Using Dedicated Load Balancers to Transfer Client IP Address

Overview

Dedicated load balancers transfer client IP addresses in different ways based on whether they use Layer 4 or Layer 7 listeners to route requests.

• Transfer Client IP Address is enabled by default for TCP and UDP listeners of dedicated load balancers. Load balancers communicate with backend servers using client IP addresses. You can check the backend server logs to obtain client IP addresses.
• Transfer Client IP Address is enabled by default for HTTP, HTTPS, and QUIC listeners of dedicated load balancers, which means that client IP addresses can be placed in the X-Forwarded-For header and transferred to backend servers. The first IP address in the X-Forwarded-For header is the client IP address.

Precautions

If Transfer Client IP Address is enabled:

• A server cannot serve as both a backend server and a client. If the client and the backend server use the same server, the backend server will think the packet from the client is sent by itself and will not return a response packet to the load balancer. As a result, the return traffic will be interrupted.

• Traffic, such as unidirectional data transmission or push traffic, may be interrupted when backend servers are being migrated. After backend servers are migrated, you need to retransmit the packets to restore the traffic.

Transferring Client IP Addresses at Layer 4

In some special cases, Transfer Client IP Address does not work. You can obtain client IP addresses by referring to Table 1.

Transferring Client IP Addresses at Layer 7

You can configure the backend servers to ensure that they can correctly parse the X-Forwarded-For header to obtain client IP addresses.

The X-Forwarded-For header is in the following format:

X-Forwarded-For: <client-IP-address>, <proxy-server-1-IP-address>, <proxy-server-2-IP-address>, ...

The first IP address included in the X-Forwarded-For header is the client IP address.