This section discusses lists the caveats that are common for both Preserve Client IP for IPv4 and IPv6.

  • If the same application NSG is used in more than one virtual services (across SE group/across the cloud), each pool must have a different service port.

  • The Tier-1 hosting the VIP data segment must be associated with an Edge Cluster because the service insertion feature requires the Tier-1 to have a Service Router component.

Note:

Ensure that the sizing of the Edge cluster considers the traffic needs of the preserve client IP-enabled virtual service.

  • Updating the redirect rule (change of port number of the pool or changing the FIP IP in the SE group) will cause traffic loss for around 90 seconds

  • Using the same pool server and port for preserve client IP and non-preserve client IP virtual service across SE groups causes the non-preserve client IP virtual service to be marked down due to health monitor traffic failing

  • Distributing load and auto-redistributing load properties of SE-group are not supported.

  • Preserve client IP does not work with SNAT rule for the pool server applied on the same Tier-1 Gateway.

  • The Pool option use_service_port must be set to False (its default value). This corresponds to the checkbox Deactivate Port Translation in the Pool UI being unchecked. Due to the match criteria of the redirection rule, the features Preserve Client IP for NSX-T Overlay and Deactivate Port Translation are currently mutually exclusive.

  • Do not enable IP routing using the network service routing_service on SEs where Perserve Client IP functionality is enabled.

  • Due to presence of the redirection rule, it is not possible for clients to directly connect to a server that is part of a Pool in a Preserve Client IP Virtual Service using the Pool’s back-end port.

  • For the Service Insertion redirection to operate correctly, the following topology constraints must be followed regarding the location of clients, servers and Service Engines:

    • Clients cannot be connected to any segment of a Tier-1 gateway to which the Service Engines hosting Preserve Client IP services are attached.

    • Clients can be outside of the NSX-T overlay network provided that the VIP is reachable.

    • Clients can be connected to a segment of another Tier-1 gateway provided that the VIP is reachable.

    • Pool members (servers) must be attached to a segment of a Tier-1 gateway to which the Service Engines hosting Preserve Client IP services are attached.

    • Pool members cannot be attached to the same segment that the Service Engines themselves attach to.

    • Different pool members may be attached to different segments of this Tier-1 gateway if required.