WebSphere Edge Server - Impact of Sticky on SSL Calls

This is Interesting: Free IT Magazines  
Home > Archive > WebSphere Edge Server > April 2004 > Impact of Sticky on SSL Calls





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Impact of Sticky on SSL Calls
Manglu

2004-04-23, 1:34 am

Hi,

If i don't enable sticky on my SSL Ports (443) then what is the
impact.

let's say i have two Servers A and B in my Cluster and there is only
one user suing the system at the moment.Assume the Weightages is 1:1

A Sequence:

(i)
A new request from a User and LB routes it to A. SSL HandShake occurs
and the request is serviced by A

(ii) the same user makes a request again. Now LB should route the
request to Server B so SSL handshake should occur again.

Is this true?

If this is true then is it recommended to set a sticky time to the SSL
Ports?

Appreciate some advice/comments/suggestions.

Warm Regards,
Manglu
JLee

2004-04-23, 6:34 pm


If there is no affinity on the port, then the load balancing is done
based on the weights. So yes, the client will bounce between the
servers for each new socket connection. Which will cause him to
re-negotiate the SSL session... unless your two backend servers are
sharing session information about clients.

I've recommended to others to turn on affinity matching the SSL session
timeout on the servers. So as long as the client's session is valid on
the server, LB will continue to send the same client to that same
server. MAC based forwarding would use the client IP affinity, KCBR
would use the SSL ID affinity, etc.

Jeff

Manglu wrote:
> Hi,
>
> If i don't enable sticky on my SSL Ports (443) then what is the
> impact.
>
> let's say i have two Servers A and B in my Cluster and there is only
> one user suing the system at the moment.Assume the Weightages is 1:1
>
> A Sequence:
>
> (i)
> A new request from a User and LB routes it to A. SSL HandShake occurs
> and the request is serviced by A
>
> (ii) the same user makes a request again. Now LB should route the
> request to Server B so SSL handshake should occur again.
>
> Is this true?
>
> If this is true then is it recommended to set a sticky time to the SSL
> Ports?
>
> Appreciate some advice/comments/suggestions.
>
> Warm Regards,
> Manglu

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com