Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

F5 with SSL/TLS for JDBC queries (Apache Hive and Impala)

ndupont_382983
Nimbostratus
Nimbostratus

‎05-Feb-2019 01:06 - last edited on ‎05-Jun-2023 21:50 by Fog

Hi all,

We are using F5 to load balance some Hadoop DB services (apache Hive and apache Impala) : if it's perfectly working unencrypted, we have a problem setting SSL offload (encryption between client and LB only) for JDBC queries (not HTTP). Below are the main diff between configurations

Unencrypted settings

  • Type : Performance (Layer 4)
  • Protocol Profile (Client) : fastL4_1h_idle_timeout
  • SSL Profile (Client) : none
  • SSL Profile (Server) : none
  • Default Persistance Profile : SrcAddr
  • F5 Port : 10000
  • Target port : 10000

Encrypted settings

  • Type : Standard (Performance Layer 4 can't be used with SSL/TLS)
  • Protocol Profile (Client) : proto_all
  • SSL Profile (Client) : /commonCompany
  • SSL Profile (Server) : none
  • Default Persistance Profile : SrcAddr
  • F5 Port : 10443
  • Target port : 10000

When connecting to the secured entry point, the behavior is quite unpredictable : sometimes it'll connect, sometimes the connection will hang while being established ending with a connection time-out error

Any hints ?

Labels:
0 Kudos
2 REPLIES 2

ndupont_382983
Nimbostratus
Nimbostratus

‎19-Feb-2019 05:24

Problem solved with the following actions - Protocol Profile (Client) : switched to TCP with 1H idle timeout - Oneconnect profile : was set by mistake, switched to none

 

-> This last setting was the root cause of the problem, oneconnect use for non-HTTP traffic should be avoided

 

0 Kudos

Subrun
Cirrostratus
Cirrostratus
In response to ndupont_382983

‎22-Sep-2021 19:48

@ndupont 382983

 

Hello

 

Can you share what are the monitor type you configured ? If possible can you share the monitor details ?

 

Service port 10443 you used as HTTPS ?

 

Are you using SSL Bridging or Offload ?

 

If SSL Bridging do I need to install the cert at backend DataBase Server too ?

0 Kudos
Copyright © 2023 Khoros, LLC