CirrostratusHi,
I wonder if there is a way to set pool so it has one member using http and another https. I am pretty sure it's not possible via VS settings as ServerSSL is global for VS - so either traffic to all pool members is encrypted or not.
However I hope it could be done using iRule - I will appreciate any ideas, resources pointing into right direction how such iRule should look like.
Piotr
MVPHi Piotr,
a pool is just a dump collection of IP:Port combinations, so you can mix :80 and :443 as you want. You can even pool different instances of the same node into one pool...
You're right, that you have to use an iRule to selectively control the server side SSL Profile. I guess using the
[TCP::remote_port][SSL::enable][SSL::disable]when SERVER_CONNECTED {
if { [TCP::remote_port] equals "443" } then {
SSL::enable serverside
} else {
SSL::disable serverside
}
}
Cheers, Kai
MVPHi Piotr,
although LTM Policies do have a support for enable/disable Server SSL Profiles, I do strongly believe that LTM Policies can't be used for this specific scenario. In addition to that, do I believe that LTM Policies in its current implementation are performance wise rather suboptimal to control Server SSL Profiles. The reasons for that are...
LTM Policies are proccessed before the actual LB selection is completed. So you wont get the chance to grap the port number of the selected pool to selectivly disable/enable the Server SSL Profile.
LTM Policies would reenable/redisable the SSL Profile on each single request, where iRule can be adjusted to use ideally the
SERVER_CONNECTEDCheers, Kai