Forum Discussion

Jad_Tabbara__J1's avatar
Jad_Tabbara__J1
Icon for Cirrostratus rankCirrostratus
May 16, 2019

Does F5 encrypts traffic internally from a VS to another VS ?

Dear community,    Context VS_Parent with clientssl + serverssl profiles and an iRule (that is responsible for routing the traffic to the child VSs based on the FQDN for example)  VS_Child1  has ...
  • youssef1's avatar
    May 21, 2019

    Hi Jad,

     

    I had already asked myself the question.

     

    So Yes, F5 encrypts traffic routed from a VS_Parent to a VS_Child.

     

    I validate my supposition by removing SSL Client in VS_Child  and noticed that access to my service was not functional.

     

    Additional you can use my Debug irule (hosted in devcentral) that allow you to see that Cipher/protocol used in both VS (Child an parent).

     

    I advise you to process a ssldum using this kb:

     

    https://support.f5.com/csp/article/K10209

     

    So in child vs, initiate a basic capture:

     

    tcpdump -vvv -s 0 -nni external -w /var/tmp/www-ssl-client.cap host 10.1.1.100 and port 443

     

    then check ssl exchange:

     

    ssldump -nr /var/tmp/www-ssl-client.cap

     

    keep me in touch.

     

    regards,