"Content Switching" to non-addressable virtual server
- Dec 14, 2022
m0j0If your intent is to save IP space and this traffic is stricly for http you can get away with a fairly simple iRule that will catch everything that comes through on the one virtual server
when CLIENT_ACCEPTED { set DEFAULT_POOL [LB::server pool] } when HTTP_REQUEST { set HOST [string tolower [HTTP::host]] switch -glob $HOST { "www.mycompany.com" { pool pool1 } "email.mycompany.com" { pool pool2 } default { pool $DEFAULT_POOL } } }
If any of these sites run over HTTPS then you would have to perform SSL termination on that particular virtual server before using the above iRule on it as well if you send the decrypted traffic to the servers. Typically you would have 2 pools one for 80 and one for 443 but the pool members would typically use an alternate port such as 8080 so that you can differentiate between what came in as HTTP and what came in as HTTPS traffic. If you have multiple SSL certificates you can go a step further and use SNI on the virtual server but I would recommend going the route of having a SAN SSL cert or wildcard SSL cert depending on the SSL FQDNs that you are using.
- Dec 14, 2022
Hi m0j0,
first of all - everything said above is right. I just want to expand a bit on the differences between Citrix and F5.
In Citrix, if memory serves, you have separate vservers for Content Switching that work on L7 and vservers that do L4 loadbalancing.
In F5 you can do that with one virtual server. You don't have to layer things like in Citrix.
Depending on the parameters you set for a virtual server, it'll be either a L7 or a L4 virtual. The loadbalacing decission is made at the level of the loadbalancing pool. One of the properties of a pool is the load balancing method used.Hope this cleared up some things.
Daniel