I am running on 14.1.4 and I have an iRule on an HTTPS virtual in route domain 1 with an iRule to do content switching based on URI. The new pool I am switching to has members that require SNI. It is failing even though I have connectivity to the pool members via the command line (while in the same route domain) so it does not seem to be a firewall issue. The server SSL profile I am using is providing the hostname required by the pool members.
when HTTP_REQUEST {
set foo 0
if { [HTTP::uri] starts_with "/foo/" } {
set foo 1
pool my_pool
}
}
when SERVER_CONNECTED {
if { $foo } {
SSL::profile /ROUTEDOMAIN1/serverssl-mypool
}
}
when LB_FAILED {
log local0. "DEBUG2: event info: [event info]"
log local0. "DEBUG2.1: lb info: [LB::server]"
}
The error given by [event info] is: <LB_FAILED>: DEBUG2: event info: ERR_RTE <LB_FAILED>: DEBUG2.1: lb info: /ROUTEDOMAIN1/my_pool 13.x.x.x 443
Did you add all of the SSL profiles to the virtual servers (in case there is is a default one), did you add the server name inside the SSL profile used?
I only have one SSL server profile attached to the virtual. Are you suggesting additional profiles must be attached to the virtual if I want to call them in an iRule with SSL::profile? The SSL server profile that I am calling in my iRule does have the server name that the new pool members need.
