Forum Discussion

Nimbostratus

Nov 27, 2017

Uuniversal persistence for HTTPS

Hi, We've a requirement where we want to do the load balancing from the server side itself. As of now, we suggest to use the "source address affinity" but the issue with this profile is; if one ...

Cumulonimbus

Nov 28, 2017

First are you off loading SSL to the F5s? If not you will not be able to read any of the HTTP Requests/Responses.

If needed to be HTTPS to the Server apply a Client and Server SSL Profile to re-encrypt the traffic.

Once done recommend you simply apply a standard Cookie Persistence profile.

You issue of all traffic sticking to a single pool member after a pool member has gone down and is now back up is a common one. Getting timing of your persistence to match the application will minimise this but most like need to wait for connection to bleed from the one pool member which should happen over time.

If this is a huge issue might want to look at additional back end servers or a manual step to clean down the connections, but this would disrupt many of the user sessions.

Hope this helps.

Forum Discussion

Uuniversal persistence for HTTPS

Recent Discussions

BIG-IP DNS iRule issue with static variable

Using okta as SSO to login F5 GUI

(How) can I get two client certificates in one APM session?

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Disk space full - what files, folders are safe to delete?

Related Content

Persist using a string in an HTTP URI

Decoding the IPv4 address from the persistence cookie

SOCKS5 SSL Persistence

Source_Addr Persistence Problems

How to persist 'real' IP into Kubernetes