Ability to Use SNI in SubVS in Addition to SNI Hostname Pass Through
This article relates to LoadMaster firmware version 7.2.52.
In LoadMaster firmware version 7.2.52, the following new features were added relating to Server Name Indication (SNI):
- The ability to pass through the original hostname as the SNI hostname to the Real Server.
- The ability to specify a different (manual) SNI hostname per SubVS. This is the same as the previous functionality to specify this on the parent Virtual Service (Reencryption SNI Hostname) but on the SubVS level with content switching.
These new features help with scenarios where you may want to consolidate as many services as possible to the least amount of IP addresses.
The Pass through SNI hostname check box is available in the SSL Properties section of the Virtual Service modify screen. When this is enabled and when re-encrypting, the received SNI hostname is passed through as the SNI to be used to connect to the Real Server. If the Virtual Server has a Reencryption SNI Hostname set, this overrides the received SNI. It is also possible to set the Reencryption SNI Hostname in a SubVS (in the Basic Properties section). If it is set in a SubVS, this overrides the parent Virtual Service value and/or the received SNI value.
Application Programming Interface (API) Details
To enable or disable the PassSNI parameter, run the following command:
0 - Disabled
1 - Enabled
To set the reversesnihostname parameter on the SubVS, run the following command:
To retrieve the Virtual Service (VS) index of the SubVS, run the following command:
For further details on the RESTful API in general, refer to the Long Term Support (LTS) RESTful API Interface Description document.
For PowerShell help, run the Get-Help command for the relevant commands.