SNI Routing with BIG-IP
In the previous article, The Three HTTP Routing Patterns, Lori MacVittie covers 3 methods of routing. Today we will look at Server Name Indication (SNI) routing as an additional method of routing HTT...
Updated Mar 25, 2023
Version 2.0Eric_Chen
Employee
Joined May 16, 2013
Eric_Chen
Employee
Joined May 16, 2013
Eric_Chen
May 23, 2018Employee
adding the second virtual for completeness. In this case the SSL certificate is known by the BIG-IP (app1.example.com). The second pool "test_ssl" points directly to the backend web server and the BIG-IP does not have the certificate (app2.example.com).
The virtual listens on port 9443, but you could also use a different private address and/or restrict connections (i.e. set the source to be 192.0.2.10/32).
ltm virtual test_ssl_vs {
destination 192.0.2.10:9443
ip-protocol tcp
mask 255.255.255.255
pool test_pool
profiles {
app1.example.com_clientssl {
context clientside
}
http { }
tcp { }
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vs-index 10
}