SNI Routing with BIG-IP
Hi Eric,
Weird part is that you can actually disable both SSL persistence and HTTP profile. Disabling HTTP profile allows HTTPS traffic to pass through to another VS or Pool. Disabling Persistence do not help with HTTP traffic :-(
Best result I was able to achieve is to forward HTTP traffic to another VS based on dst port (has to be set as first rule).
For HTTPS I am able (disabling HTTP profile) to both forward traffic to another VS and directly to pool based on SNI.
What bothers me is logic of performing Condition test. If my rule contains Condition TCP port at local side equal to 443 at client accepted then it should fail for HTTP (local port 80) and pass processing to another rule.
It seems however that even both HTTPS related rules are failing they as well somehow stoping progress of connection processing (at least for rule conditions).
Having iRule attached to the VS I can see log entries like that:
- No match (from LTP log action)
- Host is some.site.com from HTTP_REQUEST event log action
So in the end traffic processing is continued for HTTP but it seems to be too late for rule condition. I wonder if this is feature or bug?
Piotr