Forum Discussion

John_Klemm_4418's avatar
John_Klemm_4418
Icon for Nimbostratus rankNimbostratus
Oct 20, 2006

layout

here is my Irule for two new servers coming in on VIP .77

 

when HTTP_REQUEST {

 

switch [string tolower [HTTP::host]] {

 

sites.xxx.xxx.mil { pool sites.xxx.xxx.mil_pool}

 

eusmc.xxx.xxx.usmc.mil {pool

 

eusmc.xxx.xxx.usmc.mil_pool}

 

ehqmc.xxx.xxx.usmc.mil {pool

 

ehqmc.xxx.xxx.usmc.mil_pool}

 

tecom.xxx.xxx.usmc.mil {pool

 

tecom.xxx.xxx.usmc.mil_pool}

 

mccdc.xxx.xxx.usmc.mil {pool

 

mccdc.xxx.xxx.usmc.mil_pool}

 

caocl.xxx.xxx.usmc.mil {pool

 

caocl.xxx.xxx.usmc.mil_pool}

 

default {pool default_pool}

 

}

 

}

 

 

Vip .77 already is running one site and has an SSL cert attached to it. The ssl cert is a single self signed cert. I added the irule above because we have a new customer that will be using the same Vip but hosting different sites than our current customer. Our current customer own two servers which are identical address is portal.xxx.xxx.mil. I have created separate pools for each site listed above. When I applied this irule in hopes that the new sites and the irule would point the traffic to the new pool. It isn't working can anyone tell me why?
application delivery
dev
devops
iRules
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Nov 02, 2006
    It looks like you coded the switch statement appropriately, assuming that each hostname with "xxx.xxx" in it matches the incoming hostname fromt he client, and the pool is valid.

    If the incoming connections are SSL, though, you'd have to first decrypt those requests via a CLIENT-SSL profile on the BIG-IP, before the iRule would be able to interpret any of the header data, such as the Host.

    Are you doing this? If so, you're probably going to get warnings about the domain name on the cert you're using for your CLIENT-SSL profile, as you can only assign a single cert to that profile, and you're trying to use a single SSL vip to host multiple hostnames. That is unless you're using a wildcard cert for usmc.mil.

    
when HTTP_REQUEST {
  switch [string tolower [HTTP::host] ] {
    sites.xxx.xxx.mil { 
      pool sites.xxx.xxx.mil_pool
    }
    eusmc.xxx.xxx.usmc.mil {
      pool eusmc.xxx.xxx.usmc.mil_pool
    }
    ehqmc.xxx.xxx.usmc.mil {
      pool ehqmc.xxx.xxx.usmc.mil_pool
    }
    tecom.xxx.xxx.usmc.mil {
      pool tecom.xxx.xxx.usmc.mil_pool
    }
    mccdc.xxx.xxx.usmc.mil {
      pool mccdc.xxx.xxx.usmc.mil_pool
    }
    caocl.xxx.xxx.usmc.mil {
      pool caocl.xxx.xxx.usmc.mil_pool
    }
    default {
      pool default_pool
    }
  }
}

    Colin