F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP System: SSL Administration
  3. SSL Persistence
Manual Chapter : SSL Persistence

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.1, 17.1.0, 17.0.0

F5 SSL Orchestrator

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP Analytics

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP AFM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP PEM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP DNS

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP ASM

  • 17.1.1, 17.1.0, 17.0.0
Manual Chapter

SSL Persistence

Overview: SSL Persistence

SSL persistence is a type of persistence that tracks SSL sessions using the SSL session ID, and it is a property of each individual pool. Using SSL persistence can be particularly important if your clients typically have translated IP addresses or dynamic IP addresses, such as those that Internet service providers typically assign. Even when the client’s IP address changes, BIG-IP system still recognizes the session as being persistent based on the session ID.
You might want to use SSL persistence and source address affinity persistence together. In situations where an SSL session ID times out, or where a returning client does not provide a session ID, you might want the BIG-IP system to direct the client to the original node based on the client’s IP address. As long as the client’s simple persistence record has not timed out, the BIG-IP system can successfully return the client to the appropriate node.

Criteria for session persistence

For most persistence types, you can specify the criteria that the BIG-IP system uses to send all requests from a given client to the same pool member. These criteria are based on the virtual server or servers that are hosting the client connection. To specify these criteria, you configure the
Match Across Services
,
Match Across Virtual Servers
, and
Match Across Pools
settings contained within persistence profiles. Before configuring a persistence profile, it is helpful to understand these settings.
For the Cookie persistence type, these global settings are only available the Cookie Hash method specifically.

Creating an SSL persistence profile

You create an SSL persistence profile when you want to customize the way that the BIG-IPsystem persists SSL traffic.
The BIG-IP system includes a default SSL persistence profile named
ssl
. If you do not need to customize the way that the system persists SSL traffic, you can skip this task. Instead, simply use the
Default Persistence Profile
 setting on the relevant virtual server to specify the default
ssl
 profile.
  1. On the Main tab, click
    Local Traffic
    Profiles
    Persistence
    .
    The Persistence profile list screen opens.
  2. Click
    Create
    .
    The New Persistence Profile screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. From the
    Persistence Type
     list, select
    SSL
    .
  5. For the
    Parent Profile
     setting, confirm that
    ssl
     appears.
  6. Select the
    Custom
     check box.
  7. Configure settings as needed.
  8. Click
    Finished
    .
The custom SSL persistence profile now appears in the persistence profiles list.
After creating a persistence profile, you must assign the profile to the relevant virtual server.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information