From: Tim Maestas (lbIZZATdnsconsultants.com)
Date: Mon Nov 25 2002 - 01:44:23 EST

  • Next message: Jay Kline: "Re: [load balancing] Loadbalancing Unix Web Servers"

    I would expect this to work fine for you, since the conversation on both
    sides of the BigIP is in the clear. I would take some tcpdumps on the
    BigIP to make sure the cookies are being set/returned properly.

    As far as terminating SSL on the BigIP, this would work, but so should the
    way you have it. Terminating on the BigIP gives you the advantage of
    getting rid of your reverse proxy, if it's only there to do SSL.

    -Tim

    On Sun, 24 Nov 2002, David Santeramo wrote:

    > persistance is the problem. The user would get to the
    > app server but when the user requested another page
    > the session would not be kept.
    >
    > Persistance will work if I use source IP but not work
    > uusing cookie insert
    >
    > So what you are telling me is that I am having the
    > problem because of the 443-80 SSL tranaction on the
    > reverse proxy?
    >
    > Will I be able to use cookie persistance if I turn the
    > BigIP into an SSL proxy?
    >
    > --- Tim Maestas <lbIZZATdnsconsultants.com> wrote:
    > >
    > > So wait, is it just persistence that is your
    > > problem, or is it not working
    > > at all when going through the reverse proxy? How
    > > did you have persistence
    > > configured originally, when it was not working?
    > >
    > > When using Siteminder with load balancers and the
    > > port the webservers are
    > > listening on is not the port originally requested by
    > > the client, you need
    > > to use the GETPORTSFROMHEADER and HTTPSPORT
    > > paramaters in the
    > > configuration file for your sm web agents (set
    > > getportsfromheader to yes
    > > and HTTPSPORT to 80 for your example). This ensures
    > > that the redirects
    > > that Siteminder sends back are correct.
    > >
    > > -Tim
    > >
    > >
    > > On Sat, 23 Nov 2002, David Santeramo wrote:
    > >
    > > > I am having a strange problem with BigIP and SSO
    > > > enabled applications. Essentially the flow is as
    > > > follows:
    > > >
    > > > client ---443---LD---443---Reverse
    > > > Proxy----80---BigIP----80----app server
    > > >
    > > > For some reason the apps are working fine when I
    > > > access them directly but are losing session when I
    > > > access via the reverse proxies. The reverse
    > > proxies
    > > > are doing the SSL transaction.
    > > >
    > > > I have had to step back to source IP persistance
    > > but
    > > > this is not as effective for Intranet apps.
    > > >
    > > > Any suggestions?
    > > >
    > > > __________________________________________________
    > > > Do you Yahoo!?
    > > > Yahoo! Mail Plus Powerful. Affordable. Sign up
    > > now.
    > > > http://mailplus.yahoo.com
    > > > ____________________
    > > > The Load Balancing Mailing List
    > > > Unsubscribe:
    > > mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
    > > > Archive: http://vegan.net/lb/archive
    > > > LBDigest: http://lbdigest.com
    > > > MRTG with SLB: http://vegan.net/MRTG
    > > > Hosted by: http://www.tokkisystems.com
    > > >
    > >
    > > ____________________
    > > The Load Balancing Mailing List
    > > Unsubscribe:
    > > mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
    > > Archive: http://vegan.net/lb/archive
    > > LBDigest: http://lbdigest.com
    > > MRTG with SLB: http://vegan.net/MRTG
    > > Hosted by: http://www.tokkisystems.com
    > >
    >
    >
    > __________________________________________________
    > Do you Yahoo!?
    > Yahoo! Mail Plus Powerful. Affordable. Sign up now.
    > http://mailplus.yahoo.com
    > ____________________
    > The Load Balancing Mailing List
    > Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
    > Archive: http://vegan.net/lb/archive
    > LBDigest: http://lbdigest.com
    > MRTG with SLB: http://vegan.net/MRTG
    > Hosted by: http://www.tokkisystems.com
    >

    ____________________
    The Load Balancing Mailing List
    Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
    Archive: http://vegan.net/lb/archive
    LBDigest: http://lbdigest.com
    MRTG with SLB: http://vegan.net/MRTG
    Hosted by: http://www.tokkisystems.com



    This archive was generated by hypermail 2.1.4 : Mon Nov 25 2002 - 01:58:04 EST