My site enabled IPv6 for a front-end app, so I created a AAAA RR for it proxied through CloudFlare. The public IPv4 is dest NAT on Firewall, IPv6 is just reside on the LB without NAT (simple routing)
The RR may look like this:
wiki.example.com A 192.0.2.10 Proxied
wiki.example.com AAAA 2001:db8::192:0:2:10 Proxied
Traffic would be like this:
Client ---> CloudFlare ---> Firewall ---> LB ---> App
When a client with IPv6 (dual-stack IPv4/v6) browses to wiki.example.com, in traffic log on the firewall, I can only see CloudFlare connecting to my LB’s NAT IPv4
If I removed Proxied, allowing the traffic to come directly to my site:
wiki.example.com A 192.0.2.10
wiki.example.com AAAA 2001:db8::192:0:2:10
Client ---> Firewall ---> LB ---> App
Then if client with IPv6 (or dual-stack) connects to the site, the firewall log can see the client’s IPv6 connecting to my LB IPv6.
When IPv4-only client connects, the firewall log can see client’s IPv4 connecting to my LB’s NAT IPv4.
Is this expected behaviour?