SNI Routing with BIG-IP
In the previous article, The Three HTTP Routing Patterns, Lori MacVittie covers 3 methods of routing. Today we will look at Server Name Indication (SNI) routing as an additional method of routing HTT...
Updated Mar 25, 2023
Version 2.0Eric_Chen
Employee
Joined May 16, 2013
Eric_Chen
Employee
Joined May 16, 2013
dragonflymr
May 25, 2018Cirrostratus
Hi,
Thanks a lot for answers. I was rather thinking about scenario when VS has:
- Multiple client ssl profiles attached (ClientHello SNI matching)
- No Server SSL profile (SSL offload or SSL pass through only)
not about selecting client ssl profile via Local Traffic Policy (LTP). Then logic like in Stanislas iRule used:
- For given SNIs do SSL offload (so enable client ssl after it was disabled at the beginning of CLIENT_ACCEPTED)
- For given SNIs do SSL pass through (client ssl not enabled)
but it is not possible with LTP (at least I can't see how) because Action: Disable client ssl blocks condition SSL Extension - what is quite logic.
So indeed your solution with pool or vs forwarding is only solution. In the end it's simpler and more elegant so thanks again for sharing.
What I miss regarding LTP is lack of in depth description of all elements and how they interact with each other and how choice of given condition or action relates to necessary profiles. Sure it can be figured out (sometimes with lab tests) but it takes time :-(
Piotr