Manual Chapter : SSL Persistence

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 13.0.1, 13.0.0

BIG-IP APM

  • 13.0.1, 13.0.0

BIG-IP Link Controller

  • 13.0.1, 13.0.0

BIG-IP Analytics

  • 13.0.1, 13.0.0

BIG-IP LTM

  • 13.0.1, 13.0.0

BIG-IP AFM

  • 13.0.1, 13.0.0

BIG-IP PEM

  • 13.0.1, 13.0.0

BIG-IP DNS

  • 13.0.1, 13.0.0

BIG-IP ASM

  • 13.0.1, 13.0.0
Manual Chapter

SSL persistence

SSL persistence is a type of persistence that tracks SSL sessions using the SSL session ID, and it is a property of each individual pool. Using SSL persistence can be particularly important if your clients typically have translated IP addresses or dynamic IP addresses, such as those that Internet service providers typically assign. Even when the client’s IP address changes, BIG-IP system® still recognizes the session as being persistent based on the session ID.

You might want to use SSL persistence and source address affinity persistence together. In situations where an SSL session ID times out, or where a returning client does not provide a session ID, you might want the BIG-IP system to direct the client to the original node based on the client’s IP address. As long as the client’s simple persistence record has not timed out, the BIG-IP system can successfully return the client to the appropriate node.

Criteria for session persistence

For most persistence types, you can specify the criteria that the BIG-IP® system uses to send all requests from a given client to the same pool member. These criteria are based on the virtual server or servers that are hosting the client connection. To specify these criteria, you configure the Match Across Services, Match Across Virtual Servers, and Match Across Poolssettings contained within persistence profiles. Before configuring a persistence profile, it is helpful to understand these settings.

Note: For the Cookie persistence type, these global settings are only available the Cookie Hash method specifically.

Creating an SSL persistence profile

You create an SSL persistence profile when you want to customize the way that the BIG-IP®system persists SSL traffic.
Important: The BIG-IP system includes a default SSL persistence profile named ssl. If you do not need to customize the way that the system persists SSL traffic, you can skip this task. Instead, simply use the Default Persistence Profile setting on the relevant virtual server to specify the default ssl profile.
  1. On the Main tab, click Local Traffic > Profiles > Persistence .
    The Persistence profile list screen opens.
  2. Click Create.
    The New Persistence Profile screen opens.
  3. In the Name field, type a unique name for the profile.
  4. From the Persistence Type list, select SSL.
  5. For the Parent Profile setting, confirm that ssl appears.
  6. Select the Custom check box.
  7. Configure settings as needed.
  8. Click Finished.
The custom SSL persistence profile now appears in the persistence profiles list.
After creating a persistence profile, you must assign the profile to the relevant virtual server.