ACE session persitence "sticky" TCP port

Unanswered Question
Aug 15th, 2010

Hey guys,

I trying to work up some configurations on the ACE for performing session persistence "sticky" on the ACE based on source TCP port.  All flows are SSL based therefor, I thought the only option was SSL-ID but I've been running into querky behavior due to clients using IE7.  Evidently there are several cases where IE7 causes the SSL-ID to be regenereated causing this weird behavior.

Anybody have example configs of the layer4-payload offset, length, etc. to perform sticky based on TCP source port?

Thanks in advance.

Paul

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
litrenta Tue, 08/17/2010 - 05:52

Since source port is not part of the layer 4 payload you cannot  use it for sticky. IE changing ssl id is a known problem (does it every 2 minutes).

So you are left with:

terminating SSL on the ace and using cookie sticky (you can always re-encrypt on back end if security demands it)

or

source IP sticky (practical only if clients are not behind a proxy  device)

Actions

This Discussion