Forum Discussion

Nimbostratus

Oct 31, 2014

HA Failover without session drops/failures

I know this was asked before, but I think things have changed since it was asked. I have a web service application. The configuration looks like: IPv4 Virtual is a passthru to IPv6 (using an i...

application delivery

LTM

shaggy

Nimbostratus

Oct 31, 2014

still looks like mirroring of terminated ssl is not supported in 11.6: https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7216.html

R_Marc

Nimbostratus

Oct 31, 2014

According to this, it should be now, unless I'm reading it wrong: https://devcentral.f5.com/articles/the-top-ten-hardcore-f5-security-features-in-big-ip-116 Number 3: SSL Session Mirroring Full SSL handshakes are computationally expensive. This is one of the reasons that enterprises use F5’s LTM as SSL decryption mechanisms. Suppose you are lucky enough to have a site with a lot of SSL traffic. What if something happens and your primary ADC stops receiving traffic and the secondary has to pick up all those active connections? You want the secondary to perform cheap resumption handshakes (based off a shared session ID cache) with all the clients instead of full handshakes. mirroring You can now share SSL session ID caches across traffic groups so that failovers won’t cause massive spikes in full SSL handshakes.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)