Forum Discussion

jake_macabuag_4's avatar
jake_macabuag_4
Icon for Nimbostratus rankNimbostratus
Jan 08, 2013

Content switching with SSL offloading on a single virtual server address

Hi guys

 

we are planning to implement content-switching and just using one virtual server ip address. This single ip will represent multiple urls with SSL. This is in order for our client to save ip address. Can a single VS handle multiple SSL Certificates and use iRule to determine which one to use? Basically here is the traffic flow

 

 

 

Sample

 

1. Client -> www.test1.com/xxx -> vs=1.1.1.1 -> iRule1 (policy to check which SSL cert to bind to the URL) -> iRule2 (policy to check which pool to send depending on the url or url parameter) -> iRule3 (policy to check if the client ip address is allowed to access the pool) -> pool_test1

 

 

2. Client -> www.test1.com/yyy -> vs=1.1.1.1 -> iRule1 (policy to check which SSL cert to bind to the URL) -> iRule2 (policy to check which pool to send depending on the url or url parameter) -> iRule3 (policy to check if the client ip address is allowed to access the pool) -> pool_test2

 

 

3. Client -> www.test2.com/xxx -> vs=1.1.1.1 -> iRule1 (policy to check which SSL cert to bind to the URL) -> iRule2 (policy to check which pool to send depending on the url or url parameter) -> iRule3 (policy to check if the client ip address is allowed to access the pool) -> pool_test3

 

 

4. Client -> www.test2.com/yyy -> vs=1.1.1.1 -> iRule1 (policy to check which SSL cert to bind to the URL) -> iRule2 (policy to check which pool to send depending on the url or url parameter) -> iRule3 (policy to check if the client ip address is allowed to access the pool) -> pool_test4

 

 

Client is using Citrix and we wanted to replace it with F5.

 

 

Many thanks

 

21 Replies