From: Winter, R. Stephen (SWinterIZZATbecu.org)
Date: Tue Jan 06 2004 - 15:30:00 EST
>If I have the F5 performing NAT to get the client traffic to a pool
>member, then I shouldn't need to have the internal IP of the F5 be the
>default gateway for the pool members, right? That's what I'm trying to
>avoid, because I plan to have the F5 and pool members on different
>VLANS, and it'd be a shame to have, for example, SSH traffic destined
>for the pool members have to go through the F5 in the DMZ to get back to
That should be Ok. You would just setup a default SNAT and the BigIP will deliver the packet with a source address of it's own, not the real source.
>If I'm NAT'ing the incoming HTTPS traffic, I'm going to lose the
>original client IP address, so there's no way I can have Apache log that
>info. How is the logging on the F5 itself? Can it log to a syslogd
>server? That'd be really helpful for reconciling the logs between (1)
>the F5, (2) Apache, and (3) my application server.
I'm not sure if the BigIP can log session/connection traffic like that. It might not be very useful anyway. If you have a site that gets alot of traffic, you might have pages of logs that all have the same timestamp all with a source of the BigIP.
IT Network & Security, BECU
NOTICE: This communication and any attachments may contain privileged or otherwise confidential information. If you are not the intended recipient or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received without printing, copying, retransmitting, disseminating, or otherwise using the information. Thank you.
The Load Balancing Mailing List
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
This archive was generated by hypermail 2.1.4 : Tue Jan 06 2004 - 15:44:46 EST