Configuration of load balancer application rules with an "sni" keyword fails in NSX Data Center 6.4.6.
Problem
This problem occurs when:
- You upgrade NSX to 6.4.6 with existing application rules that are configured with an "sni" keyword.
- You create or configure new load balancer application rules in 6.4.6 with an "sni" keyword.
Cause
This problem occurs because application rules with the following keywords are broken in
NSX 6.4.6:
- req_ssl_sni
- req.ssl_sni
- ssl_fc_sni
- ssl_fc_has_sni
The regular expression that is used to support the load balancer application rule "sni expression" in NSX 6.4.6 is not strict enough.
Solution
This problem is a known issue in
NSX 6.4.6. There is no solution for this problem. However, to work around this problem, do the following:
- Log in to the NSX Edge as a root user.
- Edit line 879 in /opt/vmware/vshield/Plugins/features/lb/lb.pm as:
879 @indexes = grep { $script->[$_] =~ /^sni +.+/ } 0..$#$script;
