Anybody have any luck configuring BlackBerry Social Network Application Proxy on LTMs???

OK, so I think your issue is really with the SSL and overall design (although I would recommend least connects as the lb method). Based on the fact you need end to end SSL (based on the comment from the 'design guys') you have a couple of options;

 

 

1) As you suggest, use a different persistence method that doesn't require LTM to decrypt and inspect the payload - this doesn't make use of lots of LTM features but should work just fine if you can find a suitable persistence method. This is probably not what BB would want.

 

2) Install a suitable (what that means for you I don't know) SSL certificate and create a CLientSSL profile, assign that, a HTTP profile and the persistence profile to the VS on LTM. SSL traffic will be decrypted and can be inspected and you can make use of caching, compression and other features. Install a suitable SSL certificate on the real servers, create a bog standard ServerSSL profile on LTM and assign to the same VS. Now traffic between the LTM and real servers will be re-encrypted and there won't be any issues with https links in responses.

 

 

From a configuration point of view this is pretty standard stuff LTM wise and option 2) provides suitable security and acceleration and will help you with future troubleshooting as you'll be able to run packet captures on the F5 and capture unencrypted traffic.

 

 

How you handle the SSL side of things is another story, that's influenced more by company and security policy, InfoSec and the server side requirements. In my experience, I've typically used a public, CA signed cert client side (i.e. installed on the LTM) and private, self-signed certs server side (installed on the servers).