Manual Chapter :
SSL Persistence
Applies To:
Show VersionsBIG-IP APM
- 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
BIG-IP Analytics
- 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
BIG-IP LTM
- 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
BIG-IP PEM
- 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
BIG-IP AFM
- 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
BIG-IP DNS
- 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
BIG-IP ASM
- 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
SSL Persistence
Overview: SSL Persistence
SSL persistence is a type of persistence that tracks SSL sessions
using the SSL session ID, and it is a property of each individual pool. Using SSL
persistence can be particularly important if your clients typically have translated IP
addresses or dynamic IP addresses, such as those that Internet service providers
typically assign. Even when the client’s IP address changes, BIG-IP system still
recognizes the session as being persistent based on the session ID.
You might want to use SSL persistence and source address affinity
persistence together. In situations where an SSL session ID times out, or where a
returning client does not provide a session ID, you might want the BIG-IP system to
direct the client to the original node based on the client’s IP address. As long as the
client’s simple persistence record has not timed out, the BIG-IP system can successfully
return the client to the appropriate node.
Criteria for session persistence
For most persistence types, you can specify the criteria that the BIG-IP
system uses to send all requests from a given client to the same pool member. These criteria are
based on the virtual server or servers that are hosting the client connection. To specify these
criteria, you configure the
Match Across Services
, Match Across
Virtual Servers
, and Match Across Pools
settings contained
within persistence profiles. Before configuring a persistence profile, it is helpful to
understand these settings.For the Cookie persistence type, these global settings are only available the
Cookie Hash method specifically.
Creating an SSL persistence profile
You create an SSL persistence profile when you want to customize the way that the
BIG-IPsystem persists SSL traffic.
The
BIG-IP system includes a default SSL persistence profile named
ssl
. If you do not need to customize the way that the
system persists SSL traffic, you can skip this task. Instead, simply use the
Default Persistence Profile
setting on the relevant
virtual server to specify the default ssl
profile.- On the Main tab, click.The Persistence profile list screen opens.
- ClickCreate.The New Persistence Profile screen opens.
- In theNamefield, type a unique name for the profile.
- From thePersistence Typelist, selectSSL.
- For theParent Profilesetting, confirm thatsslappears.
- Select theCustomcheck box.
- Configure settings as needed.
- ClickFinished.
The custom SSL persistence profile now appears in the persistence profiles list.
After creating a persistence profile, you must assign the profile to the relevant virtual server.