ACE 4710 https sticky configuration

Unanswered Question
Aug 30th, 2010


I have a customer who load balances https across 3 servers. The vip load balances port 443 to real servers on port 443 also.

They prefer to terminate https on their own servers. There is a requirement for clients to stick to the same real server for the duration of the sesion. Is this possible when we are terminating 443 on the customers real servers?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
litrenta Mon, 08/30/2010 - 08:08

If you are not terminating ssl on the ace sticky options are limited, you can stick via ssl session id but this ge

nerally is unsatisfactory because IE reno

gatiates session id every 2 minute.

So you are limited to source ip sticky in this application such as:

sticky ip-netmask address source GROUP1
  timeout 240
  replicate sticky

serverfarm test

then on lb policy use

policy-map type loadbalance first-match test4
  class class-default
sticky-serverfarm GROUP1

iwearing Mon, 08/30/2010 - 08:31


Thanks for the clarification and sample config. I suppose that cookies inserted by the servers is not an option as we are not terminating ssl on the ace appliances.



This Discussion