Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSS ASR, redundancy indexes and SSL module

Hello,

we have couple of CSS 11503 with SSL modules in ASR mode.

I configured redundancy indexes on non-ssl reles, services etc, works fine.

Does it have any sense to have redundancy-index configured on rules that

use SSL module ? SSL module service itself ?

thank you,

Alexander

4 REPLIES
Silver

Re: CSS ASR, redundancy indexes and SSL module

I don't think configuring redundancy-index on rules that use SSL module serves any purpose. I would go for configuring on the module itself

New Member

Re: CSS ASR, redundancy indexes and SSL module

Hello,

do you mean that configuring red-index on SSL module

itself can help to keep users' sessions during failover ?

Alex

Cisco Employee

Re: CSS ASR, redundancy indexes and SSL module

there is no statefull failover feature on the SSL module. If you configure an index all the CSS will is maintain the TCP connections, but since the SSL module will have no info about the connection it will reset it forcing a new one to be opened.

Therefore, I would avoid using the redundant-index on ssl module rule as this is extra work for the CSS and really useless.

Gilles.

Bronze

Re: CSS ASR, redundancy indexes and SSL module

"using the redundant-index on ssl module rule as this is extra work for the CSS and really useless" I am totally agreeing with you Gilles.

At the same time in the event of a failover to the backup CSS and since the tcp sessions have been preserved, I am wondering won't the browser re-negotiate for an fresh ssl key with the CSS and continue the session with no interruption, keeping the end user seamless of what has happened in the background in between?

thanks

151
Views
0
Helpful
4
Replies