Forum Discussion
NimbostratusF5 with SSL/TLS for JDBC queries (Apache Hive and Impala)
Hi all,
We are using F5 to load balance some Hadoop DB services (apache Hive and apache Impala) : if it's perfectly working unencrypted, we have a problem setting SSL offload (encryption between client and LB only) for JDBC queries (not HTTP). Below are the main diff between configurations
Unencrypted settings- Type : Performance (Layer 4)
- Protocol Profile (Client) : fastL4_1h_idle_timeout
- SSL Profile (Client) : none
- SSL Profile (Server) : none
- Default Persistance Profile : SrcAddr
- F5 Port : 10000
- Target port : 10000
Encrypted settings- Type : Standard (Performance Layer 4 can't be used with SSL/TLS)
- Protocol Profile (Client) : proto_all
- SSL Profile (Client) : /commonCompany
- SSL Profile (Server) : none
- Default Persistance Profile : SrcAddr
- F5 Port : 10443
- Target port : 10000
When connecting to the secured entry point, the behavior is quite unpredictable : sometimes it'll connect, sometimes the connection will hang while being established ending with a connection time-out error
Any hints ?
ndupont_382983Problem solved with the following actions - Protocol Profile (Client) : switched to TCP with 1H idle timeout - Oneconnect profile : was set by mistake, switched to none
-> This last setting was the root cause of the problem, oneconnect use for non-HTTP traffic should be avoided
- Subrun
Cirrostratus
@ndupont 382983
Hello
Can you share what are the monitor type you configured ? If possible can you share the monitor details ?
Service port 10443 you used as HTTPS ?
Are you using SSL Bridging or Offload ?
If SSL Bridging do I need to install the cert at backend DataBase Server too ?