Nimbostratusirule / vip forwarding
Hi all, I am trying to work out how to perform VIP forwarding when SSL termination isn't permitted. With SSL termination we use an irule for this purpose. F5 topology as follows:-
Front facing VIP:443 which all external traffic from our 3rd party hits.
Our internal Test Team have a requirement to select a test environment to send the traffic to. To achieve this we have a pool 'TEST_POOL' and in the pool we have a number of Virtual Servers.
Depending on which VS in the pool is selected as active, we currently use an irule to determine the IP address and redirect the traffic to a corresponding VS. Because all VS's are on the same F5 appliance, we use the virtual cmd in the irule to select the target VS:-
.when HTTP_REQUEST {
set members [active_members -list TEST_POOL]
set ipaddress [lindex [lindex $members 0] 0]
if {$ipaddress == "172.16.4.40"} {
virtual TEST_ENV1_VIP
} elseif {$ipaddress == "172.16.4.41"} {
virtual TEST_ENV2_VIP
} elseif {$ipaddress == "172.16.4.42"} {
virtual TEST_ENV3_VIP
}
}
The 3rd party now requires that we do not have SSL termination on the front facing VIP and has asked for end to end encryption. From my understanding if were not offloading SSL on the front facing vip we can no longer user the irule to redirect traffic. It isn't possible to redirect traffic based on the uri as there is nothing in the uri to differentiate between test environments.
I am looking for a workaround to the above if at all possible, i.e.
Is it possible to somehow use the irule if we are not performing SSL termination?
Are there any other means of vip forwarding when both VIPs are on the same local F5 appliance?
Thank You..
