Configuration of load balancer application rules with an "sni" keyword fails in NSX Data Center 6.4.6.


This problem occurs when:
  • You upgrade NSX to 6.4.6 with existing application rules that are configured with an "sni" keyword.
  • You create or configure new load balancer application rules in 6.4.6 with an "sni" keyword.


This problem occurs because application rules with the following keywords are broken in NSX 6.4.6:
  • req_ssl_sni
  • req.ssl_sni
  • ssl_fc_sni
  • ssl_fc_has_sni

The regular expression that is used to support the load balancer application rule "sni expression" in NSX 6.4.6 is not strict enough.


This problem is a known issue in NSX 6.4.6. There is no solution for this problem. However, to work around this problem, do the following:
  1. Log in to the NSX Edge as a root user.
  2. Edit line 879 in /opt/vmware/vshield/Plugins/features/lb/ as:
    879 @indexes = grep { $script->[$_] =~ /^sni +.+/ } 0..$#$script;