VIP to VIP pointing
Hi Guys, We have an external device consisting a VIP say ve(e stands for external) pointing to a pool pe. We also have an internal device consisting a VIP say vi(i for internal) pointing to a pool pi pe is no longer in use and non existing (removed) pi is in use and active (so ve is down as pool assigned to it is non existing pool) Now the issue is to point ve to vi (external VIP to internal VIP) . What should be the best way to point from external VIP to internal VIP. my assumption is like making the vi ans pe and assigning that to the ve, if thats the case then what should be the configuration for the pool if not what is the best solution i can get. Any help is much appreciated Thanks in advance.
Unable to target another VIP or Pool
below is my setup virtual server: myapp1_443 Service Port: 443 SSL profile: myapp_sslprofile Pool: myapp1_pool_80 members: pool1member1 port 80 pool1member2 port 80 application is hosted on port 80 & 443 as well. certificate used in myapp_sslprofile is bound to website. in this case SSL offloading is working as expected and i am able to access https://myapp1 however requirement is to check if health of myapp1_pool_80 goes down requests should be served by myapp1_pool_443 i have created one more pool myapp1_pool_443 members: pool1member1 port 443 pool1member2 port 443 and attached irule to my virtual server as below. when LB_FAILED { pool myApp1_pool_443 } even tried below when HTTP_Request { if{ [string tolower [LB::status pool myapp1_pool_80]] eq "down" } { pool myapp1_pool_443 } } but none of these working and page is going nowhere but keeps on searching. as an alternate i tried to create new virtual server without and SSL profile and default pool as myapp1_pool_443 tried to redirect request to target this Virtual server but it's not working either. can someone please guide.nexthop and tunnel - is that working for VIP to VIP?
Hi, Best practice for explicit forward proxy with SSL Intercept is to set BIGIP like that: proxy VS - explicit HTTP profile with tunnel configured (via Tunnel Name option), Default Connect Handling option set to Deny. This is main VS - clients are using it's IP and port as proxy HTTPS VS - standard reverse type HTTP profile, client/server SSL profiles attached, VS Enabled on tunnel configured via explicit HTTP profile attached to proxy VS (see above). Can be set to listen on 443 port or any other port, or all ports. tunnel used is defined as tcp-forward type Above config is working without issue, all CONNECT type request are passed to HTTPS VS via configured tunnel. Considering above I hoped that it's possible to use similar setup using iRule with nexthop command configured like that: nexthop "tcp-forward type tunnel name" (used as well /Common/tunel_name) But I never managed to pass any traffic via this tunnel - CLIENT_ACCEPTED event was never triggered on VS enabled on tunnel used in nexthop. Is that possible to use nexthop like that? If so how to do that: * in which event it should be called - or it does not matter? * what tunnel type can be used - if not tcp-forward type? Piotr