Forum Discussion

Cirrus

Jan 24, 2019

Forward traffic to pool member with same port as VS - VIP is on port 0

Hi, Need help in setting up an application. VIP is on port 0 as the application can work on 30 ports. Now i want to forward the traffic to the pool member on the same port as it ar...

application delivery

BIG-IP

LeonS_296027

Nimbostratus

Jan 25, 2019

Where is you certificates located?

Aditya_Mehra
Cirrus
Jan 28, 2019
Hi Leon,

They are on the servers.
AceDawg1
Nimbostratus
Jan 28, 2019
Have you tried running a capture (tcpdump and ssldump) to determine where SSL communications are breaking down? If you're not familiar with ssldump, check out:
https://support.f5.com/csp/article/K10209
.
Aditya_Mehra
Cirrus
Jan 30, 2019
Hey, Did not take a tcp and ssl dump, but I added the below iRule and it works for http port.

when CLIENT_ACCEPTED { if {([TCP::local_port] != 80) && ([TCP::local_port] != 8103)} { HTTP::disable } }

But this does not work for https, the request passes through to the backend pool member succesfully but the X-Forwarded IP is not present. I believe as we disable the http profile then the X-Forwarded_http profile is not used at all.

Any workaround for this?
Aditya_Mehra
Cirrus
Feb 18, 2019
So what worked was that i offloaded the ssl on the f5 instead of the server and wrote an irule to disable ssl for the ports coming in for http. :)