Oracle Cloud Infrastructure Documentation

Enabling Network Load Balancer Source/Destination Preservation

Configure your network load balancer so that the original source and destination header (IP addresses and ports) of each incoming packet is preserved all the way to the backend server.

You can configure your network load balancer so that the original source and destination IP addresses and ports contained in the header of each incoming packet are preserved all the way to the backend server. The network load balancer does not modify packet characteristics. The source and destination IP header information is identical when viewed at the network load balancer or a backend server. No network address translation (NAT) occurs.

Note

If source/destination preservation is enabled, the Network Load Balancer service does not support users selecting the backend servers using their IP address.

Use load balancer preservation to operate in a bump-in-the-wire kind of mode to scale their network virtual appliances (NVAs) such as firewalls and software-defined wide area networks (SD-WANs).

Configure the network load balancer as a route target (private IP next hop following the route rule on the internet gateway (IGW)/dynamic route gateway (DRG) route table). Incoming traffic is not directed to the network load balancer virtual IP but instead is directed to the actual server.

Note

  • The Source/Destination Preservation feature is only available on the private network load balancers.

  • Enabling this feature changes the source and destination addresses of connections between the network load balancer and the backend sets. Update the VCN route tables applied to relevant subnets to ensure traffic is routed correctly for the preserved source and destination addresses. See VCN Route Tables for more information.

These instructions are for enabling the Source/Destination Preservation feature in an existing network load balancer. You can enable this feature when you first create the network load balancer. See Creating a Network Load Balancer for more information.

    1. Open the navigation menu, click Networking, and then click Load balancers. Click Network load balancer. The Network load balancers page appears.
    2. Select the Compartment from the list. All network load balancers in that compartment are listed in tabular form.
    3. Select a State from the list to limit the network load balancers displayed to that state.
    4. Select the network load balancer that you want to preserve the header information of incoming packets. Its Details page appears.
    5. Click Edit preservation. The Edit preservation dialog box appears.
    6. Check Preserve source/destination header (IP, Port) to enable this feature.
    7. Click Save changes.

  • Use the --is-preserve-source true option when running the oci nlb network-load-balancer create or oci network-load-balancer update commands to create or update a network load balancer's preservation:

    oci nlb network-load-balancer create ... --is-preserve-source-destination true
    or
    oci nlb network-load-balancer update --network-load-balancer-id network_load_balancer_ocid ... --is-preserve-source-destination true

    When enabled, skipSourceDestinationCheck is automatically turned on the load balancer VNIC, and packets are sent to the backend with the entire IP header intact.

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Include the isPreserveSourceDestination=true option when creating or updating the network load balancer. When enabled, skipSourceDestinationCheck parameter is automatically turned on the load balancer VNIC, and packets will be sent to the backend with the entire IP header intact. See CreateNetworkLoadBalancer or UpdateNetworkLoadBalancer for more information.