05-05-2009 04:47 PM
Hi, With ACE 4710 running serverfarms primarily running SSL traffic, what is the best method for configuring stickiness. Here are some parameters:
1) low volume sites, 2 real servers
2) ACE _will not_ do SSL offloading
3) Balancing HTTPS requests
4) Many versions of HTTP clients
5) Currently running ACE A1 code
I am thinking of:
1) TCP Header | HostID inspection
2) SSL-session ID (not good if re-key often though)
3) Any suggestions?
many thx,
WR
05-05-2009 11:13 PM
Hi,
In the circumstances you describe I'd use source-ip as the stickiness factor.
HTH
Cathy
06-01-2009 09:36 AM
Hi Will,
You can see a comple configured example for your perusal in this regard for
Configure ACE Module for End to End SSL Termination
And Many more here regarding
Data Center Application Services Configuration Examples:
http://docwiki.cisco.com/wiki/Category:Data_Center_Application_Services_Configuration_Examples
Hope these configuration examples will be useful to you.
Sachin Garg
06-10-2009 08:29 AM
If you client traffic is diverse, source IP persistence works great. If not, you have a couple options:
1. Since you have a 4710, you should offload the SSL on the device and do some sort of header persistence. I would recommend having the 4710 do cookie insert.
2. If you do not offload the SSL, your only other option besides SRC-IP is SSL-ID. You've already stated the drawback on using that.
I'd also recommend looking at newer versions of ACE code for that device.
http://www.cisco.com/warp/public/707/cisco-sa-20090225-ace.shtml
Regards
Kris
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: