Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Additional Ways to Load Balance????

We are currently using the following configuration for a number of situations on our 11501 (No SSL module).

content webapps443

protocol tcp

port 443

balance leastconn

vip address 192.168.2.106

add service webapps1

add service webapps2

add service webapps3

redundant-index 136

advanced-balance sticky-srcip-dstport

active

Is there any additional options that we could use to further load balance the traffic? We are having multiple clients where their source address is NATed, so those multiple clients are ending up on the same server when other servers are less active.

If I can't find any additional config options, we may have to look to getting a new box.

1 REPLY
Cisco Employee

Re: Additional Ways to Load Balance????

this is not a problem a missing feature.

This is a general issue.

With SSL traffic, if you do not have an SSL module, the only information available to the CSS [or any other loadbalancer from any vendor] is the information contained in the IP,TCP and SSL headers.

There is nothing useful in the TCP header.

The only option in the IP header is the source IP.

And for the SSL header, you could use the SSLID.

However, this last option is very reliable as Internet Explorer is well-known for changing this ID very frequently during the same session.

Therefore, the only possible choice is source ip unless you can get an SSL module, then you can decrypt the traffic and use cookies.

Regards,

Gilles.

113
Views
0
Helpful
1
Replies
CreatePlease to create content