Selecting pool using custom protocol over SSL
Our application uses a custom protocol (NOT HTTP) between clients and servers. We're investigating using a BIG-IP device to:
(1) Encrypt the traffic between the client and the BIG-IP using SSL.
(2) Select the server that will handle the connection based on the contents of the first packet that is sent after the SSL connection is established.
First I tried selecting a pool without using SSL. This iRule works fine:
when CLIENT_ACCEPTED {
log local0. "Connection accepted from [IP::client_addr]:[TCP::client_port]"
TCP::collect 10
}
when CLIENT_DATA {
log local0. "Data received [TCP::payload]"
We would select the pool here based on the payload.
pool StephenTest
TCP::release
}
when SERVER_CONNECTED {
log local0. "Connection mapped to [serverside {IP::local_addr}]:[serverside {TCP::local_port}]"
}
Then I tried encrypting using SSL. I changed my client to use SSL and selected an SSL profile for the virtual server. The new iRule does not work:
when CLIENTSSL_HANDSHAKE {
log local0. "[IP::client_addr]:[TCP::client_port]: SSL handshake completed, collecting SSL payload"
SSL::collect 10
}
when CLIENTSSL_DATA {
log local0. "Data received [SSL::payload]"
We would select the pool here based on the payload.
pool "StephenTest"
SSL::release
}
when LB_FAILED {
log local0. "LB failed"
}
when SERVER_CONNECTED {
log local0. "Connection mapped to [serverside {IP::local_addr}]:[serverside {TCP::local_port}]"
}
No data is received by the server process. The client process authenticates the server but fails when it sends the first packet because the BIG-IP has closed the connection. The log shows the CLIENTSSL_HANDSHAKE and LB_FAILED events firing.
If I move the pool statement from the CLIENTSSL_DATA event to the end of the CLIENTSSL_HANDSHAKE event then the server process receives the data as expected and the log shows the CLIENTSSL_HANDSHAKE, CLIENTSSL_DATA and SERVER_CONNECTED firing with the expected payload. Obviously, I can't then select a pool based on the data.
Any help would be greatly appreciated.
Thanks
Stephen