Source IP address used to talk to real host for a serivceADC service
Posted 09 October 2019 - 12:54 PM
I just noticed today that connections to real hosts appear to be coming from a single IP address regardless if which service a real host is associated with. I would have expected the hosts to see connections coming from the IP address associated with their respective services.
I have two clusters, think dev and production. Two armed configuration with an inside and an outside. In one cluster the hosts are all seeing the connections come from the load balancers' inside address. That would make some kind of sense. However on the other cluster the hosts are all seeing the connections coming from the IP address associated with one of the services. Same kind of configuration, two armed, with an inside and an outside.
Just to restate it in case I've not been clear enough...
Say I have ServiceA using hostA1 and hostA2. I also have ServiceB uinsg hostB1 and host B2. Same for ServiceC,D,E etc. All of the services and hosts are on the same subnet and the requests are coming in from other subnets (two armed).
A connection comes into ServiceB and it's sent to either hostB1 or hostB2 as it should be. However, hostB1 and hostB2 in dev will see the source address being dev's inside address. In production hostB1 and hostB2 see the request come from the source address associated with ServiceA.
How does the ADC chose which IP address to use as the source address when connecting to a real host?
This is in a pretty simple configuration doing load balancing and SSL. A few network firewall rules to limit access to one of the services. None of the other features are involved.
Posted 09 October 2019 - 07:31 PM
Do you have the same NATing configured for both devices?
Posted 10 October 2019 - 11:39 AM
No NATing involved.
The info in Aravindan's post answers the questions.
What an "interesting" way of handling it. Feels like it must have been developed as a work around.
Thanks for the info!