attach SNI to TCP connection

Question

Hello gents,&nbsp;I am struggling with following configuration.&nbsp;Server with JBoss which connects to F5 VS which listens on ports 30004 and 30005 &nbsp;I would like to Connect with JBoss on port 30004 and port 30005(TCP connection) to F5. If client (jboss) is connected to F5 with SSL then at F5 level SNI values could be attached to the frames if connection is established on particular port.If connection is established on 30004 then attach sni - siteA.com and if port is 30005 then attach sni siteB.com after that forward traffic to a member of a pool.&nbsp;Is that doable? What i have to configure? What I rule I should use? I am not so fluent in writing iRules. :-)&nbsp;Can you help me with that?

enes_afsin_al · Answer

Hi Przemyslaw,Can you try this iRule?when HTTP_REQUEST {
	set sni_value [getfield [HTTP::host] ":" 1]
	
	if { [HTTP::host] ends_with "30004" } {
		set sni_value "siteA.com"
	}
	elseif { [HTTP::host] ends_with "30005" } {
		set sni_value "siteB.com"
	}
}
&nbsp;
when SERVERSSL_CLIENTHELLO_SEND {
	SSL::extensions insert [binary format SSScSa* 0 [expr { [set sni_length [string length $sni_value]] + 5 }] [expr { $sni_length + 3 }] 0 $sni_length $sni_value]
}

przemyslaw · Answer

Hi Enes,&nbsp;Thank you for fast reply, I really appreciate it.&nbsp;Sure I will have a look if it works.&nbsp;in this event there is HTTP_REQUEST - Will it also work for TCP connection?&nbsp;I will get back to you after tests.

Forum Discussion

attach SNI to TCP connection

2 Replies

Recent Discussions

F5 VE in Azure - troubles with Sentinel integration

Need help on i-rule to specific uri path

Stable Firmware for F5

BigIP Next - Health Monitors / Template

LDAPS and renegotiation

Related Content

Server Profile SNI

SNI Routing with DNS Lookup

Deploying F5 Distributed Cloud (XC) Services in Cisco ACI - Layer Three Attached Deployment

Deploying F5 Distributed Cloud (XC) Services in Cisco ACI - Layer Two Attached Deployment

Serverside SNI injection iRule