Does anyone know what the "Layer 4 hash value" is mentioned in the documentation under ssl-l4-fallback?
Our standard SSL content rules look like:
content layer5rule
vip address 123.45.67.89
port 443
protocol tcp
application ssl
advanced-balance ssl
add service server1.dmz_ssl
add service server2.dmz_ssl
active
advanced-balance SSL is supposed to use the SSL3 session ID for stickiness. It seems to me that this shouldn't be very sticky. Our Apache servers have MaxKeepAliveRequests 100. I'd expect a new SSL3 session ID after 100 requests. Round-robin load balancing should kick in and the user could possibly end up on a different server.
The comments around the Layer 4 hash value make me suspect that something more complicated is happening though. Why is it that this stickiness works at all?