Forum Discussion
krisdames2
Altostratus
Altostratusirule help - pool command and ERR_RTE Routing problem
I am running on 14.1.4 and I have an iRule on an HTTPS virtual in route domain 1 with an iRule to do content switching based on URI. The new pool I am switching to has members that require SNI. It is failing even though I have connectivity to the pool members via the command line (while in the same route domain) so it does not seem to be a firewall issue. The server SSL profile I am using is providing the hostname required by the pool members.
when HTTP_REQUEST {
set foo 0
if { [HTTP::uri] starts_with "/foo/" } {
set foo 1
pool my_pool
}
}
when SERVER_CONNECTED {
if { $foo } {
SSL::profile /ROUTEDOMAIN1/serverssl-mypool
}
}
when LB_FAILED {
log local0. "DEBUG2: event info: [event info]"
log local0. "DEBUG2.1: lb info: [LB::server]"
}The error given by [event info] is:
<LB_FAILED>: DEBUG2: event info: ERR_RTE
<LB_FAILED>: DEBUG2.1: lb info: /ROUTEDOMAIN1/my_pool 13.x.x.x 443
Any ideas about ERR_RTE ?
Hello,
Did you add all of the SSL profiles to the virtual servers (in case there is is a default one), did you add the server name inside the SSL profile used?
take a look at this article, it might be useful.
https://support.f5.com/csp/article/K13452#p4
krisdamesCirrus
.
krisdames2Mohamed_Salah_,
I only have one SSL server profile attached to the virtual. Are you suggesting additional profiles must be attached to the virtual if I want to call them in an iRule with SSL::profile? The SSL server profile that I am calling in my iRule does have the server name that the new pool members need.
I think you should start considering generating a new tcpdump and decrypting the traffic using the below article.
tcpdump -nnnveti 0.0:nnnp host "client IP" and port 443 -s0 -S -w /var/log/pcapname.pcap
Decrypt traffic and assign the irule on the virtual server:
https://support.f5.com/csp/article/K12783074
