I have been testing with a Cisco CSS using SSL session ID for balancing, and have yet to experience the problem described below. As best I can tell, it works ok with IE5.5 & Netscape 4.5. Are there known problems with using SSL session ID for stickiness? thanks, Brian Burke [EMAIL PROTECTED] Frumious Bandersnatch wrote: > I'm having trouble with load-balancing on a cisco content switch. > > The details are that I've got two servers running Apache 1.3.19 / > mod_ssl/2.8.1 OpenSSL/0.9.6 and a cisco 11155 content switch (formerly > known as an Arrowpoint) set up to load balance between them, and I'm > browsing with MS Internet Explorer 5.5 > > I've got the switch set to use cookie-based balancing for HTTP. This > works great. > > The switch is set to use the SSL session ID for HTTPS balancing. This > doesn't work so well. Most of the time it works, but every once in a > while, I get moved to the other server and my application breaks (since > the state data is on the first server). Watching the logs and the switch > itself confirms that I'm bouncing between them. > > I reported the problem to Cisco, and they suggested updating to a recent > version of Apache, claiming that older versions regenerated the session > ID too often and upgrading would fix this, but it seems that I've got > fairly current versions and none of the mod_ssl changelogs mention this > where I could find it. Perhaps they meant apache-ssl instead (I'm still > trying to clarify this with them). > > While doing google searches to research the problem, I found a similar > problem reported that laid the blame on IE 5 (which I'm also using), > claiming that it resets the SSL connection every 90 seconds as part of > an attempt to make IIS show up better in benchmarks. > > Does anyone have any idea what's really going on, or if either of the > above statements are true? > > I'm using a fairly standard httpd.conf file, but I set SSLProtocol to > +SSLv3 since the load balancer only supports that version. The > ssl-unclean-shutdown and downgrade-1.0 settings for MSIE are still at > their default values. > > -- [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
