Forum Discussion
Yugandhar
Nimbostratus
NimbostratusReg VIP Forwarding using iRule.
Hi,
When we forward the request from a VIP that is listening on port 443 to a new VIP which is also listening on port 443 then :--
1. SSL Handshake negotiation happens with the 1st VIP and also with the 2nd VIP.
2.SSL Handshake negotiation only happens with the 2nd VIP
===================
when HTTP_REQUEST priority 400 {
if { [HTTP::host] equals "abc.com" } {
log local0. "Logging for abc.com-443 forwarding to the new IP 192.168.20.20"
virtual "/External/xyz.com--443"
}
}
===================
Thanks,
Yugandhar.
boneyardMVP
it happens twice. (if you enabled a ssl client profile on both)
YugandharThank you Boneyard.
In my case SSL client profile is on both VIPs.
Could you please tell me the message that the client web browser receives from the F5 (1st VIP) after the irule statement virtual "/External/xyz.com--443" is executed ?
Would like to know whether client receives a HTTP 302 ( redirect message ) or something else.
Thanks,
Yugandhar.
- Stanislas_Piro2
Cumulonimbus
if you want to forward based on host header which may be the same value as Servername tls extension, you can use sni routing
https://devcentral.f5.com/s/articles/sni-routing-with-big-ip-31348
with this, don’t assign a clientssl profile to outside virtual server
- Yugandhar
Thank you Stanilas
- Yugandhar
Hi Stanislan,
In this case SSL client profile would be applied to both VIPs.
Could you also please tell me the message that the client web browser receives from the F5 (1st VIP) after the irule statement virtual "/External/xyz.com--443" is executed ?
Would like to know whether client receives a HTTP 302 ( redirect message ) or something else.
Thanks,
Yugandhar.
- Yugandhar
Thank you Stanislas Piron