Forum Discussion

kunalPatel_3157's avatar
kunalPatel_3157
Icon for Cirrus rankCirrus
Jun 25, 2018

How can I select pool through FQDN for other ports than 80.

Limiting the use of public IP addresses

 

I have done something new in our production Environment to save public IP address like url server1.xyz.com and server2.xyz.com both will have same DNS entry and then following irule will take care of redirecting our different client connect to different POOLS like this

 

when HTTP_REQUEST {

 

if { [HTTP::host] equals "server1.xyz.com" } { pool client1 return }

 

if { [HTTP::host] equals "server2.xyz.com" } { pool client2

 

return }

 

I want to achieve same on other ports such as 22 , 5666

 

Can anyone help me with this since HTTP_REQUEST won't work for port 22? How can I select pool through FQDN for other ports than 80.

 

application delivery
iRulesLX
LTM

3 Replies

Sort By
  • Anesh's avatar
    Anesh
    Icon for Cirrostratus rankCirrostratus
    Jun 25, 2018

    The tcp payload will not have the FQDN, why not make decisions based on port, for non http events like below

    when CLIENT_ACCEPTED {    
    if { [TCP::local_port] equals "22" } {        
        pool test_22_pool
    } elseif { [TCP::local_port] equals "5666"} {   
        pool test_5666_pool
    }
}
  • Surgeon's avatar
    Surgeon
    Ret. Employee
    Jun 26, 2018

    If you are using different port number why you can not create a vip per port and assign related pool to the vip?

     

    It more simple, reliable and easy for troubleshooting and maintenance.

     

  • Surgeon's avatar
    Surgeon
    Ret. Employee
    Jun 26, 2018

    big-ip can not decrypt SSH traffic, on top of that ssh has no URI. You can create a vip per domain name and assign related pool for that.

     

    host1.ssh.example - 1.2.3.4:22

     

    host2.ssh.example - 1.2.3.5:22

     

    etc.

     

    As alternative, you can redirect to specific pool member based on src ip if every client requires its own pool.

     

    One more thing. You can use forwarding VIP which no pool required and traffic will be sent to specific pool member. But in this case you need specify back-end server's Ip address directly while accessing the back-end server.