After we get this question by a customer i was searching in forum and internet, but i can't find an answer. We use 2 ACE module with failover configuration and SSL activated. I know you have to sync the SSL keys and certs. The ACE is synchronizing tcp sessions. But does it synchronize the SSL sessions too? I mean if the failover starts, what happens to the SSL sessions?
If you are terminating SSL on the ace the client connection to the ace is fully proxied since ACE needs to do all of the encryption and decryption. As such these client connections cannot be replicated to the standby ace and on failover the client would need to restablish their SSL session to the new ace (old connection is lost). SO the short answer is no ssl sessions are not sync'd to the standby ace.
This is true of every loadbalancer or ssl offloader on the market.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...