Forum Discussion

Nimbostratus

Mar 26, 2019

Multiple VIPs or Multiple SSL profiles for sites on same nodes?

Hi No problem really, just would like to know which is considered 'best practice' or the most efficient way of deploying multiple VIPs which target the same 2 nodes. Scenario: We have over ...

MVP

Mar 26, 2019

I see the configuration you describe very regularly in Production.

A single VIP with multiple client SSL profiles leveraging SNI, and an iRule/local traffic policy forwarding traffic to different pools based on the HTTP host header in the request.

I have not seen any noticeable issues with a deployment such as this. I think one thing to be potentially aware is source port exhaustion if you have SNAT automap enabled and a minimal number of self IPs (you can create additional self IPs / use a SNAT pool to overcome this issue). The other complexity that may arise is if you have sites that require different SSL termination methods (e.g. 1 site needs SSL offload while another needs SSL bridging)

Forum Discussion

Multiple VIPs or Multiple SSL profiles for sites on same nodes?

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud

Multiple Port Load Balancing

iRule for multiple host to multiple pools and redirect path on one host.

single slot multiple core vs multiple slot single core