ACE Best Sticky Method for SSL Traffic

Unanswered Question

Hi, With ACE 4710 running serverfarms primarily running SSL traffic, what is the best method for configuring stickiness. Here are some parameters:

1) low volume sites, 2 real servers

2) ACE _will not_ do SSL offloading

3) Balancing HTTPS requests

4) Many versions of HTTP clients

5) Currently running ACE A1 code

I am thinking of:

1) TCP Header | HostID inspection

2) SSL-session ID (not good if re-key often though)

3) Any suggestions?

many thx,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ciscocsoc Tue, 05/05/2009 - 23:13


In the circumstances you describe I'd use source-ip as the stickiness factor.



sachinga.hcl Mon, 06/01/2009 - 09:36

Hi Will,

You can see a comple configured example for your perusal in this regard for

Configure ACE Module for End to End SSL Termination

And Many more here regarding

Data Center Application Services Configuration Examples:

Hope these configuration examples will be useful to you.

Sachin Garg

Kristopher Martinez Wed, 06/10/2009 - 08:29

If you client traffic is diverse, source IP persistence works great. If not, you have a couple options:

1. Since you have a 4710, you should offload the SSL on the device and do some sort of header persistence. I would recommend having the 4710 do cookie insert.

2. If you do not offload the SSL, your only other option besides SRC-IP is SSL-ID. You've already stated the drawback on using that.

I'd also recommend looking at newer versions of ACE code for that device.




This Discussion