Forum Discussion

Frank_Zhang's avatar
Frank_Zhang
Icon for Nimbostratus rankNimbostratus
Feb 12, 2016

iRule Forward client traffic to different port by source IP addresses

I have an https server receiving client connections from the Internet. All client traffic uses default https port 443. Depending on the source IP addresses, the VIP will forward the traffic to a different port in the server. The server will listen to multiple ports. The plan is not offloading SSL with a client SSL profile if it's possible. I am thinking an iRule like the following: when CLIENT_ACCEPTED {

 

switch [class match [IP::client_addr]] Source-IP-Datagroup1 {

 

--forward to pool port 5001-- }

 

Source-IP-Datagroup2 {

 

--forward to pool port 5002-- } Source-IP-Datagroup3 {

 

--forward to pool port 5003-- }

 

default { -- drop client request-- } } First, is it possible to do that? second what's the syntax to replace --forward to pool port 5001-- ? Third, I am not planning to offloading SSL, can I still use HTTP_REQUEST? Thank you in advance. Frank.

 

application delivery
irule
iRules
LTM

2 Replies

Sort By
  • Frank_Zhang's avatar
    Frank_Zhang
    Icon for Nimbostratus rankNimbostratus
    Feb 12, 2016

    Thank you, Josiah for the quick answer. You're right, I only have one server listening multiple ports. Is the following working? when CLIENT_ACCEPTED {

     

    switch [class match [IP::client_addr]] Source-IP-Datagroup1 {

     

    pool serverPool 10.10.10.100 5001 }

     

    Source-IP-Datagroup2 {

     

    pool serverPool 10.10.10.100 5002 } Source-IP-Datagroup3 {

     

    pool serverPool 10.10.10.100 5003 }

     

    default { drop } } By the way, if needed I can use SSL offloading. Because the traffic needs to be encrypt again if client SSL offloading is used, so we prefer not to do it. Thanks again.

     

    Frank.