Hello, Not sure what you mean with F5 not seeing the header. tcpdump on the F5 to verify?
Fix it in F5. This iRule should make persistence based on X-Forwarded-For.
when HTTP_REQUEST {
if {[HTTP::header X-Forwarded-For] != ""}{
persist uie [HTTP::header X-Forwarded-For] 600
}
}
600 is the persistence in seconds.
Hope this helps.
.pelle
On Wed, Jan 9, 2013 at 11:41 PM, Baptiste <[email protected]> wrote:
> This is interesting!!!!
> Could you share this irule here????
>
> So you have several ways...
> First one, which won't work, would to use the proxy protocol...
> unfortunatelly, F5 does not support it yet... Maybe an irule could do it,
> that said...
> second one, would to do transparent proxying on your HAProxy box, but this
> means tweaking your kernel, playing with iptables and turn the HAProxy box
> as the default gateway of your F5 OR using PBR to redirect traffic to
> clients via HAProxy....
> Last one would to write an irule to use the IP provided by the header
> X-forwarded-for setup by HAProxy with the client IP Don't tell me F5 can't
> do it, cause HAProxy can (and F5 always blame open source and claim their
> superiority to who wants to listen to them)....
>
> And if you look for an alternative to F5, just as google, here is the
> first link:
> http://ninjanix.com/alternative-to-f5/
>
> my 2 cents,
>
> cheers
>
>
>
> On Wed, Jan 9, 2013 at 8:49 PM, DeMarco, Alex <[email protected]>wrote:
>
>> Right now it is just a proof of concept idea. Part of the problem is
>> that F5 the we own does not do reverse proxying,. At least not without
>> running an iRule that no one on their support department will support you
>> on. Unless I am completely missing something.****
>>
>> ** **
>>
>> **- **Alex ****
>>
>> ** **
>>
>> *From:* Jeffrey 'jf' Lim [mailto:[email protected]]
>> *Sent:* Wednesday, January 09, 2013 2:46 PM
>> *To:* DeMarco, Alex
>> *Cc:* [email protected]
>> *Subject:* Re: Haproxy & F5 usage question****
>>
>> ** **
>>
>> ** **
>>
>> On Thu, Jan 10, 2013 at 2:05 AM, DeMarco, Alex <[email protected]>
>> wrote:****
>>
>> I have a situation where a backend server defined in HAProxy may be a vip
>> on our F5. The F5 vip is setup for source persistence. Right now all
>> the requests to this vip from the haproxy box are all going to one pool
>> member. Obviously the f5 is seeing the ip of the server and not the true
>> client. I do have haproxy sending out the X-Forwarded-For. But the f5 does
>> not see it.****
>>
>>
>> So let me get this right. You've got a BIGIP sitting behind a HAProxy
>> instance? Why are things configured this way?
>>
>> -jf
>>
>> ****
>>
>> ****
>>
>> Anyone have an example of how scenario like this would work? Do I need
>> to modify haproxy or is this an f5 issue?****
>>
>> ****
>>
>> Thank you again in advance..****
>>
>> ****
>>
>> [image: circle] <http://www.suny.edu/>****
>>
>> *Alex DeMarco*
>> *Manager of Technical Services*
>> The State University of New York
>> State University Plaza - Albany, New York 12246
>> Tel: 518.320.1398 Fax: 518.320.1550
>> *Be a part of Generation SUNY:
>> **Facebook*<http://www.facebook.com/generationsuny>
>> * - **Twitter* <http://www.twitter.com/generationsuny>* -
>> **YouTube*<http://www.youtube.com/generationsuny>
>> ****
>>
>> ****
>>
>> ****
>>
>> ** **
>>
>
>
<<image001.gif>>
