Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SSL, and stickyness

Hello,

would it work to load balance with cookies if it's https traffic not terminated on the vip but on the real servers ?

Thanks

3 REPLIES
Cisco Employee

Re: SSL, and stickyness

Hello,

This is not going to be possible if you are not terminating SSL traffic on the balancer. The layer 5 information is encrypted so the balancer is not going to be able to look at the cookies or urls in order to do balancing or stickiness.

One important thing to mention is that the SSL ID in SSL v3.0 is not encrypted, so the stickiness based on SSL ID will work fine, but then again not based on cookies or URL.

New Member

Re: SSL, and stickyness

The servers are single sign on servers. And the clients are going to be a mix of everything. People will logged on to the same server for hours at a time. A disconnection because of CSS will not be acceptable.

Do you think I can rely on SSLID or shall I push for terminating the SSL on the CSS.

i'm at the beginning of the project so if I have to change something I must do it now.

What do you think ?

Cisco Employee

Re: SSL, and stickyness

You can rely on SSLID if you are sure the client 's application will not be changing the SSL ID within the session.

For example, some versions of IE will be renegotiating the SSLID a few minutes after the session is establish, that will probably cause a disconnecting.

So the key is to be sure the SSL ID will not be renegotiated by the client.

133
Views
0
Helpful
3
Replies
CreatePlease to create content