cancel
Showing results for 
Search instead for 
Did you mean: 

irule help - pool command and ERR_RTE Routing problem

krisdames2
Nimbostratus
Nimbostratus

I am running on 14.1.4 and I have an iRule on an HTTPS virtual in route domain 1 with an iRule to do content switching based on URI. The new pool I am switching to has members that require SNI. It is failing even though I have connectivity to the pool members via the command line (while in the same route domain) so it does not seem to be a firewall issue. The server SSL profile I am using is providing the hostname required by the pool members.

when HTTP_REQUEST {
    set foo 0
    if { [HTTP::uri] starts_with "/foo/" } {
        set foo 1
        pool my_pool
    }
}
when SERVER_CONNECTED {
    if { $foo } {
        SSL::profile /ROUTEDOMAIN1/serverssl-mypool
    }
}
when LB_FAILED {
    log local0. "DEBUG2: event info: [event info]"
    log local0. "DEBUG2.1: lb info: [LB::server]"
}

The error given by [event info] is:
<LB_FAILED>: DEBUG2: event info: ERR_RTE
<LB_FAILED>: DEBUG2.1: lb info: /ROUTEDOMAIN1/my_pool 13.x.x.x 443

Any ideas about ERR_RTE ?

 

4 REPLIES 4

Hello,

 Did you add all of the SSL profiles to the virtual servers (in case there is is a default one), did you add the server name inside the SSL profile used?

take a look at this article, it might be useful.

https://support.f5.com/csp/article/K13452#p4

 

.

Mohamed_Salah_,

I only have one SSL server profile attached to the virtual. Are you suggesting additional profiles must be attached to the virtual if I want to call them in an iRule with SSL::profile? The SSL server profile that I am calling in my iRule does have the server name that the new pool members need.

 

I think you should start considering generating a new tcpdump and decrypting the traffic using the below article.

tcpdump -nnnveti 0.0:nnnp host "client IP" and port 443 -s0 -S -w /var/log/pcapname.pcap

Decrypt traffic and assign the irule on the virtual server:

https://support.f5.com/csp/article/K12783074