This section discusses lists the caveats that are common for both Preserve Client IP for IPv4 and IPv6.

• Updating the redirect rule (change of port number of the pool or changing the FIP IP in the SE group) will cause traffic loss for around 90 seconds

• Using the same pool server and port for preserve client IP and non-preserve client IP virtual service across SE groups causes the non-preserve client IP virtual service to be marked down due to health monitor traffic failing

• Distributing load and auto-redistributing load properties of SE-group are not supported.

• Preserve client IP does not work with SNAT rule for the pool server applied on the same Tier-1 Gateway.

• Do not enable IP routing using the network service routing_service on SEs where Perserve Client IP functionality is enabled.

• Due to presence of the redirection rule, it is not possible for clients to directly connect to a server that is part of a Pool in a Preserve Client IP Virtual Service using the Pool’s back-end port.

• For the Service Insertion redirection to operate correctly, the following topology constraints must be followed regarding the location of clients, servers and Service Engines:

  • Clients cannot be connected to any segment of a Tier-1 gateway to which the Service Engines hosting Preserve Client IP services are attached.

  • Clients can be outside of the NSX-T overlay network provided that the VIP is reachable.

  • Clients can be connected to a segment of another Tier-1 gateway provided that the VIP is reachable.

  • Pool members (servers) must be attached to a segment of a Tier-1 gateway to which the Service Engines hosting Preserve Client IP services are attached.

  • Pool members cannot be attached to the same segment that the Service Engines themselves attach to.

  • Different pool members may be attached to different segments of this Tier-1 gateway if required.