wtwagon_99154
Dec 15, 2008Nimbostratus
Geolocation / SNAT problems
Recently, my company has implemented a SiteSpect device, which is used for Multivariate Testing. Everything has been running fine until we implemented a geo-locating (display a specific page depending on IP address) application.
With that being said, I tracked the problem down to our SNAT configuration. Here's how everything is set up:
1) Web request comes in to external, internet facing VIP (external VIP contains SiteSpect device in a pool and there is no SNAT AutoMap turned on)
2) SiteSpect Device does a reverse proxy to an internal VIP (172.16.1.217/21) keeping all IP address information in tact.
3) Internal VIP has 4 web servers in the pool and SNAT AutoMap is not turned on. The web servers are also on the same network as the 172.16.1.217/21 (172.16.2.48-172.16.2.51)
So, what I see is a web request come in to the SiteSpect device from an IP address of 24.0.34.205 (external Comcast Address). The reverse-proxy then goes to the internal VIP, which lands it on one of the 4 web servers. On the web servers, I see a request coming from the SNAT address of the F5.
I have the entire 172.16.0.0/21 network SNAT to one IP address, so this is of course the IP address that I see on the SiteSpect device. All servers have a default gateway of the F5 internal floating IP address (172.16.1.240).
To try to remediate this SNAT, i put a simple iRule on the internal VIP that removes the SNAT.
when CLIENT_ACCEPTED {
log "Removing SNAT"
snat none
}
However, once I remove the SNAT, the traffic never appears to get to the web servers. Unfortunately, I am also not able to use the "Insert XForwarded For" either, because of the changes necessary to our code and to our apache servers.
I did some searching through the Forums to look for any other iRules that may assist myself in this issue, but I have not found anything yet that would help tackle this problem. Has anyone else experienced this problem?