cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1926
Views
0
Helpful
2
Replies

CSS 11500 SSL Stickiness

ryankogel1
Level 1
Level 1

Does anyone know what the "Layer 4 hash value" is mentioned in the documentation under ssl-l4-fallback?

Our standard SSL content rules look like:

  content layer5rule
    vip address 123.45.67.89
    port 443
    protocol tcp
    application ssl
    advanced-balance ssl
    add service server1.dmz_ssl
    add service server2.dmz_ssl
    active

advanced-balance SSL is supposed to use the SSL3 session ID for stickiness. It seems to me that this shouldn't be very sticky. Our Apache servers have MaxKeepAliveRequests 100. I'd expect a new SSL3 session ID after 100 requests. Round-robin load balancing should kick in and the user could possibly end up on a different server.

The comments around the Layer 4 hash value make me suspect that something more complicated is happening though. Why is it that this stickiness works at all?