CSS ASR, redundancy indexes and SSL module

a.gesse · ‎05-30-2006

Hello,

we have couple of CSS 11503 with SSL modules in ASR mode.

I configured redundancy indexes on non-ssl reles, services etc, works fine.

Does it have any sense to have redundancy-index configured on rules that

use SSL module ? SSL module service itself ?

thank you,

Alexander

a-vazquez · ‎06-05-2006

I don't think configuring redundancy-index on rules that use SSL module serves any purpose. I would go for configuring on the module itself

a.gesse · ‎06-05-2006

Hello,

do you mean that configuring red-index on SSL module

itself can help to keep users' sessions during failover ?

Alex

Gilles Dufour · ‎06-05-2006

there is no statefull failover feature on the SSL module. If you configure an index all the CSS will is maintain the TCP connections, but since the SSL module will have no info about the connection it will reset it forcing a new one to be opened.

Therefore, I would avoid using the redundant-index on ssl module rule as this is extra work for the CSS and really useless.

Gilles.

skumar1969 · ‎06-09-2006

"using the redundant-index on ssl module rule as this is extra work for the CSS and really useless" I am totally agreeing with you Gilles.

At the same time in the event of a failover to the backup CSS and since the tcp sessions have been preserved, I am wondering won't the browser re-negotiate for an fresh ssl key with the CSS and continue the session with no interruption, keeping the end user seamless of what has happened in the background in between?

thanks