CSS WEBNS 7.2/7.4 ssl balancing and sticky-inact

jfoerster · ‎06-30-2005

Hi,

just two questions in regards of load balancing:

1) Does the advanced-balance ssl notice if an sslid change is done in the SSL-Session (some clients reinitiate a session after some time)?

2) Is the sslid-stickiness aware of 1) and keeps the connection for this client to the former server; sticks the client to the same server...

2) the sticky-inact-timer: is it realy an inact timer which is counting as soon as a session is idle/closed or is it a timer that only get's resetted when the client start a new connection (like the idle time-out at the CSM)

TIA

Kind Regards,

Joerg

Gilles Dufour · ‎07-01-2005

1 - no, we don't detect the sslid changes which is why IE is usually a problem with this solution.

2 - the timer is reseted when a new connection is started.

I believe a feature request was introduced already to change this.

Regards,

Gilles.

jfoerster · ‎07-03-2005

Hi Gilles,

thanks for the reply. My fears unfortunatley came truth.

Is an applicable workaround for 1) advanced balanced src-ip-dst-port? Unfortunaltey only src-ip is not working even if in the training materials is mentioned that adanced-balanced src-ip is possible with Layer3-5.

I had stickiness trouble with it so I changed it to advancded-balancde src-ip-dst-port and got a sticky behaviour but it seems as if the connections get assigned to a different server when the SSL-Session-ID changes even if the stickieness tells the CSS to stick that client to a certain server (inact timout 0).

I guess I've to do some investigations with my customer on this.

Btw we are talking of a citrix webfrontend using SSL as connection method and we are experiencing this problem with broswers and with the citrix client itself.

Regards,

Joerg