When Subnet Originating Requests is enabled, the LoadMaster changes the originating IP address of the traffic. Normally, the traffic is seen being sent from the VS address. With SOR enabled, traffic is seen as being sent from the local interface address. There are exceptions to this, refer to the following sections for more examples:. This is needed in two-armed setups when SSL offloading is enabled.

The example diagram above is explained as follows:

  • Traffic flows from the client to the VS to the Real Server
  • The Real Server sees traffic originating from the 10.0.0.15/24 VS and replies using its default gateway
  • The default gateway responds to the LoadMaster using the eth0 network 10.0.0.x/24
  • With SOR enabled, the Real Server sees traffic originating from the eth1 interface (10.20.20.21) and replies directly to the LoadMaster

We recommend enabling SOR by default when creating VSs, unless you require transparency.

Warning: Currently, SOR does not work with non-local Real Servers. If non-local Real Servers are being used with SOR, the Real Servers see traffic as originating from the VS address. An exception to this is if SSL re-encryption is in use, which changes the address to the default gateway interface. Other factors can change how the traffic is NATed and what route will be used, such as transparency, static routes, and so on.