EasyManuals Logo

Cisco 11503 - CSS Content Services Switch Configuration Guide

Cisco 11503 - CSS Content Services Switch
250 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #136 background imageLoading...
Page #136 background image
Chapter 4 Configuring SSL Termination
Configuring a Content Rule for SSL Termination
4-54
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
When you activate a content rule with a configured SSL service, the CSS verifies
that there is a VIP address and port match. If a match is not found, the CSS logs
the following error message and does not activate the content rule.
Not all content VIP:Port combinations are configured in an
ssl-proxy-list for sslAccel type of service
Verify the configured VIP addresses used in the content rule and SSL proxy list,
and modify as necessary.
When a CSS uses two or more SSL modules, Cisco Systems recommends that you
use stickiness based on SSL version 3 session ID for a Layer 5 content rule. For
a virtual SSL server rule, specify the following:
Enable the content rule to be sticky based on SSL using the
advanced-balance ssl command.
Specify the SSL application type using the application ssl command.
The Layer 5 SSL sticky content rule ensures SSL session ID reuse to eliminate the
rehandshake process (which speeds up the SSL negotiation process) and to
increase overall performance.
Note If the 32K sticky table becomes full (which means that 32K simultaneous users
are on the site) the table wraps and the first users in the table become “unstuck.”
This may be due to a combination of number of flows and the duration of the
sticky period, which can quickly use up the available space in the sticky table.
This problem can typically occur in a CSS that contains multiple SSL modules.
An SCM with 288M memory module can support a 128K sticky table.
Note If you specify the sticky-inact-timeout command for a Layer 5 content rule using
SSL sticky, the SSL sessions continue even if the sticky table is full. However, the
CSS does not maintain stickiness on the new sessions.

Table of Contents

Other manuals for Cisco 11503 - CSS Content Services Switch

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 11503 - CSS Content Services Switch and is the answer not in the manual?

Cisco 11503 - CSS Content Services Switch Specifications

General IconGeneral
BrandCisco
Model11503 - CSS Content Services Switch
CategorySwitch
LanguageEnglish

Related product manuals