Using Dedicated Load Balancers to Transfer Client IP Address
Overview
Dedicated load balancers transfer client IP addresses in different ways based on whether they use Layer 4 or Layer 7 listeners to route requests.
- Transfer Client IP Address is enabled by default for TCP and UDP listeners of dedicated load balancers. Load balancers communicate with backend servers using client IP addresses. You can check the backend server logs to obtain client IP addresses.
- Transfer Client IP Address is enabled by default for HTTP, HTTPS, and QUIC listeners of dedicated load balancers, which means that client IP addresses can be placed in the X-Forwarded-For header and transferred to backend servers. The first IP address in the X-Forwarded-For header is the client IP address.
- TLS listeners do not support Transfer Client IP Address. You can enable ProxyProtocol to obtain the client IP address.
Precautions
If Transfer Client IP Address is enabled:
- A server cannot serve as both a backend server and a client. If the client and the backend server use the same server, the backend server will think the packet from the client is sent by itself and will not return a response packet to the load balancer. As a result, the return traffic will be interrupted.
- Traffic, such as unidirectional data transmission or push traffic, may be interrupted when backend servers are being migrated. After backend servers are migrated, you need to retransmit the packets to restore the traffic.
Transferring Client IP Addresses at Layer 4
In some special cases, Transfer Client IP Address does not work. You can obtain client IP addresses by referring to Table 1.
For details, see Using a Dedicated Load Balancer at Layer 4 to Transfer Client IP Addresses.
Listener Protocol |
Transfer Client IP Address |
When Transfer Client IP Address Fails |
Other Methods |
---|---|---|---|
TCP |
Supported |
|
|
UDP |
Supported |
|
N/A |
TLS |
Not supported |
N/A |
Transferring Client IP Addresses at Layer 7
You can configure the backend servers to ensure that they can correctly parse the X-Forwarded-For header to obtain client IP addresses.
The X-Forwarded-For header is in the following format:
X-Forwarded-For: <client-IP-address>, <proxy-server-1-IP-address>, <proxy-server-2-IP-address>, ...
The first IP address included in the X-Forwarded-For header is the client IP address.
For details, see Using a Dedicated Load Balancer at Layer 7 to Transfer Client IP Addresses.
Helpful Links
- Transfer Client IP Address is enabled by default and cannot be disabled when you add a listener on the console as below.
- Calling the API for adding a listener: transparent_client_ip_enable can only be set to true and the source IP addresses of the clients can be passed to backend servers.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot