For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Stephen_Robin_8's avatar
Stephen_Robin_8
Icon for Nimbostratus rankNimbostratus
Jan 25, 2011

Selecting pool using custom protocol over SSL

Our application uses a custom protocol (NOT HTTP) between clients and servers. We're investigating using a BIG-IP device to: (1) Encrypt the traffic between the client and the BIG-IP using SSL. ...
application delivery
dev
devops
iRules
Colin_Walker_12's avatar
Colin_Walker_12
Historic F5 Account
Jan 25, 2011
What about making use of the LB::reselect command inside the LB_SELECTED event? Set up a default pool for the VIP and then change your code a little bit:

 

 


when CLIENTSSL_HANDSHAKE {
  log local0. "[IP::client_addr]:[TCP::client_port]: SSL handshake completed, collecting SSL payload"
  SSL::collect 10
}

when CLIENTSSL_DATA {
  log local0. "Data received [SSL::payload]"

  Store whatever data you need to make an LB decision in local variables here

  SSL::release

}

when LB_SELECTED {
   We would select the pool here based on the local variables you set in the CLIENTSSL_DATA event

  LB::reselect pool "StephenTest"
}

when LB_FAILED {
  log local0. "LB failed"
}

when SERVER_CONNECTED {
  log local0. "Connection mapped to [serverside {IP::local_addr}]:[serverside {TCP::local_port}]"
}

 

 

This should effectively do the same thing as your original rule, I believe.

 

 

Colin