Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACE Best Sticky Method for SSL Traffic

Hi, With ACE 4710 running serverfarms primarily running SSL traffic, what is the best method for configuring stickiness. Here are some parameters:

1) low volume sites, 2 real servers

2) ACE _will not_ do SSL offloading

3) Balancing HTTPS requests

4) Many versions of HTTP clients

5) Currently running ACE A1 code

I am thinking of:

1) TCP Header | HostID inspection

2) SSL-session ID (not good if re-key often though)

3) Any suggestions?

many thx,

WR

3 REPLIES
Silver

Re: ACE Best Sticky Method for SSL Traffic

Hi,

In the circumstances you describe I'd use source-ip as the stickiness factor.

HTH

Cathy

Re: ACE Best Sticky Method for SSL Traffic

Hi Will,

You can see a comple configured example for your perusal in this regard for

Configure ACE Module for End to End SSL Termination

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml

And Many more here regarding

Data Center Application Services Configuration Examples:

http://docwiki.cisco.com/wiki/Category:Data_Center_Application_Services_Configuration_Examples

Hope these configuration examples will be useful to you.

Sachin Garg

Cisco Employee

Re: ACE Best Sticky Method for SSL Traffic

If you client traffic is diverse, source IP persistence works great. If not, you have a couple options:

1. Since you have a 4710, you should offload the SSL on the device and do some sort of header persistence. I would recommend having the 4710 do cookie insert.

2. If you do not offload the SSL, your only other option besides SRC-IP is SSL-ID. You've already stated the drawback on using that.

I'd also recommend looking at newer versions of ACE code for that device.

http://www.cisco.com/warp/public/707/cisco-sa-20090225-ace.shtml

Regards

Kris

451
Views
0
Helpful
3
Replies
CreatePlease to create content