Forum Discussion
NimbostratusiRule for SSL Reencryption case
Hello All,
Anyone can please help me with an iRule that allows to load share the SSL traffic between two backend Https based Web Servers.
F5 LTM is doing SSL reencryption job for the SSL traffic with Client Side SSL Profile and Server Side SSL profile as well.
I know i can`t use SSL Session ID Persistence due different SSL Session ID aspect between F5 box and backend WebServer. I am also not able to use Source based persistence because the client traffic over internet is coming from the cloud with one single IP address.
5 Replies
Victor_142239Considering persistence:
One idea would be to insert X-Forwarded-For HTTP header with the clients remote IP-address if you have access to the cloud environment but if that is not the case would it not be possible to use cookie persistence?
Create a new cookie when the the client connects to the LTM with a unique value and then use it as persistence through the LTM.
Nikhil_Shah_672Hi Victor, There is no requirement to retain the client IP address hence Insert-X-Forwarded-For is not in the equation. SNAT Pool is alreay in place for the Virtual Server. So please suggest accordingly.
StephanMantheyNacreous
Hi Nikhil,
in case you are handling http traffic on your virtual server you can use a cookie insert persistence method.
It will require to use a http profile on your virtual server.
Thanks, Stephan
DevBabu_174449Cirrus
Cookie based persistence can be applied to HTTPS based virtual server with HTTP profile, if you offload ssl to LTM using client ssl profile. You can re-encrypt the traffic using ssl server profile prior sending it to the backend servers.
LTM will insert cookie on the return traffic sent by servers and read the cookie sent by client.
Thanks.
- Nikhil_Shah_672Hi Stephan and DevBabu, Thanks a ton Cookie based persistence did the trick. Rgds, Nikhil Shah
