Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to target another VIP or Pool

AJ_382665
Nimbostratus
Nimbostratus
below is my setup virtual server: myapp1_443 Service Port: 443 SSL profile: myapp_sslprofile Pool: myapp1_pool_80 members: pool1member1 port 80 pool1member2 port 80 application is hosted on port 80 & 443 as well. certificate used in myapp_sslprofile is bound to website. in this case SSL offloading is working as expected and i am able to access https://myapp1 however requirement is to check if health of myapp1_pool_80 goes down requests should be served by myapp1_pool_443 i have created one more pool myapp1_pool_443 members: pool1member1 port 443 pool1member2 port 443 and attached irule to my virtual server as below. when LB_FAILED { pool myApp1_pool_443 } even tried below when HTTP_Request { if{ [string tolower [LB::status pool myapp1_pool_80]] eq "down" } { pool myapp1_pool_443 } } but none of these working and page is going nowhere but keeps on searching. as an alternate i tried to create new virtual server without and SSL profile and default pool as myapp1_pool_443 tried to redirect request to target this Virtual server but it's not working either. can someone please guide.
5 REPLIES 5

Dylan_375544
Cirrocumulus
Cirrocumulus

If the VIP is starting to LB to servers on port 443 then there would need to be a server side SSL profile. If you only have the client side SSL profile it will decrypt the traffic and that will work for the 80 pool members but then when it switches to the 443 members, they will be expecting encrypted traffic but will be receiving decrypted traffic.

 

Hope that helps! If it does please up-vote and select this answer, it'd be greatly appreciated!

 

-Dylan

 

thanks for your suggestion. i attached server side profile to VIP and tried again but no luck, still same case.

When you attached the server side profile, you left the client side attached as well right?

 

yes

 

P_K
MVP
MVP

You need something like this. Well this is not tested but see if you can make it work.

 

when HTTP_REQUEST {

 

if { [active_members your_80_poolname] < 1 } {

 

SSL::enable serverside

 

pool your_443_poolname

 

}

 

}

 

Hope this helps!