cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1212
Views
0
Helpful
1
Replies
scottmcgillivray
Beginner

CSS with single SSL module.. balance option needed?

Hi all,

Quick question. If you have a CSS 11503 with one SSL offload module installed.. is there any point in using the "application ssl" and "advanced-balance ssl" options in the content rule? I can't find any info that tells me for sure but I'm guessing that these options can be used to balance between multiple ssl modules and provide stickiness to the modules etc.. but doesn't have any effect on the traffic distribution and stickiness to the backend server services?

For example if I have a L5 content rule like the one below and only one SSL module, should i remove the "application ssl" and "advanced-balance ssl" options and just use the port 80 content rule which the ssl proxy lists offloads traffic too and apply the "advanced-balance sticky-srcip-dstport" and "balance leastconn" there ?

  content DEVCOM_TCP443_L5
    vip address x.x.x.x
    application ssl
    advanced-balance ssl
    protocol tcp
    port 443
    url "//dev.subdomain.domain.com/*"
    add service ssl_module1
    active

I have read various forum postings and i read the CSS SSL config guide but the examples all seem to differ in their implementation.

Many thanks

Scott

1 REPLY 1
Gilles Dufour
Cisco Employee

You're correct.

There is no need to specify the application type as ssl and the advanced-balance method when using a single ssl module.

Gilles.