cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
678
Views
0
Helpful
1
Replies

ACE module SSL session sync?

Marko Leopold
Level 1
Level 1

Hallo @all!

After we get this question by a customer i was searching in forum and internet, but i can't find an answer. We use 2 ACE module with failover configuration and SSL activated. I know you have to sync the SSL keys and certs. The ACE is synchronizing tcp sessions. But does it synchronize the SSL sessions too? I mean if the failover starts, what happens to the SSL sessions?

Kind regards,

Marko

1 Reply 1

litrenta
Level 3
Level 3

If you are terminating SSL on the ace the client connection to the ace is fully proxied since ACE needs to do all of the encryption and decryption. As such these client connections cannot be replicated to the standby ace and on failover the client would need to restablish their SSL session to the new ace (old connection is lost). SO the short answer is no ssl sessions are not sync'd to the standby ace.

This is true of every loadbalancer or ssl offloader on the market.

Review Cisco Networking for a $25 gift card