On Wed, Mar 28, 2007 at 10:11:51AM +1100, Russell Coker wrote: > Has this problem been solved for a protocol other than HTTP? In theory you > could have a user-space TCP stack that sends data to the back-end server with > a source address that is the same as that of the origin. Has anyone done > this?
If it has, I've not seen it in any RFCs nor in any of the most common load-balancing solutions for Enterprises (all products I know of are closed-sourced so I will not provide names) I've worked with. Most of them avoid this issue by working inline and NATting the destination IP of incoming requests transparently. That way they original IP address is preserved. Including the "standard" X-Forwarded-For HTTP header when working with transparents proxy is somewhat common for those devices not working inline with the traffic flow. Although that is rarely used for more than log statistics (visitors, etc) since authentication is typically application-level based. Just my 2c. Javier
signature.asc
Description: Digital signature
