Forum Discussion

Allan_66523's avatar
Allan_66523
Icon for Nimbostratus rankNimbostratus
Dec 12, 2011

Design Help

We have a new virtual web environment and would like to use one external IP for all the sites hosted by the new environment. I will be natting one of our external ip addresses to 192.168.20.54 which would be the main VIP. I was thinking about putting an Irule like the one below on this VIP. Is this the best way to accomplish what i am trying to do or is there a better way?

 

 

 

when HTTP_REQUEST {

 

switch [string tolower [HTTP::]] {

 

"test.xyz.com" { virtual test_vip }

 

"hello.xyz.com" { virtual hellow_vip}

 

default { virtual default_vip}

 

}

 

}

 

 

Thanks

 

 

config
design

6 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Dec 12, 2011
    if all virtuals use same setting e.g. profile and its parameter, i think using pool instead of virtual command may be better.

     

     

    just my 2 cents.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 12, 2011
    I agree with Nitass, it's probably simpler to use pools not separate virtual servers for this.

     

     

    Aaron
  • Allan_66523's avatar
    Allan_66523
    Icon for Nimbostratus rankNimbostratus
    Dec 12, 2011
    The reason I was thinking of using virtual is because some of these sites will have SSL Certs that may be different. Would that change this design?
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 12, 2011
    The client SSL profile will have already been used by the time you parse the HTTP headers and the HTTP_REQUEST event is triggered. So I assume you mean different server SSL certs/keys. For server SSL, you could select the profile from the iRule using SSL::profile < profile name >:

     

     

    http://devcentral.f5.com/wiki/iRules.ssl__profile.ashx

     

     

    Aaron
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 12, 2011
    I'd use an iRule only as using an HTTP class won't allow you to select a server SSL profile.

     

     

    Aaron