0

When using Network Load Balancer (TCP/SSL) with GCP If you look at Session affinity, there is a Client Source IP. At first, I thought the function was to remove the XFF header and see the original USER IP

https://i.stack.imgur.com/oH8c5.png

https://i.stack.imgur.com/onCCY.png

https://i.stack.imgur.com/Qa3NZ.png

Looking at the explanation, I don't think it's right. I want to understand that, but it doesn't exist in Google Docs. I want to know about that part.

https://developer.mozilla.org/ko/docs/Web/HTTP/Headers/X-Forwarded-For I thought it was that part I don't know because there's no clear explanation..

Seong Gi Choi
  • 1
  • 1
  • I am not sure what you are asking. The `X-Forwarded-For` is a list of IP addresses. The first address is the client's IP address, then the first forwarding proxy, then the next proxy, etc. If the client is directly connecting to the Google Cloud Load Balancer, then the `Client IP` specified in your third screenshot will be the same as the connecting client. Unless you have a complicated network, you can ignore these details. – John Hanley Jul 19 '23 at 07:42
  • Your post mentions removing the `X-Forwarded-For` (XFF) header. Nothing removes that header. The backend application will be able to read that HTTP header and see the list of IP addresses. That header can be forged, so it should not be trusted. For the load balancer, the system that connected to the load balancer is considered the Client IP. – John Hanley Jul 19 '23 at 07:42
  • Hello, John Hanley What I want to know is what function Client Source IP is in Session Affinity selection when GCP Network Load Balancer is selected. – Seong Gi Choi Jul 19 '23 at 08:02
  • Which part of Google's description (your third screenshot) is confusing? Same source + same destination -> same instance. – John Hanley Jul 19 '23 at 09:01

0 Answers0