BGP Multipath & return routes

Posted by Dennis van der Stelt on Server Fault See other posts from Server Fault or by Dennis van der Stelt
Published on 2012-06-22T08:39:13Z Indexed on 2012/06/22 21:18 UTC
Read the original article Hit count: 475

Filed under:
|
|
|

I'm probably a complete n00b concerning serverfault related questions, but our IT department makes a bold statement I wish to verify. I've searched the internet, but can find nothing related to my question, so I come here.

We have Threat Management Gateway 2010 and we used to just route the request to IIS and it contained the ip address so we could see where it was coming from. But now they turned on "Requests apear to come the TMG server" so ip addresses aren't forwarded anymore. Every request has the ip of the TMG server.

Now the idea behind this is that because of multipath bgp routes, the incoming request goes over RouteA, but the acknowledgement messages could return over RouteB. The claim is that because the request doesn't come from the first known source, our proxy, but instead from IIS, some smart routers at the visitor of our websites don't recognize the acknowledgement message and filter it out. In other words, the response never arrives.

Again, this is the claim. But I cannot find ANY resources on the internet that support this claim. I do read about bgp multipath, but more in the case that there are alternative routes when the fastest route fails for some reason.

So is the claim completely bogus or is there (some) truth to it? Can someone explain or point me to resources?

Thanks in advance!

© Server Fault or respective owner

Related posts about proxy

Related posts about bgp