Cisco Support Community
Community Member

Question on SSL Stickiness on 1100


I am investigating a load balancer issue and have been told some things about SSL stickiness on the 1100 catalyst that I would like to confirm.

Firstly, we have an environment where SSL stickiness has been turned on and based on IP address. We are not using SSL Session IDs and therefore are not using this to track the source.

I have found that even with this set, the requests still get sprayed to both backend servers. It doesn't maintain the stickiness to the same backend server. Does anyone know why this would be? Maybe the setup is wrong, I don't know.

The other thing is what I heard was that in order for the SSL stickiness to be maintained, you needed to use a cookie instead. If so, is this supported on an 1100 and where does it store the cookie - in each browser from the same IP or different cookie for each browser regardless of IP?



Cisco Employee

Re: Question on SSL Stickiness on 1100

we would need to see your config and know your software version as well as some information about amount of connections affected.

To answer your other questions, you can use sticky-srcip, no need for cookie, to achieve stickyness.

However, there is the mega-proxy issue, where hundreds of clients use the same source ip, so they would all go to the same server.

The solution is cookie, as the cookie would be per client even if they use the same source ip.

To use cookie, the traffic needs to be decrypted on the CSS because we need to read the HTTP data to see the cookie.

To decrypt the trafficm you need an ssl module.

Only available on 11500.



CreatePlease to create content