Applies To:

Show Versions Show Versions

Manual Chapter: SSL Persistence
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

SSL persistence

SSL persistence is a type of persistence that tracks SSL sessions using the SSL session ID, and it is a property of each individual pool. Using SSL persistence can be particularly important if your clients typically have translated IP addresses or dynamic IP addresses, such as those that Internet service providers typically assign. Even when the client’s IP address changes, BIG-IP system still recognizes the session as being persistent based on the session ID.

You might want to use SSL persistence and source address affinity persistence together. In situations where an SSL session ID times out, or where a returning client does not provide a session ID, you might want the BIG-IP system to direct the client to the original node based on the client’s IP address. As long as the client’s simple persistence record has not timed out, the BIG-IP system can successfully return the client to the appropriate node.

Criteria for session persistence

Regardless of the type of persistence you are implementing, you can specify the criteria that the BIG-IP system uses to send all requests from a given client to the same pool member. These criteria are based on the virtual server or servers that are hosting the client connection. To specify these criteria, you use the Match Across Services, Match Across Virtual Servers, and Match Across Pools profile settings. Before configuring a persistence profile, it is helpful to understand these settings.

Creating an SSL persistence profile

You create an SSL persistence profile when you want to customize the way that the BIG-IPsystem persists SSL traffic.
Important: The BIG-IP system includes a default SSL persistence profile named ssl. If you do not need to customize the way that the system persists SSL traffic, you can skip this task. Instead, simply use the Default Persistence Profile setting on the relevant virtual server to specify the default ssl profile.
  1. On the Main tab, click Local Traffic > Profiles > Persistence. The Persistence profile list screen opens.
  2. Click Create. The New Persistence Profile screen opens.
  3. In the Name field, type a unique name for the profile.
  4. From the Persistence Type list, select SSL.
  5. For the Parent Profile setting, confirm that ssl appears.
  6. Select the Custom check box.
  7. Configure settings as needed.
  8. Click Finished.
The custom SSL persistence profile now appears in the persistence profiles list.
After creating a persistence profile, you must assign the profile to the relevant virtual server.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)