ACE session persitence "sticky" TCP port

Unanswered Question
Aug 15th, 2010
User Badges:

Hey guys,

I trying to work up some configurations on the ACE for performing session persistence "sticky" on the ACE based on source TCP port.  All flows are SSL based therefor, I thought the only option was SSL-ID but I've been running into querky behavior due to clients using IE7.  Evidently there are several cases where IE7 causes the SSL-ID to be regenereated causing this weird behavior.


Anybody have example configs of the layer4-payload offset, length, etc. to perform sticky based on TCP source port?


Thanks in advance.


Paul

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
litrenta Tue, 08/17/2010 - 05:52
User Badges:
  • Cisco Employee,

Since source port is not part of the layer 4 payload you cannot  use it for sticky. IE changing ssl id is a known problem (does it every 2 minutes).


So you are left with:


terminating SSL on the ace and using cookie sticky (you can always re-encrypt on back end if security demands it)


or


source IP sticky (practical only if clients are not behind a proxy  device)

Actions

This Discussion