Forum Discussion

Omer_Twito_2618's avatar
Omer_Twito_2618
Icon for Nimbostratus rankNimbostratus
Jun 21, 2016

Irule to redirect 1 virtual server to multiple pools

Hi, In our lab enviornment we have a virtual server that function as a reverse proxy and configured to accept TCP profile only because we are using a self signed certificate. Today I got a request to add additional pool for another url. My question is: Because I cannot add http profile to the virtual server is there any option to create an irule that redirects the request to different urls (pools) but uses the same virtual server on client_accepted event? for example: when Client_accepted { switch (the parameter I'm trying to figure out what it is) { "myurl1.com" {pool mypool1} "myurl2.com" {pool mypool2} } }

 

Thanks in advance, Omer.

 

devops
iRules

3 Replies

Sort By
  • Arnaud_Lemaire's avatar
    Arnaud_Lemaire
    Icon for Employee rankEmployee
    Jun 21, 2016

    if you stick to TCP you can only use L3/L4 information to direct users.

     

    i don't get your point why you cannot use L7 virtual with http profile and ssl profile ?

     

  • tatmotiv's avatar
    tatmotiv
    Icon for Cirrostratus rankCirrostratus
    Jun 21, 2016

    Why would a self signed certificate prevent you to add an http profile to the virtual?

     

    Did you mean you need different certs depending on the host header in the request? If that's the case, you could try to use SNI (server name indication) in the clientssl profile on your Big IP and thus be able to deliver several certificates from the same ip/port depending on the host being requested. Then, you can also deploy an http profile and have an iRule react on HTTP host / URI or such.

     

    See here for details about SNI.

     

    HTH

     

    Martin

     

  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Jun 21, 2016

    You would probably have to utilize some kind of TCP::collect in order to make decision without using http profile.

     

    If you would like to use SSL off-loading, it should be straightforward with HTTP profile and SSL terminated on the F5. You can also re-encrypt the traffic and send encrypted traffic to server using serverside SSL.