RE: [load balancing] SSL Session ID persistency

From: Marc Goldberg (mgoldbergIZZATSonicWALL.com)
Date: Wed Apr 04 2001 - 22:04:54 EDT

Next message: Suryanto Handojo: "RE: [load balancing] SSL Session ID persistency"

Previous message: Sean Spires: "RE: [load balancing] SSL Session ID persistency"
Maybe in reply to: Suryanto Handojo: "[load balancing] SSL Session ID persistency"
Next in thread: Suryanto Handojo: "RE: [load balancing] SSL Session ID persistency"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

and... Cisco CSS 11k's can now be configured with multiple
Cisco-SonicWALL SSL-R racks for SSL acceleration and offloading.
Marc

-----Original Message-----
From: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net]On Behalf Of
Sean Spires
Sent: Wednesday, April 04, 2001 3:00 PM
To: lb-lIZZATvegan.net
Subject: RE: [load balancing] SSL Session ID persistency

The Cisco/ArrowPoint box will also do "cookie-Insertion".

-----Original Message-----
From: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net]On Behalf Of
tony bourke
Sent: Wednesday, April 04, 2001 1:09 AM
To: 'lb-lIZZATvegan.net'
Subject: Re: [load balancing] SSL Session ID persistency

Hi Suryanto,

It sound like you are trying to use SSL Session ID persisence for
non-encyrpted traffic? If thats correct, I believe you are out of luck.
SSL is a slightly different protocol than HTTP, and therefore won't work
with what you are trying to do.

Are you sure you can't setup cookie persistence? You can have the web
server just issue a cookie, with no actual change to the application or
any of the processes.

If you are currently using cookies for whatever reason and dont' want to
setup another cookie for persistence, in most cases you can use any
cookie, even ones not setup for persistence, to do persistence.

Some load balancing vendors even support cookie-insertion, where you
don't
need a cookie generated from the browser. The load balancer sends the
client browser a cookie on it's own, and sends the traffic to the web
server without a cookie. I dont' believe RadWare suports this, but I
could be wrong. F5 does I believe, I'm not sure who else.

Tony

On Wed, 4 Apr 2001, Suryanto Handojo wrote:

> Hi,
>
> We are using Radware WSD Pro+ here to load balance our web servers.
> Recently we have problem with so called 'mega-proxy' ISP.
> Changing the application to use cookies is a TOTAL NO.
> Can I assume that WSD with v.6.12 firmware will ONLY look at SSL
> Session ID and ignoring the rests (client IP, client port) when
> doing persistency over SSLv3 traffic with SSL Tracking On ?
>
> Seems the Radware reseller here can't confirm my question.
>
> Thanks in advance.
>
>
> rgds,
> Suryanto
>

-------------- -- ---- ---- --- - - - - - -- - - - - - -
Tony Bourke tonyIZZATvegan.net

Next message: Suryanto Handojo: "RE: [load balancing] SSL Session ID persistency"
Previous message: Sean Spires: "RE: [load balancing] SSL Session ID persistency"
Maybe in reply to: Suryanto Handojo: "[load balancing] SSL Session ID persistency"
Next in thread: Suryanto Handojo: "RE: [load balancing] SSL Session ID persistency"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 04 2001 - 21:07:12 EDT