Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Unable to target another VIP or Pool

below is my setup 
    virtual server: myapp1_443
    Service Port: 443
    SSL profile: myapp_sslprofile
    Pool: myapp1_pool_80
        members: pool1member1 port 80
                 pool1member2 port 80

    application is hosted on port 80 & 443 as well.
    certificate used in myapp_sslprofile is bound to website.

    in this case SSL offloading is working as expected and i am able to access https://myapp1
    however requirement is to check if health of myapp1_pool_80 goes down requests should be 
    served by myapp1_pool_443

    i have created one more pool
    myapp1_pool_443
        members: pool1member1 port 443
                 pool1member2 port 443
     and attached irule to my virtual server as below.

     when LB_FAILED {
        pool myApp1_pool_443
    }

   even tried below
    when HTTP_Request {
        if{ [string tolower [LB::status pool myapp1_pool_80]] eq "down" }
            {
                pool myapp1_pool_443
            }
    }

    but none of these working and page is going nowhere but keeps on searching.

    as an alternate i tried to create new virtual server without and SSL profile and 
    default pool as myapp1_pool_443
    tried to redirect request to target this Virtual server but it's not working either.
    can someone please guide.
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

If the VIP is starting to LB to servers on port 443 then there would need to be a server side SSL profile. If you only have the client side SSL profile it will decrypt the traffic and that will work for the 80 pool members but then when it switches to the 443 members, they will be expecting encrypted traffic but will be receiving decrypted traffic.

Hope that helps! If it does please up-vote and select this answer, it'd be greatly appreciated!

-Dylan

1
Comments on this Answer
Comment made 2 months ago by AJ 11
thanks for your suggestion.
i attached server side profile to VIP
and tried again but no luck, still same case.
0
Comment made 2 months ago by Dylan 870

When you attached the server side profile, you left the client side attached as well right?

0
Comment made 2 months ago by AJ 11

yes

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You need something like this. Well this is not tested but see if you can make it work.

when HTTP_REQUEST {
if { [active_members your_80_poolname] < 1 } {
SSL::enable serverside
pool your_443_poolname
}
}

Hope this helps!

0
Comments on this Answer
Comment made 2 months ago by jaikumar_f5 1929

Instead of HTTP_REQUEST Event, why not use LB_FAILED event. This would reduce the processing of event occurrences when compared to HTTP_REQUEST, which is true always (everytime HTTP REQUEST will be made & if condition logic is checked).

0
Comment made 2 months ago by PK 681

Good point! That makes sense!

0