Forum Discussion

Infinity05_1794's avatar
Infinity05_1794
Icon for Nimbostratus rankNimbostratus
Aug 24, 2010

Directing traffic based on port

Here's my issue, I have a GTM -> LTM setup and I need to allow both port 80 and 443 (ssl) traffic to a server. I wasn't sure what the best way to do this so I created two VIP on the LTM, one designed for 80 and one designed for 443. Is there a way to load balance traffic based on port without using an iRule or is iRule the way to go?

 

 

If that's the only way to do it, does anyone have the code to do it?

 

 

Thanks for your time!

 

 

application delivery
dev
devops
iRules

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 07, 2010
    Hi,

    Are you decrypting the SSL on LTM? If so, separate LTM virtual servers for HTTP and HTTPS would be the simplest. Else, you can create a single virtual server and pool both on port 0. You can then use a simple iRule or packet filters to restrict access to ports other than 80 and 443: 

    
when CLIENT_ACCEPTED {

    Check the requested port
   switch [TCP::local_port] {
      80 -
      443 {
          Do nothing. Default is to allow the request through to the pool
      }
      default {
          Drop the connection
         drop
      }
   }
}

    Aaron
  • Infinity05_1794's avatar
    Infinity05_1794
    Icon for Nimbostratus rankNimbostratus
    Oct 12, 2010
    Thanks for the response Aaron. I am offloading the SSL on the LTM. I tried your suggestion of creating Virtual server for both 80 and 443 however it seems as if everything routes to the 443 virtual server, no matter what port request is for. On the GTM, I have the pool setup with both virtual servers added, each for their respective service port. I think the problem is with the "Load balancing Method" which is currently set to "Global Availability" because I don't see a better option. We are on version BIGIP 9.4.3.

     

     

    Thanks!