01-09-2013 08:56 AM
I've implemented this configuration:
server virtual Sharepoint_ 192.168.1.11
port ssl sticky
port ssl session-id-switching
port http script "REDSPFE.PL"
port http keep-alive
bind ssl SharePoint3 ssl SharePoint4
bind http SharePoint3 http SharePoint4
server real SharePoint3 10.10.249.145
port http url "HEAD /"
port http group-id 1 1
server real SharePoint4 10.10.249.146
port http url "HEAD /"
port http group-id 2 2
The script makes a redirect http to https and manage a sorry server.
What I need to know is how can I troubleshoot in ADX the ssl session-id-switching and sticky-age. Maybe there are tables to see
I' ve configured these two command in order to maintain the session on the same server based on ssl id and with a timeout of 60 seconds
Does the sticky option has any effect when SSL Session ID switching
is enabled ?
any comment is appreciated
01-11-2013 11:34 AM
Sticky and session-id-switching are mutually exclusive features and if you have both of them configured then sticky will take precedence over session-id-switching.
Unfortunately there are no show commands to provide information about session-id-switching database which adx maintains.
You can refer to "Setting up SSL session ID switching" section in chapter 5 of ADX slb user guide for more information about this feature.
Let me know if you have any other questions.
01-14-2013 12:15 AM
thank you for your reply.
Please, could you tell me what is better: ssl-id or sticky ? Seems to me that ssl-id is specifically for ssl when sticky is more wide (it' s possible use it for other protocols).
Another question: the algorithm of both is the same or there are differences that can be taken into account when I choose one of them ?
01-16-2013 02:17 PM
If you don't have any specific reason to use ssl-id, then use sticky, as sticky is more widely used by customers and you also have some better debugging options with sticky which you don't have with ssl-id.
SSL session id switching can be used if the load balanced application uses it for maintaining some kind of sessions on the servers. If using ssl id, same client can have two different ssl sessions going to two different real servers but in case of sticky same client will always go to same real server because sticky is based on client's ip address.
So if the majority of clients are behind some kind of NAT, then ssl session id may be a better option.