This is interesting!!!! Could you share this irule here???? So you have several ways... First one, which won't work, would to use the proxy protocol... unfortunatelly, F5 does not support it yet... Maybe an irule could do it, that said... second one, would to do transparent proxying on your HAProxy box, but this means tweaking your kernel, playing with iptables and turn the HAProxy box as the default gateway of your F5 OR using PBR to redirect traffic to clients via HAProxy.... Last one would to write an irule to use the IP provided by the header X-forwarded-for setup by HAProxy with the client IP Don't tell me F5 can't do it, cause HAProxy can (and F5 always blame open source and claim their superiority to who wants to listen to them)....
And if you look for an alternative to F5, just as google, here is the first link: http://ninjanix.com/alternative-to-f5/ my 2 cents, cheers On Wed, Jan 9, 2013 at 8:49 PM, DeMarco, Alex <[email protected]> wrote: > Right now it is just a proof of concept idea. Part of the problem is > that F5 the we own does not do reverse proxying,. At least not without > running an iRule that no one on their support department will support you > on. Unless I am completely missing something.**** > > ** ** > > **- **Alex **** > > ** ** > > *From:* Jeffrey 'jf' Lim [mailto:[email protected]] > *Sent:* Wednesday, January 09, 2013 2:46 PM > *To:* DeMarco, Alex > *Cc:* [email protected] > *Subject:* Re: Haproxy & F5 usage question**** > > ** ** > > ** ** > > On Thu, Jan 10, 2013 at 2:05 AM, DeMarco, Alex <[email protected]> > wrote:**** > > I have a situation where a backend server defined in HAProxy may be a vip > on our F5. The F5 vip is setup for source persistence. Right now all > the requests to this vip from the haproxy box are all going to one pool > member. Obviously the f5 is seeing the ip of the server and not the true > client. I do have haproxy sending out the X-Forwarded-For. But the f5 does > not see it.**** > > > So let me get this right. You've got a BIGIP sitting behind a HAProxy > instance? Why are things configured this way? > > -jf > > **** > > **** > > Anyone have an example of how scenario like this would work? Do I need > to modify haproxy or is this an f5 issue?**** > > **** > > Thank you again in advance..**** > > **** > > [image: circle] <http://www.suny.edu/>**** > > *Alex DeMarco* > *Manager of Technical Services* > The State University of New York > State University Plaza - Albany, New York 12246 > Tel: 518.320.1398 Fax: 518.320.1550 > *Be a part of Generation SUNY: > **Facebook*<http://www.facebook.com/generationsuny> > * - **Twitter* <http://www.twitter.com/generationsuny>* - > **YouTube*<http://www.youtube.com/generationsuny> > **** > > **** > > **** > > ** ** >
<<image001.gif>>
