CSS ASR question

Unanswered Question
Jul 3rd, 2007

Hi

Could anyone tell me if HTTPS sessions are syncronized to the redundant CSS, I couldn't find any definitive that helps

Cheers

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Gilles Dufour Tue, 07/03/2007 - 07:15

only the tcp part of the https connection is replicated to the standby unit.

So, if ssl is terminated on the server then the failover will be transparent.

If ssl is terminated on the CSS itself, then a failover will break the ssl connection.

Gilles.

Jose Garcia Tue, 07/03/2007 - 07:15

Hi,

Well about the ASR it will synch the active connections on normal HTTP, but when dealing with HTTPS the connection requires a secure handshake that involves certificates & keys, once this tunnel is open it cannot be replicated to the backup box (for secure reasons basically).

So when the ASR fails over, all the SSL/TLS active connections will have to renegotiate on the second box.

Thanks.

Josega.

stephen.baugh Tue, 07/03/2007 - 10:30

Hi

So all https sessions that terminate on a server wont be replicated to the standby box

Cheers

Stephen

Jose Garcia Tue, 07/03/2007 - 10:41

The HTTPS sessions terminated on the servers will be replicated on the standby box.

The HTTPS sessions terminated on the CSS will not be replicated to the standby box.

Thanks.

Josega

dalmada Tue, 07/03/2007 - 10:44

I do't think so.

If your CSS is doing the termination SSL then all ssl connections will be lost, but if your server is terminating, and failure occur on the CSS, the flows are replicated to the backup CSS.

If the failure occur on one of the servers, the connection with that server will be lost.

David

Actions

This Discussion