henderson
  • Members
  • 2 posts

Posted 09 October 2019 - 12:54 PM

I just noticed today that connections to real hosts appear to be coming from a single IP address regardless if which service a real host is associated with. I would have expected the hosts to see connections coming from the IP address associated with their respective services.

 

I have two clusters, think dev and production. Two armed configuration with an inside and an outside. In one cluster the hosts are all seeing the connections come from the load balancers' inside address. That would make some kind of sense. However on the other cluster the hosts are all seeing the connections coming from the IP address associated with one of the  services. Same kind of configuration, two armed,  with an inside and an outside.

 

Just to restate it in case I've not been clear enough...

 

Say I have ServiceA using hostA1 and hostA2. I also have ServiceB uinsg hostB1 and host B2. Same for ServiceC,D,E etc. All of the services and hosts are on the same subnet and the requests are coming in from other subnets (two armed).

 

A connection comes into ServiceB and it's sent to either hostB1 or hostB2 as it should be. However, hostB1 and hostB2 in dev will see the source address being  dev's inside address. In production hostB1 and hostB2 see the request come from the source address associated with ServiceA.

 

How does the ADC chose which IP address to use as the source address when connecting to a real host?

 

This is in a pretty simple configuration doing load balancing and SSL. A few network firewall rules to limit access to one of the services. None of the other features are involved.

 



#2 Frank Bulk

Frank Bulk
  • Members
  • 36 posts

Posted 09 October 2019 - 07:31 PM

Do you have the same NATing configured for both devices?



#3 Aravindan Anandan

Aravindan Anandan
  • Barracuda Team Members
  • 73 posts

Posted 09 October 2019 - 11:24 PM   Best Answer

Hi,

 

The source ip is chosen randomly by the ADC. However, this configuration can be overridden. Please check this link: https://campus.barra...m/doc/44435520/



#4 Darren Henderson

Darren Henderson
  • Members
  • 2 posts

Posted 10 October 2019 - 11:39 AM

No NATing involved.

 

The info in Aravindan's post answers the questions.

 

What an "interesting" way of handling it. Feels like it must have been developed as a work around.

 

Thanks for the info!