Forum Discussion
Rab_101866
Nimbostratus
NimbostratusSession reuse issue
Hi,
we have a Virtual server load balancing two apache servers that proxy requests back into a VS on the same big ip box. The request is then routed to a pool of Websphere servers. (Why we do this is because the apache servers will eventually have Oracle Access manager policies applied to the traffic, And we are fronting all our existing infrastructure with these boxes.)
The problem is when we send HTTPS traffic through we are seeing strange behaviour, it looks like an SSL session is being reused and users are getting other peoples data back.
Going through the infrastructure without the bigip/apache works.
Going through the second VS bypassing apache works.
Going through the apache server and the VS does not work correctly.
Each hop through the big ip box decrypts and then re-encrypts the request.
I think it must be something to do with the session id being reused by multiple requests but I can not prove this and I do not know how see where the problem is, is it with the apache server or the big ip box or a combination of the two.
Any thoughts would be welcome.
Rab.
2 Replies
hoolioCirrostratus
Hi Rab,
I think the problem might be TCP session reuse for multiple client HTTP requests. Can you add a custom OneConnect profile with a 255.255.255.255 source address mask to the external VIP and internal Apache VIP and retest?
See this page for details:
http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/oneconnect.html
Aaron
L4L7_53191I 100% agree with hoolio here - try this first, it's very likely your issue. Almost every time I've run into this type of thing it's been related to TCP session reuse like this.
-Matt
