Forum Discussion
NimbostratusIrule to insert SNI based on Pool member
Hi
I have following Irule which inserts SNI based on Pool member but Pool member IP is changing so i created FQDN object but unable to insert SNI using fqdn,
Can you help me in creating irule or other way to insert SNI based on backend pool member which is fqdn not static IP.
when LB_SELECTED {
log local0. "LB_SELECTED: Connected to [LB::server addr]"
switch [LB::server addr] {
"10.1.1.1" {
set sni_value [getfield abc.com ":" 1]
}
}
}
when SERVERSSL_CLIENTHELLO_SEND {
log local0. "SERVERSSL_CLIENTHELLO_SEND: Setting SNI to $sni_value"
SSL::extensions insert [binary format SSScSa* 0 [expr { [set sni_length [string length $sni_value]] + 5 }] [expr { $sni_length + 3 }] 0 $sni_length $sni_value]
}
Thanks
senthil
Heinrichm5Altocumulus
This is based purely on this link CloudDocs Wiki: LB::Server and an server ssl profile irule I saw a year back, but forgot the source of. I do not have any experience with this irule, nor have I tested it.
You could create multiple server ssl profiles each with it's own Server Name value.
when LB_SELECTED { log local0. "LB_SELECTED: Connected to [LB::server name] [LB::server addr]" switch [LB::server name] { "abcd.domain.local" { SSL::profile abcd_serverssl } "efgh.domain.local" { SSL::profile efgh_serverssl } }It is possible that the SSL::profile command can't be utilised in the LB_SELCTED event, in which case you'll have to move it to SERVER_CONNECTED (which is where the example I saw used it).
- senthil
Thank you .
I tried using above IRule but its selecting Pool name instead of pool member fqdn.
Thanks
Senthil
jaikumar_f5Noctilucent
If you read the Wiki, thats what it says,
LB::server name¶ returns a Tcl list with pool, pool member address and port. If no server was selected yet or all servers are down, returns default pool name only.