Forum Discussion
hooleylist
May 15, 2007Cirrostratus
You should be able to set the different persistence methods in the HTTP_REQUEST event. This allows you to make per-HTTP request decisions on which persistence method to use.
However, trying to use SSL session ID persistence in this context won't work. SSL persistence can only be used when the BIG-IP does not decrypt the traffic:
https://tech.f5.com/home/bigip-next/manuals/bigip9_2/bigip9_2config/BIG_IP9_2ConfigGuide-10-1.html
SSL persistence
SSL persistence is a type of persistence that tracks non-terminated SSL sessions, using the SSL session ID. Even when the client's IP address changes, the LTM system still recognizes the connection as being persistent based on the session ID. Note that the term non-terminated SSL sessions refers to sessions in which the LTM system does not perform the tasks of SSL certificate authentication and encryption/re-encryption. To enable persistence for terminated SSL sessions, see Chapter 7, Managing SSL Traffic and Chapter 13, Writing iRules.
And from SOL3062:
https://tech.f5.com/home/solutions/sol3062.html
You can only use SSL persistence with nodes that are running SSL, where BIG-IP load balances only encrypted traffic. You cannot use SSL Persistence with SSL connections that are terminated by BIG-IP.
If the BIG-IP terminates the SSL connection, the SSL session ID is removed before the connection is directed to a pool. As a result, the pool sees the connection as a regular HTTP connection, which does not contain an SSL Session ID.
If the BIG-IP is configured to terminate and re-encrypt SSL connections, a different SSL session ID is used for the node-side connection than is used for the client-side connection. As a result, you cannot use SSL session ID persistence in combination with re-encryption.
If you are decrypting the traffic, you could persist on the SSL session ID using the session table or persist uie. Try searching the forum for "SSL::sessionid" for some examples.
Aaron