01-31-2017 07:27 AM
Hi to all !
I have two VTM nodes in cluster with SSL decryption for http traffic.
All traffic goes from internet to VTM nodes, after that traffic goes to
kubernetes load balancer. My problem is to getting real source IP
inside the kubernetes.
Previously kubernetes worked without VTM and all was fine.
Any idea ?
02-10-2017 07:57 AM
Hello @Sergey Sevruk
I spoke with a TAC Representative regarding your questions and this was their response:
The traffic manager has a feature made just for this scenario. “IP Transparency”.
For the virtual appliance version of the traffic manager product, it can be enabled with the Services > Pools > %PoolOfInterest% > Connection Management > IP Transparency > transparent configuration key. However, there is more to consider than just this single configuration key.
1) Return traffic from the nodes must still be routed through the traffic manager, so the back-end nodes must be configured to use the traffic manager as their default gateway for outgoing traffic.
2) Check the System > Networking > IP transparency section of the user interface. Make sure that the “iptrans!iptables_enabled” and “iptables!config_enabled” configuration keys are set to “Yes”.
3) Review chapter two of your traffic manager version’s manual for further details. (Chapter 2: Network Layouts > IP Transparency)
4) For enabling IP transparency on a “software install” (where you deploy the traffic manager application on top of the Linux OS of your choice), you may want to consult with your region’s sales engineer. In this case, you will need a functioning IP tables configuration on the operating system, which is beyond the scope of Brocade support.
I hope this helps you! If we may be of any further assistance via the Community, please let us know.
Brocade Community Team