11-13-2013 07:17 AM
Hi ALL,
I have configured a service with a VIP listening on 443, at the minute both servers at the backend are using self signed certificates but eventually SSL will be terminated on ACE.
My requirement is to configure sticky sessions using http-cookie, i have configured it but ACE is not working as expected.
The user logs into the server and while browsing they get kicked to the second server and are prompted to login page again.
is it because the ACE can't extract the cookie from encrypted text or it is something else.
My config is very simple, please find it below.
serverfarm host SSDSD_SF
probe SSDSD-ServerAvailability-443
rserver SSDSD-AL2 443
conn-limit max 4000000 min 4000000
inservice
rserver SSDSD-AL3 443
conn-limit max 4000000 min 4000000
inservice
sticky http-cookie JSESSIONID SSDSD_Sticky_SF2
replicate sticky
serverfarm SSDSD_SF
lass-map match-all SSDSD_443_WEB
2 match virtual-address 10.xx.xx.xx tcp eq https
policy-map type loadbalance first-match SSDSD_443_WEB-l7slb
class class-default
sticky-serverfarm SSDSD_Sticky_SF2
class SSDSD_443_WEB
loadbalance vip inservice
loadbalance policy SSDSD_443_WEB-l7slb
loadbalance vip icmp-reply active
11-13-2013 08:56 AM
Hi Amjad,
You are correct. ACE has no way to look into HTTP header since it is encrypted. For ACE to do HTTP based stickyness, you should terminate SSL on ACE or as temporary workaround use source based sticky.
Hope this helps!
Regards,
Kanwal
11-15-2013 07:12 AM
Hello Kanwaljeet,
Thanks once again for your prompt reply, what will happen if i terminate the SSL on ACE and the backend servers are also listening on 443??
Will the ACE be able to decrypt the data and extract the cookie out of it or will it go through the ACE and the real server will deal with it.
Regards,
Amjad Hashim.
11-15-2013 10:10 AM
Hi Amjad,
In that case you will need to do END-TO-END SSL and ACE would be able to decrypt traffic and take decision on the basis of information contained in HTTP header. You can have more details regarding End to End ssl in below link.
Please let me know if you have any questions.
Regards,
Kanwal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide