Forum Discussion

vtortola_141944's avatar
vtortola_141944
Icon for Nimbostratus rankNimbostratus
Jan 23, 2014

SSL off-loading and secure WebSocket

Hi,

 

We have a Big-IP load balancer, and we are planning to publish a web application that uses secure WebSockets (WSS).

 

We are a little bit concerned about how the load balancer is going to handle this situation, because the SSL offloading. Is there anything special we have to configure or taken care off?

 

Clients will send an HTTPS request with a WebSocket handshake, that includes the HTTP headers "Upgrade:websocket" and "Connection:Upgrade". Will the load balancer populate those headers to the web server? Will the load balancer understand that those connections are persistent and non-HTTP?

 

Thanks.

 

8 Replies

  • On askf5 we don't find any document that explain how to configure websocket on 11.4.0 n later

     

  • i understand what it does is to disable http profile when detecting upgrade header (ssl profile is still applied).

     

  • If I may add, the point is that the F5 doesn't really understand the WSS protocol messages, so the HTTP profile would likely break it. If you don't use an HTTP profile and simply treat the traffic as TCP data, you can offload the SSL and optionally re-encrypt without touching the layer 7 data. It'd be like passing any other non-standard TCP-based protocol through the F5.

     

  • I also have a similar requirement. Were you able to get a solution