09-29-2010 12:44 PM
Given two rules on a CSS 11503:
content layer4rule
vip address 123.45.67.89
port 80
protocol tcp
balance leastconn
add service server1-plain-text
add service server2-plain-text
active
content layer5rule
vip address 123.45.67.89
port 443
protocol tcp
application ssl
advanced-balance ssl
add service server1-ssl
add service server2-ssl
active
Is there any way to set a client to be stuck to server1 if he comes in on port 80 or 443?
09-29-2010 01:06 PM
Unfortunately there is no way to do this with 2 different content rules. Each content rule has it's
own sticky table. If you are not doing any port redirection on the services you can make a single layer 3 rule to keep a user stuck to the
same server on both port 80 and 443. You would need to use source IP sticky in this case since 443 cannot use a cookie and port 80 cannot use ssl session ID.
another option is to terminate SSL if your CSS has this capability. In this case you have the two rules one for 80 that goes directly to the backend server and a second for ssl that sends the traffic to the SSL module for termination. Once the CSS terminates the traffic it can send the clear text back to the original port 80 vip. You do not need sticky on the SSL rule unless you have more than one SSL module. You could use sticky based on either source IP or cookies. Since both original port 80 traffic and decrypted SSL traffic will be using the same rule it will use the same sticky table.
Hope that helps
Jim
09-30-2010 05:47 AM
Might be possible with cookie.
But you will need the ssl module to decrypt the ssl traffic.
If not possible, you should merge the content rule 80 and 443 together (remove the port).
Like this a single rule with sticky source ip would make sure you always stay with the same server whatever the port.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide