For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

senthil's avatar
senthil
Icon for Nimbostratus rankNimbostratus
Nov 27, 2019

Irule to insert SNI based on Pool member

Hi   I have following Irule which inserts SNI based on Pool member but Pool member IP is changing so i created FQDN object but unable to insert SNI using fqdn,   Can you help me in creating ...
application delivery
BIG-IP
iRules
Heinrichm5's avatar
Heinrichm5
Icon for Altocumulus rankAltocumulus
Nov 27, 2019

This is based purely on this link CloudDocs Wiki: LB::Server and an server ssl profile irule I saw a year back, but forgot the source of. I do not have any experience with this irule, nor have I tested it.

You could create multiple server ssl profiles each with it's own Server Name value. 

when LB_SELECTED {
    log local0. "LB_SELECTED: Connected to [LB::server name] [LB::server addr]"
 
    switch [LB::server name] {
        "abcd.domain.local" { SSL::profile abcd_serverssl }
        "efgh.domain.local"  { SSL::profile efgh_serverssl }
  }
 

It is possible that the SSL::profile command can't be utilised in the LB_SELCTED event, in which case you'll have to move it to SERVER_CONNECTED (which is where the example I saw used it).

senthil's avatar
senthil
Icon for Nimbostratus rankNimbostratus
Dec 01, 2019

Thank you .

 

I tried using above IRule but its selecting Pool name instead of pool member fqdn.

 

 

Thanks

Senthil

  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for Noctilucent rankNoctilucent
    Dec 01, 2019

    If you read the Wiki, thats what it says,

    LB::server name¶
returns a Tcl list with pool, pool member address and port. If no server was selected yet or all servers are down, returns default pool name only.