Few days back one of my close friend asked me that:
Can we monitor the actual source client ip who requested for the web page when the web server is behind a load balancer?
Another question came in around the same time from one of my customer:
In X-Forwarded-For mode do we change the source IP in the header or not being in the proxy mode of the Load Balancer.
Well a short answer to the first question is yes definitely we can but that depends on which mode the Load Balancer is configured and answer to the second question is no we don’t change the source IP if you use X-Forwarded-For in the Application Profiles of Load Balancer.
So from the second question you can see how can one monitor the source IP of the client who requested for a web page where web servers are behind a load balancer. However, it is not always true, that means it is not applicable for all the modes available in Edge Load Balancer. It is only possible when you run your Load Balancer in proxy mode, aka One-Arm mode. The One-Arm implementation uses the HTTP X-Forwarded-For standard to redirect traffic to a different IP. So Client IP address is not preserved in this mode.
With the option “Insert X-Forwarded-For HTTP header” (under Application Profile), the Edge LoadBalancer adds the header “X-Forwarded-For” with the value Client-IP@. It does this if the configuration is with source NAT (not transparent in the pool) or without source NAT (transparent in the pool).
Note: If the client request hitting the Edge device already had the “X-Forwarded-For” header with a value, then the Edge LoadBalancer adds the source-IP@ seen next.
1. Client IP@ 126.96.36.199 request without “X-Forwarded-For”
The Edge LoadBalancer sends the request to the server with “X-Forwarded-For: 188.8.131.52”
2. Client IP@ 184.108.40.206 request with “X-Forwarded-For: 220.127.116.11”
The Edge LoadBalancer sends the request to the server with “X-Forwarded-For: 18.104.22.168, 22.214.171.124”
If you want to read more about the various load balancer function in NSX for vSphere then read this article: