Forum Discussion

MustphaBassim's avatar
Jun 16, 2023

forward traffic based on name

Hello Dears

any method to make F5 choose the correct virtual server based on name for exmaple :

ex1.f5.com -->192.168.1.1-->pool node 1

ex2.f5.com--> 192.168.1.1-->pool node 2

 

Bests

5 Replies

  • MustphaBassim I am unaware of a way to force an LTM to listen on FQDN rather than IPv4/IPv6 addresses. What is your use case to have the LTM listen on FQDN rather than a specific IP so we might assist you with an appropriate solution?

    • MustphaBassim's avatar
      MustphaBassim
      Icon for Cirrus rankCirrus

      Hello Dear

      i have one public IP and more than domain need to be published as https service so in this case it is need to move traffic to pool based on URL

      • Paulius's avatar
        Paulius
        Icon for MVP rankMVP

        MustphaBassim If your end users use SNI you can configure SNI on one virtual server (VS) with multiple Client SSL Profiles and then all sites can use the one VS. You can attach an iRule to the VS and send different host fields to different pools. Alternatively you can purchase one SSL certificate that matches the different FQDNs and put that one Client SSL profile on the VS and use the iRule to split the traffic between the different pools. The only other alternative would be to configure a PAT on your perimeter device that listens for 443 and NATs that the F5 VS IP on port 443 and then the other one can have 8443, example "https://example.com:8443/" which then hits the perimeter device and does a PAT for 8443 to the other F5 VS IP on 443. The best option for all users to be supported would be the one SSL certificate that covers all FQDNs, second would be SNI, and the last one would be the PAT because that would require the end user to know to put the alternate port in the URL.

    • Paulius's avatar
      Paulius
      Icon for MVP rankMVP

      Mohamed_Ahmed_Kansoh based on the reply earlier in the post it seems like they would like the destination in the VS needs to be an FQDN rather than and IPv4 or IPv6 address.