...But this won't work I think, because the Client would "see" the change... there is an reconnect happening, or am I wrong? ....
This is similar to how we do it.
The client does not see the change.
The client types in https://www.mysite.com
The BigIP answers with an SSL Certificate and SSL Connection
The iRule sees the Host header as "www.mysite.com"
The iRule issues the command "pool mysite.com_pool"
In the "mysite.com_pool" is a set of nodes:
server1.mysite.com:55011
server1.mysite.com:55012
server2.mysite.com:23543
server3.mysite.com:4002
the "pool" command causes the request to get forwarded to one of the 4 nodes in the mysite.com_pool
The chosen node receives the request, processes it, and sends it back to the BigIP.
The BigIP forwards the request back to the original user.
Also in this scenerio, the web server sees the request as coming from the original web user, and not from the BigIP. In other words, the Access logs show the web user's IP address for the request (not the BigIP IP address).
-RG