Get client IP address without changing externalTrafficPolicy to Local


We have a cluster on GCP with installed Istio 1.12.6.
Now, we need to get the actual client IP address in our microservices.

I managed to configure the istio ingress service to propagate the IP address by changing the externalTrafficPolicy from Cluster to Local.
Unfortunately, this change affects the load balancing and the availability of our services.
For example: when we trigger an istio update from 1.12.5 to 1.12.6 using revisions, there is a short downtime (some ping requests are failing), even that we have ingress gateway pod on every node.
This is not the case if externalTrafficPolicy=Cluster.

Is there a way to preserve the high availability of our services (externalTrafficPolicy=Cluster) and propagate the client ip address to our services?

I saw that there is an Istio configuration numTrustedProxies which can control the value of x-envoy-external-address header based on X-Forwarded-For header, but in our case there is no XFF header at all.