For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chris_15705's avatar
Chris_15705
Icon for Nimbostratus rankNimbostratus
May 19, 2009

Exchange Outlook Anywhere without SSL offloading

Does anyone have info on the propper setup of Load Balancing two CAS server for Outlook Anywhere (rpc/http) without using SSL offloading. All the documentation i can find assumes you are offloading. ...
microsoft
partner
jreed5_47036's avatar
jreed5_47036
Icon for Nimbostratus rankNimbostratus
Oct 20, 2009
We have our F5's terminating SSL, and then re-wrapping SSL to the CAS servers. Intent was to have the packets inspected on the F5 after SSL termination, then re-encrypt afterwards. We had problems with just logging the traffic.

 

 

We had slowness for about a year, and troubleshooted the problem with F5 for about as long.

 

 

If you have not done so, turn off the Nagles Algorithm option. Google for more details, but the main premise is that it will combine small packets and send one large one. Not bad for web traffic, but RPC bundled traffic is a problem. Once disabled, our problems went away.

 

 

You need to also set persistance to be > than what your CAS is set to. Out of the box, public access settings are set to 15min timeouts, and private 24 hours. You should set persistance to be at least 24 hours. Otherwise you will lose your stikiness to a server, and require re-authentication while connected. It may still occur in 24 hours, but at least that's only 1x per day.