Forum Discussion

senthil's avatar
senthil
Icon for Nimbostratus rankNimbostratus
Nov 27, 2019

Irule to insert SNI based on Pool member

Hi

 

I have following Irule which inserts SNI based on Pool member but Pool member IP is changing so i created FQDN object but unable to insert SNI using fqdn,

 

Can you help me in creating irule or other way to insert SNI based on backend pool member which is fqdn not static IP.

 

 

 

when LB_SELECTED {

  log local0. "LB_SELECTED: Connected to [LB::server addr]"

  

  switch [LB::server addr] {

    "10.1.1.1" {

            set sni_value [getfield abc.com ":" 1]

    }

    

    }

    

    

  }

when SERVERSSL_CLIENTHELLO_SEND {

log local0. "SERVERSSL_CLIENTHELLO_SEND: Setting SNI to $sni_value"

 

SSL::extensions insert [binary format SSScSa* 0 [expr { [set sni_length [string length $sni_value]] + 5 }] [expr { $sni_length + 3 }] 0 $sni_length $sni_value]

}

 

 

Thanks

senthil

application delivery
BIG-IP
iRules

3 Replies

Sort By
  • Heinrichm5's avatar
    Heinrichm5
    Icon for Altocumulus rankAltocumulus
    Nov 27, 2019

    This is based purely on this link CloudDocs Wiki: LB::Server and an server ssl profile irule I saw a year back, but forgot the source of. I do not have any experience with this irule, nor have I tested it.

    You could create multiple server ssl profiles each with it's own Server Name value. 

    when LB_SELECTED {
    log local0. "LB_SELECTED: Connected to [LB::server name] [LB::server addr]"
 
    switch [LB::server name] {
        "abcd.domain.local" { SSL::profile abcd_serverssl }
        "efgh.domain.local"  { SSL::profile efgh_serverssl }
  }
 

    It is possible that the SSL::profile command can't be utilised in the LB_SELCTED event, in which case you'll have to move it to SERVER_CONNECTED (which is where the example I saw used it).

    • senthil's avatar
      senthil
      Icon for Nimbostratus rankNimbostratus
      Dec 01, 2019

      Thank you .

       

      I tried using above IRule but its selecting Pool name instead of pool member fqdn.

       

       

      Thanks

      Senthil

      • jaikumar_f5's avatar
        jaikumar_f5
        Icon for MVP rankMVP
        Dec 01, 2019

        If you read the Wiki, thats what it says,

        LB::server name¶
returns a Tcl list with pool, pool member address and port. If no server was selected yet or all servers are down, returns default pool name only.