When a client connects to an A10 VIP (Virtual IP), the A10 establishes a separate TCP connection to the backend server. From the server’s perspective, the source IP of every single packet is the A10’s own LAN IP—not the remote user. This breaks logging, geo-location, rate-limiting, and security rules.
slb virtual-server VS-WebApp 203.0.113.10 port 80 http source-nat auto # Required for routing back to client service-group SG-WebServers insert-client-ip-header # The magic command for XFF a10 x-forwarded-for
Many applications serve different content based on country or region. Without the original IP, geolocation databases only see the data center’s location, breaking personalization. When a client connects to an A10 VIP
However, by inserting itself between the client and the server, an ADC creates a classic networking paradox: breaking personalization. However