Zeus Traffic Manager manages network connections from remote clients separately to the network connections to the local server machines. This allows Zeus much more freedom in how it processes request data, schedules HTTP requests and SSL-decrypts connections. However, one side effect is that the back-end server observes that connections originate from the Zeus machine, not the remote client.

This article describes several strategies for dealing with this limitation if it proves to be a problem in a particular environment.

1. IP Transparency in the Zeus Software

Zeus provides an IP Transparency Linux kernel module that may be used on supported Linux environments. The Zeus software interfaces with this module to modify the source address of traffic sent to back-end servers, so that the server observes the request as originating from the remote client.

You will need to compile and install this module (refer to the instructions) and it is only available on supported Linux kernels.

2. IP Transparency in Zeus' Virtual and Hardware Appliances

Zeus' Appliances (Virtual and legacy hardware) include a complete, hardened operating system that is equipped with the IP transparency module. IP transparency will work out-of-the-box.

3. Perform the IP-dependent task using the Zeus software

Generally, IP transparency is required because the back-end application performs a task that requires knowledge of the correct source address of the connection. Examples or such tasks include authentication of the source IP address, and connection logging.

In many cases, it's possible to perform this task in the Zeus softwate itself. For example:

• An SMTP server may perform a DNS lookup to check the IP address against a blacklist. This functionality can be moved into Zeus Traffic Manager, using a TrafficScript rule that performs the DNS lookup and can drop the connection if desired.

• A Web Server may log connections, and the admin may wish to log the correct source IP address for each request. Zeus's access logging can be used instead, to log the request on the Zeus machine.

4. Modify the behaviour of the server application

When Zeus manages an HTTP connection, it adds an 'X-Cluster-Client-Ip' header to the request that identifies the true source address. A web based application that wishes to know the source address of the connection could inspect the value of this header instead.

Web Server modules

Zeus Web Server automatically trusts the value of the 'X-Cluster-Client-Ip' header and presents the correct source IP address to applications, authentication engines and log modules running within the server.

We have custom modules for Apache, Apache2 and iPlanet/Sun servers that perform the same function. For more details, take a look at the following FAQ articles:

• Preserving the Client IP address to Apache servers and Applications
• Preserving the Client IP address to iPlanet/SunONE/Sun Java System Web Server servers and Applications

Owen Garrett [Zeus Dev Team] 02 December 2005 1 comment