Forum Discussion

J_T__47709's avatar
J_T__47709
Icon for Nimbostratus rankNimbostratus
Apr 16, 2008

Problem with SSL termination on LTM...

I couldn't configure LTM to balance https traffic to different pools (same target servers but different ports), depending on client IP address (using iRule), so I tried another approach...SSL terminat...
config
design
Deb_Allen_18's avatar
Deb_Allen_18
Historic F5 Account
Apr 17, 2008
J.T.: You should be able to LB both ways using your iRule (with or without SSL termination).

 

 

The real issue is the one to which cmbhatt alluded: The state change to "Disabled" didn't do what you expected, most likely because persistence was enabled in the pool and you were testing from only 1 IP address.

 

 

Pool members & node addresses can be set to one of 3 states:

 

Enabled: Allows all connections

 

Disabled: Allows existing connections to continue, & accepts new connections with valid persistence tokens

 

Forced offline: Allows only existing connections to continue

 

 

To replicate the action of removing the server from the pool, set the state to "Forced offline" instead of "Disabled"

 

 

(Look for this topic as the inaugural effort for our new "Post of the Week" video series. Will post a link when it's up.)

 

 

HTH

 

/deb