Forum Discussion
CirrostratusNeed better solution for my issue
I need information that would tell me that changing
our persistence method to SSL ID will cause all requests from a
specific browser session to get 'stuck' to a specific web server even if
multiple computers use the same proxy and therefore the same source IP address.
The problem I am trying to solve is that we have some large
users of our application that go through a proxy and therefore have the same
source ip address. I am trying to find a way to use sticky sessions that
will 'stick' a particular computer or browser session to one of our web servers
instead of basing it on source IP address because the use or source
ip doesn't work when a large amount of traffic comes through one proxy
server and they all have the same source ip address.
2 Replies
hoolioHi,
Are you decrypting the traffic on LTM? If so, I'd suggest using cookie insert persistence as it's very effective and lightweight for LTM.
SSL session ID persistence will be more granular than but is subject to failures if the client negotiates a new SSL session ID frequently"
sol3062: Using SSL (Session ID) persistence
http://support.f5.com/kb/en-us/solutions/public/3000/000/sol3062.html?sr=18161417
Aaron
HamishCirrocumulus
SSL ID always used to work when I used it. Including through a proxy (Very important in the old days for so called super proxies etc). However it didn't used to work so well where the browser renegotiates the SSL ID... (Very bad for some old versions of IE that used to renegotiate every minute or so).
I take it that you're passing the SSL though to the back end instead of offloading? (If you were offloading, you might be able to ensure the new sessionid persisted to the same place as the old by intercepting the SSL events).
H
