Extreme Networks Px Series manual SSL Session Identifier Persistence

Page 71

Persistence Modes

is being done, a default domain and pattern rule are still needed. The commands are as follows:

config domain default

config pattern-rule default server-group-name <name>

cookie-name <cookie name> cookie-type [self hash learned]

Because learned cookie mode uses a database to track users, there is a configurable timer. If a database entry has not been used for the amount of time specified by the timer, the database entry is deleted. To configure the timer, use the following command:

config sticky cookie-id timeout HH:MM:SS

The timer affects both layer 4 and layer 7. Valid values are in the range 00:00:05 (5 seconds) to 97:43:52. You can specify the value infinity to indicate that the stickiness should last forever.

NOTE: Although you configure it in the default domain, the cookie mode applies to the whole service, not just the default domain.

SSL Session Identifier Persistence

Websites that use SSL encrypt all transmitted information in the SSL session except the SSL session identifier. SSL session identifier persistence works in the same way as learned cookie persistence, except it uses the SSL session identifier instead of a cookie to bind the client and server in the session.

Configuring SSL is done on the main line of the service definition, as follows:

config service vip <ip address> port <number> protocol tcp L7

class https

config domain default

config pattern-rule default server-group-name <name>

SSL Session ID database entries have a separate timer. If a database entry has not been used for the amount of time specified by the timer, then the database entry is deleted. To configure the timer, use the following command:

config sticky session-id timeout HH:MM:SS

The timer affects both layer 4 and layer 7. Valid values are in the range 00:00:05 (5 seconds) to 97:43:52. You can specify the value infinity to indicate that the stickiness should last forever.

Px Series Application Switch Installation and Configuration Guide

6-13

Page 70 Page 72
Image 71
Page 70 Page 72
Contents Published April Part number 100101-00 Rev Page Contents Installing the PxM Application Switch Module Configuring Servers and Services Index Index of Commands Introduction PrefaceConvention Description ConventionsText Conventions Icon Alerts you toRelated Publications Preface Purpose of Server Load Balancing Server Load Balancing Concepts1Conceptual view of server load balancing TermsLayer 4 Load Balancing Load Balancing Modes2Single client-server transaction using layer Layer 7 Load Balancing and Content Analysis3Establishing a layer 7 request Port Rewrite Getting Started on Load Balancing ConfigurationGetting Started on Load Balancing Configuration Page SummitPx1 Front View Installing the SummitPx1 Application SwitchOverview of the SummitPx1 Application Switch Color Indicates 1Px series application switch LEDsTo DB-9 SummitPx1 Application Switch Rear ViewSignal Description 2DB-9 Adapter PinoutsRack Mounting Installing the SummitPx1 Application SwitchDetermining the Location Free-Standing Powering On the SummitPx1Setting Up Console Communication Configuring Switch IP Parameters Configuring the 10/100 Ethernet Management Port Installing I/O Modules Installing the PxM Application Switch ModuleRemoving I/O Modules Removing I/O Modules Page Managing the Switch 1Command Syntax Symbols Using the Command-Line InterfaceAbbreviated Syntax and Command Completion Syntax Symbols2Line-Editing Keys Symbol DescriptionLine-Editing Keys Specifying Text ValuesPrompt Text Configuring Management AccessCommand History Changing the Default Passwords Modifying Accounts Creating AccountsManaging the PxM Command DescriptionConfiguring VLANs Contact Configuring Snmp4SNMP Configuration Settings Setting Description SystemSettingDescription Configuring DNS Client Services5DNS Client Configuration Commands Using Secure Shell 2 SSH2Config ssh2 key Enabling SSH2 for Inbound Switch AccessUsing SCP2 from an External SSH2 Client SSH2 Client Functions on the Switch Checking Basic Connectivity UtilitiesShowing CPU Load Logging Starting the GlobalPx Content Director Agent Configuring a Startup Banner MessageInternet DNS server Example ConfigurationFollowing commands configure all system-related facilities Page Configuring Real Servers Configuring Servers and ServicesConfiguring Server Groups Configuring Virtual Services Layer 4 Port-based Load Balancing Layer 7 Virtual ServicesConfiguring Traffic Tagging Tag Specification Description Tag Range Configuration Example1Tag Specifications Configuration Example Page Scheduling Policies Choosing Policies, Persistence Modes, and NATSpecifier Policy Description Persistence Modes1Scheduling Policies UDP Flow Persistence Client IP Persistence Mode1Client IP persistence mode Cookie Persistence Modes Configuring Client IP Stickiness2Self-identifying cookie persistence mode Persistence Modes Hashed Cookie Persistence Session Learned Cookie Persistence Mode 4Learned cookie persistence mode Configuring Cookie Stickiness SSL Session Identifier Persistence NAT Modes Full-NAT ModeConfiguring Full-NAT Mode and Proxy IP Addresses Server-only Half-NAT ModeConfiguring Half-NAT Mode Config source-flow name next-hop gateway-mode ip Real Syslog server SummitPx1 Configuration Example Page Domain and URL Switching URL Switching1Typical switching scenario Domain Switching2Domain switching example URL Switching Configuring URL Switching3Simple URL switching example 4More Complicated URL switching example 5Hierarchical approach to pattern rules Wildcard Example Definition Creating Domain and URL Switching Rules1Wildcard Combinations Modifying Existing URL Rules and Domains Application Servers Management net Configuration Example Page Using Vrrp with the SummitPx1 Configuring RedundancyGive backup systems lower priorities Adding and Configuring VRRPsUsing Vrrp in Existing Redundant Networks Vrrp Automatic Synchronization 1Application switch using multiple VLANsFollowing commands can be passed from master to backup Using Esrp with the PxM Configuring Redundancy for the PxMFor SW2 Configuring the PxM for Multiple VLANsConfiguring a Default Gateway Overview Health ChecksServer Startup Pacing Health Checking Procedure Types of Health Checks Configuring Health ChecksTimers and Counters You can disable health checks for a server group Page Showing Traffic Statistics Monitoring the Switch1Statistics Display Commands Displays packet-level counters for 2Configuration Display Commands Showing Configuration DetailsConfiguration Displays SummitPx128 # show server details Status DisplaysColumn Description Show health Information5Management and Troubleshooting Commands Managing and Troubleshooting OperationCommandDescription Esrp IndexHttp GET AUX Page Index of Commands
Top Page Image Contents