Forum Discussion
thunderbird_920
Nimbostratus
NimbostratusSSL persistence with F5
We are having the sharepoint portal. There are some users connected from 1 source ip remotely
If SSL persistence is enabled, all the connection will go to 1 reverse proxy server.
If there is no SSL persistence, the connection will load balanced to both reverse proxy server.
How to justify this? If there a way make it load balanced with SSL persistence enabled?
4 Replies
Michael_Koyfma1Cirrus
Exactly what persistence method is being used? Is it really SSL persistence method? If so, that should not break load-balancing distribution. Are you terminating SSL on F5?
hoolioCirrostratus
If you're decrypting the SSL on LTM you could use cookie insert persistence instead. This is generally a better method than SSL session ID persistence as it is not subject to the browser using a new session ID.
But I'm surprised to hear that all requests get persisted to the same pool member with SSL session ID persistence. Each browser, even if connecting from behind the same proxy, should negotiate an SSL handshake with a separate SSL session ID. Or are you using server SSL also? If so, see SOL3062 for the requirements for using SSL persistence:
sol3062: Using SSL (Session ID) persistence
http://support.f5.com/kb/en-us/solutions/public/3000/000/sol3062.html
Aaron
thunderbird_920I understand that each browser, even if connecting from behind the same proxy, should negotiate an SSL handshake with a separate SSL session ID. If we put 1 machine with 1 source IP that simulate 200 users login to the page at the same time (load testing), do you think the load still will be balanced?- Michael_Koyfma1Yes, theoretically that should work. However, in real life, browsers renegotiate SSL SessionID every few minutes, and that is going to break your persistence.
