Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Clients with MULTI-PROXY and session persistency with ACE

Dear all,

Our E-commerce web application (HTTPS) is being loadbalanced by ACE20 and it is important to keep track of the user sessions in the context off user authentication by enabling session persistency (stickyness)

Some of our customers are behind a multi-proxy ISP, hence if they should change from proxy during the same application session,

that would take a re-authentication on our application.

So, we need stickyness, but not based on its IP sources (‘cus off the multi-proxy clients)

Would there be any other option to tackle this issue?

Thank you !

Kind reagards,

Wim

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Clients with MULTI-PROXY and session persistency with ACE

Hi Wim,

For this kind of setup, the best approach is using HTTP cookie stickiness, either inserted by the application servers or directly by the ACE.

The only drawback of this method is that, since you are using HTTPS, you will need to configure your ACE to do SSL termination. Without it, it won't be able to look into the HTTP data and read/insert cookies.

The link below contains a configuration example including SSL termination and cookie stickiness. You may find it useful

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml

Regards

Daniel

3 REPLIES
Cisco Employee

Clients with MULTI-PROXY and session persistency with ACE

Hi Wim,

For this kind of setup, the best approach is using HTTP cookie stickiness, either inserted by the application servers or directly by the ACE.

The only drawback of this method is that, since you are using HTTPS, you will need to configure your ACE to do SSL termination. Without it, it won't be able to look into the HTTP data and read/insert cookies.

The link below contains a configuration example including SSL termination and cookie stickiness. You may find it useful

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml

Regards

Daniel

New Member

Clients with MULTI-PROXY and session persistency with ACE

Daniel,

Thanks for your quick response.

Seems like a fair solution, but I was wondering what the options would be if we're not allowed to do SSL offloading.

Do have any customers or experience dealing with this particular constraint?

Thanks !

Wim

Cisco Employee

Clients with MULTI-PROXY and session persistency with ACE

Hi Wim,

If you are unable to do SSL termination, your available choices are limited to the L4 sticky methods only. This unforuntely means you can only do either source-ip stickiness or SSL id

Regarding SSL id, you would need to confirm whether you application keeps using the same id after a disconnection (when it possibly changes proxy)

Daniel

344
Views
0
Helpful
3
Replies
CreatePlease to create content