07-25-2007 11:35 AM
We are having problems when the frontend SSL session times out, and browser reuses the same SSL-id and cookie, and we get routed to a different server (not sticking).
Is there any way to debug the cookie content in the intermediate http flow ?
Thanks in anticipation.
07-25-2007 02:20 PM
Actually, we have another proxy in front, and that is using a new SSL-id after a timeout and not reusing from a prior session.
Does the CSS care if a subsequent connection is on a different SSL-id? Should it not send traffic to the appropriate backend server based on the 'advanced-balance cookies'.
Our config (extract):
ssl-proxy-list ssllist1
ssl-server 252
ssl-server 252 vip address 192.168.10.252
ssl-server 252 port 443
ssl-server 252 cipher 192.168.10.252 8080
ssl-server 252 cipher 192.168.10.252 8080
ssl-server 252 rsacert myrsacert1
ssl-server 252 rsakey myrsakey1
backend-server 31
backend-server 31 ip address 192.168.40.31
backend-server 31 port 17112
backend-server 31 server-ip 192.168.40.31
backend-server 31 server-port 7112
backend-server 31 cipher
backend-server 31 cipher
backend-server 31 rsacert myrsacert1
backend-server 31 rsakey myrsakey1
backend-server 32
backend-server 32 ip address 192.168.40.31
backend-server 32 port 17122
backend-server 32 server-ip 192.168.40.31
backend-server 32 server-port 7122
backend-server 32 cipher
backend-server 32 rsacert myrsacert1
backend-server 32 rsakey myrsakey1
active
service sslulb3svr0
type ssl-accel
slot 6
keepalive type none
add ssl-proxy-list ssllist1
active
service sslaportal1-1
type ssl-accel-backend
keepalive type ssl
keepalive frequency 60
keepalive retryperiod 255
add ssl-proxy-list ssllist1
ip address 192.168.40.31
port 17112
keepalive port 7112
active
service sslaportal1-2
type ssl-accel-backend
keepalive type ssl
keepalive frequency 60
keepalive retryperiod 255
add ssl-proxy-list ssllist1
ip address 192.168.40.31
port 17122
keepalive port 7122
active
content ssl-ulb3svr0-rule
vip address 192.168.10.252
protocol tcp
port 443
add service sslulb3svr0
balance roundrobin
advanced-balance ssl
application ssl
flow-timeout-multiplier 50
flow-reset-reject
active
content uportalrule1
protocol tcp
port 8080
url "/approot*"
add service sslaportal1-1
add service sslaportal1-2
balance roundrobin
advanced-balance cookies
string prefix "def_clus_JSESSIONID="
string process-length 52
sticky-serverdown-failover balance
vip address 192.168.10.252
flow-timeout-multiplier 50
flow-reset-reject
active
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide