Balance based on SNI


Hello all,

I want to to load-balancing with SSL passthrough (mode tcp).

I have multiple backend servers and the load balancing algorithm should choose the server by hashing the provided SSL SNI Hostname.
It is important that requests are always routed to the same backend server and that the server is chosen by examining the SNI Hostname field.

I am looking for something like

backend test1
  mode tcp
  balance req_ssl_sni # <-- balance by SNI Hostname, but req_ssl_sni is not allowed here
  server ....
  server ....

Or can I to this in the frontend ?

frontend test1
  mode tcp
  use_backend server1 if(hash(req_ssl_sni) modulo 2) == 0
  use_backend server2 if(hash(req_ssl_sni) modulo 2) == 0

(How) can I do this ?

Best regards


No, that’s not supported.

I can certainly see how this would be useful, but we currently only support balancing on http header (and source IP, etc).

Maybe you can do something with LUA.
People already used LUA to select the backend when using HTTP:

And you do have access to TCP options within LUA:

But I’m unsure whether this can be combined and used to satisfy your use-case.