Forum Discussion
NimbostratusHTTPS VS inbound and :Port to Pool Selection
I't trying to get an inbound https VS working with an irule that will look at :port and send to the correct pool. If no port matched send reject.
https//:mytestlab.com:8080 https//:mytestlab.com:8081 https//:mytestlab.com:8082
I have been trying the below irule
when CLIENT_ACCEPTED {
switch [TCP::local_port] { "8080"{ pool mytestlabtest.com-8080 } "8081"{ pool mytestlabtest.com-8081 } "8082"{ pool mytestlabtest.com-8082 } default{ log local0.alert "[virtual name] [TCP::local_port] - No port match - TCP Reject" reject } } }
4 Replies
Cory_50405Noctilucent
Might be easier to just setup a different VS for each one specifically listening on its individual port. Then assign pools appropriately.
Joe_5599_134300I have done this before with a single Any Port 0 VS, now trying to get working with 443 VS doing the offload then send traffic to the correct pool by inspecting tcp port in request.- Cory_50405Understand, just thinking it would be simpler to use a virtual server for each port. Then there's no need for any iRules. It can certainly be done the way you are going.
This is almost never a good idea, as Cory stated you're much better off using multiple VS and attaching the pools appropriately. By default the LTM will drop traffic that doesn't match, you can do the reject if you really want by doing
VS_8080 x.x.x.x:8080 -> type standard, pool mytestlabtest.com-8080 VS_8081 x.x.x.x:8081 -> type standard, pool mytestlabtest.com-8081 VS_8082 x.x.x.x:8082 -> type standard, pool mytestlabtest.com-8082 VS_0 x.x.x.x:0 -> type rejectThat lets you put the appropriate profiles (like independent clientssl profiles) on each VS. It's more efficient than using an iRule and easier to read.
If you want to log the rejects you would attach an iRule with a log statement to VS_0, or use a logging profile, or AVR.
If you really, really want to do this with the port 0 VS and iRule then you can do it with a switch as you have above.
