don_23889
Aug 20, 2013Nimbostratus
Inspect host header for pool member selection
Goal:
The customer wants to access the VIP and specifically target a given pool member for monitoring. My thought was to use a SAN cert with alternate names.
- web.domain.com
- web1.domain.com
- web2.domain.com
When a user or application used a specific FQDN, the result would target a given pool member, using an iRule.
rule select_pool_web.domain.com_443
when HTTP_REQUEST {
if { [string tolower [HTTP::host]] starts_with "web1.domain.com" } {
node 10.10.12.100 80
} elseif { [string tolower [HTTP::host]] starts_with "web2.domain.com" } {
node 10.10.12.101 80
} else {
pool pl_web.domain.com_443
}
}
pool pl_web.domain.com_443 {
lb method member predictive
monitor all mon_http
members
10.10.12.100:80
10.10.12.101:80
}
virtual web.domain.com_80 {
pool pl_web.domain.com_443
destination 10.5.6.7:80
ip protocol tcp
httpclass class_http_https_redirect
profiles
http
tcp
}
virtual web.domain.com_443 {
pool pl_web.domain.com_443
destination 10.5.6.7:443
ip protocol tcp
rules select_pool_web.domain.com_443
profiles
http
tcp
pro_ssl_web.domain.com_verisign_san
persist per_web.domain.com_443
}
Two questions
- Does this seem reasonable, or does anyone have a better approach?
- For the irule "starts_with" -- do I need to include the FQDN, or would the host work as well, less "*.domain.com?"