Manual Chapter : SSL Persistence

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.1, 17.1.0, 17.0.0

F5 SSL Orchestrator

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP Analytics

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP AFM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP PEM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP DNS

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP ASM

  • 17.1.1, 17.1.0, 17.0.0
Manual Chapter

SSL Persistence

Overview: SSL Persistence

SSL persistence is a type of persistence that tracks SSL sessions using the SSL session ID, and it is a property of each individual pool. Using SSL persistence can be particularly important if your clients typically have translated IP addresses or dynamic IP addresses, such as those that Internet service providers typically assign. Even when the client’s IP address changes, BIG-IP system still recognizes the session as being persistent based on the session ID.
You might want to use SSL persistence and source address affinity persistence together. In situations where an SSL session ID times out, or where a returning client does not provide a session ID, you might want the BIG-IP system to direct the client to the original node based on the client’s IP address. As long as the client’s simple persistence record has not timed out, the BIG-IP system can successfully return the client to the appropriate node.

Criteria for session persistence

For most persistence types, you can specify the criteria that the BIG-IP system uses to send all requests from a given client to the same pool member. These criteria are based on the virtual server or servers that are hosting the client connection. To specify these criteria, you configure the
Match Across Services
,
Match Across Virtual Servers
, and
Match Across Pools
settings contained within persistence profiles. Before configuring a persistence profile, it is helpful to understand these settings.
For the Cookie persistence type, these global settings are only available the Cookie Hash method specifically.

Creating an SSL persistence profile

You create an SSL persistence profile when you want to customize the way that the BIG-IPsystem persists SSL traffic.
The BIG-IP system includes a default SSL persistence profile named
ssl
. If you do not need to customize the way that the system persists SSL traffic, you can skip this task. Instead, simply use the
Default Persistence Profile
setting on the relevant virtual server to specify the default
ssl
profile.
  1. On the Main tab, click
    Local Traffic
    Profiles
    Persistence
    .
    The Persistence profile list screen opens.
  2. Click
    Create
    .
    The New Persistence Profile screen opens.
  3. In the
    Name
    field, type a unique name for the profile.
  4. From the
    Persistence Type
    list, select
    SSL
    .
  5. For the
    Parent Profile
    setting, confirm that
    ssl
    appears.
  6. Select the
    Custom
    check box.
  7. Configure settings as needed.
  8. Click
    Finished
    .
The custom SSL persistence profile now appears in the persistence profiles list.
After creating a persistence profile, you must assign the profile to the relevant virtual server.